This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

playbook user investigation - generic

hello everyone, I was reviewing the user investigation - generic playbook for a bit, I would like to have your support by explaining to me what types of uses this playbook could be applied to and if anyone of you already has it implemented. Thank you all

Resolved! Integration Office 365: Get mail reported by user

Hi, one question about O365 integration. Maybe it's a O365 question, not a XSOAR one, but I'd like to know if I can do it with XSOAR. I have an alert "Email reported by user as malware or phish" from Microsoft Graph Identity and Access integration. I have this data from the alert: [{"aadUserId":null,"accountName":"xxxx.yyyy","domainName":"xxxx...

MTubia by L1 Bithead
  • 4957 Views
  • 5 replies
  • 0 Likes

Trigger action each time an answer is received on data collection task

Hi everyone, I am trying to achieve the following scenario: Send a form with data collection task, the form is closed after 4 weeks. The form asks for a hostname to contain within CrowdStrike Every time someone answers the form, I want to contain the machine in CrowdStrike. However, the task is in "waiting" mode in XSOAR. I am not sure how t...

Resolved! Can I test Playbooks with CLI?

Hi everyone, I'd like to know if it's possible to test Playbooks via the command line interface or something similar. Currently, I always use the GUI for testing purposes, loading an incident from the debugger panel and just clicking to run. However, sometimes, the GUI is too slow, especially when the playbook has a lot of "boxes" to render. Gen...

Nested variables in XSOAR ? Interpolation?

I would like to use a Context key Value as a variable in a task, is this possible, or how are people accomplishing this in XSOAR? Do i need to create a custom script? I saw someone else mention they were able to do something similar with Lists, but I am not sure how that would work. For Example: ContexKey1 : ContextKey2.Key ContextKey2.Ke...

kbratt by L1 Bithead
  • 2066 Views
  • 2 replies
  • 0 Likes

XSOAR Playbook SQL Query

hello everyone ! I'm new to XSOAR, I hope you'll be patient with me. I have created a small job in which I execute a SELECT type SQL query, the result is a series of records. Here I have some doubts:- How can I map the result of each record in each field of type "Output"? My goal is to add a new task which executes some conditionals based on t...

XSOAR Execute query SQL

Hello !! I have created an automation to execute a SQL query (SELECT), however additional fields appear in the result ("module name", "brand", etc). How can I remove these fields? My intention is to email the result of the SELECT query only the fields that are within the query. Thank you

Problem to whitelist internal domains and IP's

Need help, as in Cortex XSOAR , I'm having issues adding my domains and internal networks to a whitelistIn the settings, I have two options for this, but I can't edit them. Anyone else experiencing the same issue? My objective was to insert and exclude internal domains and IPs from external feed analysis.

tlmarques_0-1706787040765.png
tlmarques by L4 Transporter
  • 3681 Views
  • 8 replies
  • 0 Likes

How can I get the scores of the indicators I extract with commands?

Greetings to everyone, With the help of an automation, I extract indicators from incoming incidents. I do this by running commands that createNewIndicator and then enrichIndicator. But these are not written to the context. I need to write them to the context, find out if it is Malicious or Suspicious and send it as an email. When I search with t...

Mutli-Tenant - Playbook Sync

Hello, Do I have to select everything individually when syncing content from main tenant to child tenants?For example,I will sync the playbook, I cannot see the indicent fields used in the playbook. I have to select them one by one.How can I make it sync the dependencies in the playbook while syncing the just playbook instead?

Data Entry (Data collection) Issue after XSOAR 8.5 update

After the XSOAR 8.5 update, our playbook data collection tasks are having data entry issues via the keyboard. The user can enter the first character, but each successive characters needs to be "double-striked" (hit twice) to be recognized. This is across the board in all playbooks. Are other having this issue with XSOAR 8.5 SaaS ?

DBruce by L0 Member
  • 1273 Views
  • 1 replies
  • 0 Likes

Resolved! ThreatConnect's reputation commands does not return correct results when no indicator found

Hi all, I am not sure if this is a bug in ThreatConnect pack since its reputation commands does not return correct results when it could not find the indicator. The correct behavior should be https://xsoar.pan.dev/docs/integrations/dbot#unknown. Since it does not return correct results in those cases, we have no idea if the command has ever ru...

TPhan_0-1708785626717.png
TPhan by L0 Member
  • 1509 Views
  • 1 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks