Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Why is the severity became "unknown"?

Hello All,

 

I have a question, i have mapped an incident from qradar with the playbook i've created.

At first it's worked, the incident severity was "high". but later until now, the severity become "unknown".

What is the main cause of this issue?

Tha

...

awarman by L0 Member
  • 1312 Views
  • 2 replies
  • 0 Likes

Getting data from multiple incident contexts?

Hi!

 

I want to extract specific key data from context of multiple incidents. The context key I'm looking for is not under "incident". Specifically, I have many incidents of type "Phishing" and want to output the contents of "Recipient Selection.Answ

...

Antanas by L2 Linker
  • 1431 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR 8 API - Attachment upload with entryID

The code below, creates an incident with attachment uploaded but in the incident itself, when I see the context, I dont see any file. 

Since there is no entryID for the file, I cannot read the attachment and also cannot run the playbooks. 

 

 

Any ch

...

Cortex XSOAR

Morning everyone,

 

I hope that you are doing well

 

I have a little problem. We have implemented the XSOAR in our customer environment and configure th EWS O365 content pack for phishing attacks but since we do not have a case, we cannot show to the

...

Ingest Taxii feed into XSOAR 6.12

Hi,

 

I am trying to ingest our taxii feed into XSOAR 6.12 with following steps:

  • installed XSOAR 6.12 on ubuntu 22.0.4 LTS
  • launched the web portal, and installed TAXII Feed (1.x) pack from marketplace
  • Ingest feed using "Integration Instance Settings"
    • T
...

TonyZhu by L2 Linker
  • 4811 Views
  • 16 replies
  • 0 Likes

Resolved! Dynamic Section using Context

I was wondering how we can add splunk results into Incident layout. Possibly a CSV file or markdown.

 

We use splunk to search our email logs to see other recipients who got phishing email. Wanted to display that in the Incident layout.

 

Any advise

...

Getting null in output

Hi,

 

I am using a splunk search automation and passing a query in input and I am getting appropriate result without any null value. So I have added a new task after that to convert the output in csv, I am using Exporttocsv automation, but here the i

...

Himangi_1-1698821557749.png
Himangi_0-1698821510351.png
Himangi by L2 Linker
  • 1166 Views
  • 2 replies
  • 0 Likes

Qradar Integration

Hi , 
Is there a way to make the the system pull incidents more often , 
now it takes about 3 min since the offense first appears in the Qradar until it appears in the Demisto.

  • 1216 Posts
  • 42 Subscriptions
Top Solution Authors
Top Liked Authors