Cortex XSOAR Discussions

Bulk Changing Incident Status from Pending to Active

I have created an integration that produces many alerts and I have a few thousand incidents that are currently in the Pending state. The plabyook has yet to run etc. What I would like to is select the incidents from the "Incident" page and change the

...

Why is the severity became "unknown"?

Hello All,

I have a question, i have mapped an incident from qradar with the playbook i've created.

At first it's worked, the incident severity was "high". but later until now, the severity become "unknown".

What is the main cause of this issue?

Tha

...

Getting data from multiple incident contexts?

Hi!

I want to extract specific key data from context of multiple incidents. The context key I'm looking for is not under "incident". Specifically, I have many incidents of type "Phishing" and want to output the contents of "Recipient Selection.Answ

...

Resolved! XSOAR 8 API - Attachment upload with entryID

The code below, creates an incident with attachment uploaded but in the incident itself, when I see the context, I dont see any file.

Since there is no entryID for the file, I cannot read the attachment and also cannot run the playbooks.

Any ch

...

Cortex XSOAR

Morning everyone,

I hope that you are doing well

I have a little problem. We have implemented the XSOAR in our customer environment and configure th EWS O365 content pack for phishing attacks but since we do not have a case, we cannot show to the

...

Ingest Taxii feed into XSOAR 6.12

Hi,

I am trying to ingest our taxii feed into XSOAR 6.12 with following steps:

installed XSOAR 6.12 on ubuntu 22.0.4 LTS
launched the web portal, and installed TAXII Feed (1.x) pack from marketplace
Ingest feed using "Integration Instance Settings"
- T

...

Resolved! Only few fetched data example in classification & mapping

Hello All,

I have a question, i have integrate qradar into xsoar, but why only 2 fetched data shown in the classification & mapping?

Is there any configuration should i modify ?

Thank You

Resolved! Reruning playbook and preventing communication tasks from being rerun

Hello All,

I have been working on the XSOAR Platform for a long time and there is something which I haven't been able to find a solution for.

I would like to rerun a playbook for multiple incidents and I use the !setPlaybook to do this. I do this af

...

Alternate Layouts based on IF statement

Is there a way to select alternate layouts in a case based on an if-statement?

new host does not appear in the ACCOUNT MANAGEMENT

Hi!
I'm installing XSOAR multi tenant environment. Currently its a Community edition for POC.
Installed main host and tenant host as per documentation. Both Ubuntu 22.04
I am unable to connect tenant host to main host.
Settings - account management - new

...

XSOAR remain open when an incident has been closed

Why does the browser window in XSOAR remain open when an incident has been closed? Is there a way to automatically go back to all incidents? e.g. to https://xsoar.dev/#/incidents

Did not get the expected value from test (85) issue with Remedy Integration

-

Hi,

While doing the customized Remedy integration test, getting-"Did not get the expected value from test (85)" but able to fetch the incident status via "remedy-incident-get incidentID", OAuth test successful via "remedy-auth-test" in playground t

...

Resolved! Dynamic Section using Context

I was wondering how we can add splunk results into Incident layout. Possibly a CSV file or markdown.

We use splunk to search our email logs to see other recipients who got phishing email. Wanted to display that in the Incident layout.

Any advise

...

Getting null in output

Hi,

I am using a splunk search automation and passing a query in input and I am getting appropriate result without any null value. So I have added a new task after that to convert the output in csv, I am using Exporttocsv automation, but here the i

...

Qradar Integration

Hi ,
Is there a way to make the the system pull incidents more often ,
now it takes about 3 min since the offense first appears in the Qradar until it appears in the Demisto.

Cortex XSOAR Discussions

Discussions

Bulk Changing Incident Status from Pending to Active

Why is the severity became "unknown"?

Getting data from multiple incident contexts?

Resolved! XSOAR 8 API - Attachment upload with entryID

Cortex XSOAR

Ingest Taxii feed into XSOAR 6.12

Resolved! Only few fetched data example in classification & mapping

Resolved! Reruning playbook and preventing communication tasks from being rerun

Alternate Layouts based on IF statement

new host does not appear in the ACCOUNT MANAGEMENT

XSOAR remain open when an incident has been closed

Did not get the expected value from test (85) issue with Remedy Integration

Resolved! Dynamic Section using Context

Getting null in output

Qradar Integration

A Few Quick Questions About the Community Edition

How to work on File Content collected from Azure blob in Playbook

Powershell Modules in Xsoar Cloud

Azure Active Directory users - Incorrect padding

XSOAR 8 + Export Data to On-premise for Retention Compliance

Re: XSOAR - Transform Language

How can i trigger playbook once Indicator has beed added?

Re: How to work on File Content collected from Azure blob in Playbook

Re: How to work on File Content collected from Azure blob in Playbook

Re: Powershell Modules in Xsoar Cloud

Unlock your full community experience!

Cortex XSOAR Discussions

Resolved! XSOAR 8 API - Attachment upload with entryID

Resolved! Only few fetched data example in classification & mapping

Resolved! Reruning playbook and preventing communication tasks from being rerun

Resolved! Dynamic Section using Context