Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

integration script timeout; how to increase timeout value

Support is turning me away because the question is regarding a custom integration; they suggested I post a question here.My issue is, i don't want to support troubelshoot the why the script is timing out, i just want to set the property to let it run for more than 300 seconds. Note if i re-run the script it works, it only fails sporadically.Err...

JoshBoyd by L2 Linker
  • 2010 Views
  • 1 replies
  • 0 Likes

Using RPA from Cortex XSOAR

Hello LC, I working on a unique deployment that requires the use of RPA to do a few actions that are not supported by API on the target systems. Has anyone successfully created an integration or similar for Crayon or other RPA systems? I can see that there are some existing integrations such as PAM360 but this is a system that is not in use in m...

Resolved! Where is the id_set.json file utilized?

The purpose of id_set.json is defined here https://xsoar.pan.dev/docs/documentation/pack-docs#how-do-you-find-pack-dependencies. So it's kind of like package-lock.json in NodeJS. However, where do we need to use it? I can only see it's being used in `demisto-sdk validate`.

TPhan by L0 Member
  • 1495 Views
  • 1 replies
  • 0 Likes

Playbook condition data input

Hi Team ,we've created a playbook condition in which if the risk is greater than zero, the IP should be added to the list created below, otherwise ., it should be added to another list . The input are in an array . How can i make them into single elements ....? please find the attachment

playbook user investigation - generic

hello everyone, I was reviewing the user investigation - generic playbook for a bit, I would like to have your support by explaining to me what types of uses this playbook could be applied to and if anyone of you already has it implemented. Thank you all

Resolved! Integration Office 365: Get mail reported by user

Hi, one question about O365 integration. Maybe it's a O365 question, not a XSOAR one, but I'd like to know if I can do it with XSOAR. I have an alert "Email reported by user as malware or phish" from Microsoft Graph Identity and Access integration. I have this data from the alert: [{"aadUserId":null,"accountName":"xxxx.yyyy","domainName":"xxxx...

MTubia by L1 Bithead
  • 5213 Views
  • 5 replies
  • 0 Likes

Trigger action each time an answer is received on data collection task

Hi everyone, I am trying to achieve the following scenario: Send a form with data collection task, the form is closed after 4 weeks. The form asks for a hostname to contain within CrowdStrike Every time someone answers the form, I want to contain the machine in CrowdStrike. However, the task is in "waiting" mode in XSOAR. I am not sure how t...

Resolved! Can I test Playbooks with CLI?

Hi everyone, I'd like to know if it's possible to test Playbooks via the command line interface or something similar. Currently, I always use the GUI for testing purposes, loading an incident from the debugger panel and just clicking to run. However, sometimes, the GUI is too slow, especially when the playbook has a lot of "boxes" to render. Gen...

Nested variables in XSOAR ? Interpolation?

I would like to use a Context key Value as a variable in a task, is this possible, or how are people accomplishing this in XSOAR? Do i need to create a custom script? I saw someone else mention they were able to do something similar with Lists, but I am not sure how that would work. For Example: ContexKey1 : ContextKey2.Key ContextKey2.Ke...

kbratt by L1 Bithead
  • 2281 Views
  • 2 replies
  • 0 Likes

XSOAR Playbook SQL Query

hello everyone ! I'm new to XSOAR, I hope you'll be patient with me. I have created a small job in which I execute a SELECT type SQL query, the result is a series of records. Here I have some doubts:- How can I map the result of each record in each field of type "Output"? My goal is to add a new task which executes some conditionals based on t...

XSOAR Execute query SQL

Hello !! I have created an automation to execute a SQL query (SELECT), however additional fields appear in the result ("module name", "brand", etc). How can I remove these fields? My intention is to email the result of the SELECT query only the fields that are within the query. Thank you

  • 1304 Posts
  • 45 Subscriptions