This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Data Entry (Data collection) Issue after XSOAR 8.5 update

After the XSOAR 8.5 update, our playbook data collection tasks are having data entry issues via the keyboard. The user can enter the first character, but each successive characters needs to be "double-striked" (hit twice) to be recognized. This is across the board in all playbooks. Are other having this issue with XSOAR 8.5 SaaS ?

DBruce by L0 Member
  • 1306 Views
  • 1 replies
  • 0 Likes

Resolved! ThreatConnect's reputation commands does not return correct results when no indicator found

Hi all, I am not sure if this is a bug in ThreatConnect pack since its reputation commands does not return correct results when it could not find the indicator. The correct behavior should be https://xsoar.pan.dev/docs/integrations/dbot#unknown. Since it does not return correct results in those cases, we have no idea if the command has ever ru...

TPhan_0-1708785626717.png
TPhan by L0 Member
  • 1563 Views
  • 1 replies
  • 0 Likes

Using the Customer Service Management ServiceNow Plugin with Cortex XSOAR

Hello all, I wanted to share the following procedure I worked through to use the existing XSOAR ServiceNow V2 Integration with the Customer Service Management plugin for ServiceNow. This topic came up during a customer engagement and I was able to work up the below steps to use the create/update/get/delete record commands in the existing integ...

image.png

Resolved! Incident Tables in Custom Layouts

I have a custom layout containing an Linked Incidents table panel. I've edited this layout/table to present specific incident fields (columns) in a defined order. First, I've noticed this does not always show changes to these columns when editing the layout. For example, adding the Action field, and moving it up between two other values - this d...

Resolved! Dynamic user input

Hi, I was asked to display a dropdown with each element representing a script. A button next to the dropdown would execute the selected script. Each script requires different user input. Is there a way to ask the user for input based on what element they have selected? I can't create a button per script as the list will be dynamic. Thanks in...

Automate Reported Phishing Email Attachments to CrowdStrike Falcon Sandbox w/ XSOAR

I was wondering how to create a playbook so when a user reports an email as phishing, to somehow have it automatically upload to the CrowdStrike Falcon Sandbox for further analysis - Basically anytime a phishing email with an attachment is submitted to our company report phishing email inbox, to pull it from Abnormal Email Security, then send it...

passat2k by L0 Member
  • 3919 Views
  • 3 replies
  • 0 Likes

Connecting Cortex XSOAR to Internal Cloud Hosted Panorama for Prisma Access Integration

I'm seeking assistance on securely establishing an SSH connection from Cortex XSOAR to Panorama as part of the integration Prisma Access with XSOAR. This integration aims to execute CLI commands on Panorama, which is hosted within Azure (internally). To ensure security and avoid exposing Panorama to the internet, I'm looking for best practices o...

Wassif by L1 Bithead
  • 1599 Views
  • 1 replies
  • 1 Likes

Resolved! Looping A Sub-Playbook

Require some suggestions. I am trying to loop a sub-playbook. If the exit condition is met, everything is okay. However, if max number of iterations are reached the playbook throws and error that waiting for manual input and fails. Anyone has any idea if I am missing something #loopaplaybook

Resolved! Cortex XSOAR SSH Outbound Connection IP issue

Hello, I'm working on configuring SSH connections from Cortex XSOAR to our internal Azure-based system. To ensure secure and uninterrupted connectivity, I need to whitelist the IP address used by Cortex XSOAR for these outbound connections in our firewalls. Could you provide the IP ranges or specific IP addresses used by Cortex XSOAR for outboun...

Wassif by L1 Bithead
  • 1897 Views
  • 1 replies
  • 0 Likes

Reopen XSOAR Incidents Bulk in XSOAR

Hello all, I need to reopen a large amount of incidents on Xsoar. Can anyone suggest how I can do this? I have tried to run both the built-in command and the automation to reopen from the run command button with the bulk incidents selected but to no avail. Many thanks, MR Cortex XSOAR

Get Specific List from /lists Endpoint (XSOAR API)

Hello, When Im sending GET request to https://myxsoar/lists. Im getting list of all XSOAR lists, there is anyway to get Specific list? I tried: https://myxsoar/lists/test_list but it doesn't work. I didn't find on the documentations anything about this endpoint. Any idea how or if I can do it? (Can run over the response list and search for spe...

BHalifa by L1 Bithead
  • 1151 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR - EmailAskUserResponse

Hi I am new to XSOAR. I am trying to configure sending email to user and capturing their response via email. I used the script named ‘EmailAskUser’ to send email and then I am trying to capture the response using ‘EmailAskUserResponse’. However, it says item not found. The ‘responsentryid’ is mentioned of Task EmailAskUser. Share suggestions ...

Resolved! Help with feeds

Hello, I need your help. I need feeds for domain classification and another feed for phishing, to determine whether domains have been compromised or not. What do you recommend for Cortex XSOAR #

tlmarques by L4 Transporter
  • 1806 Views
  • 1 replies
  • 0 Likes
  • 1300 Posts
  • 45 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks