This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Using the Customer Service Management ServiceNow Plugin with Cortex XSOAR

Hello all, I wanted to share the following procedure I worked through to use the existing XSOAR ServiceNow V2 Integration with the Customer Service Management plugin for ServiceNow. This topic came up during a customer engagement and I was able to work up the below steps to use the create/update/get/delete record commands in the existing integ...

image.png

Resolved! Incident Tables in Custom Layouts

I have a custom layout containing an Linked Incidents table panel. I've edited this layout/table to present specific incident fields (columns) in a defined order. First, I've noticed this does not always show changes to these columns when editing the layout. For example, adding the Action field, and moving it up between two other values - this d...

Resolved! Dynamic user input

Hi, I was asked to display a dropdown with each element representing a script. A button next to the dropdown would execute the selected script. Each script requires different user input. Is there a way to ask the user for input based on what element they have selected? I can't create a button per script as the list will be dynamic. Thanks in...

Automate Reported Phishing Email Attachments to CrowdStrike Falcon Sandbox w/ XSOAR

I was wondering how to create a playbook so when a user reports an email as phishing, to somehow have it automatically upload to the CrowdStrike Falcon Sandbox for further analysis - Basically anytime a phishing email with an attachment is submitted to our company report phishing email inbox, to pull it from Abnormal Email Security, then send it...

passat2k by L0 Member
  • 3738 Views
  • 3 replies
  • 0 Likes

Connecting Cortex XSOAR to Internal Cloud Hosted Panorama for Prisma Access Integration

I'm seeking assistance on securely establishing an SSH connection from Cortex XSOAR to Panorama as part of the integration Prisma Access with XSOAR. This integration aims to execute CLI commands on Panorama, which is hosted within Azure (internally). To ensure security and avoid exposing Panorama to the internet, I'm looking for best practices o...

Wassif by L1 Bithead
  • 1549 Views
  • 1 replies
  • 1 Likes

Resolved! Looping A Sub-Playbook

Require some suggestions. I am trying to loop a sub-playbook. If the exit condition is met, everything is okay. However, if max number of iterations are reached the playbook throws and error that waiting for manual input and fails. Anyone has any idea if I am missing something #loopaplaybook

Resolved! Cortex XSOAR SSH Outbound Connection IP issue

Hello, I'm working on configuring SSH connections from Cortex XSOAR to our internal Azure-based system. To ensure secure and uninterrupted connectivity, I need to whitelist the IP address used by Cortex XSOAR for these outbound connections in our firewalls. Could you provide the IP ranges or specific IP addresses used by Cortex XSOAR for outboun...

Wassif by L1 Bithead
  • 1868 Views
  • 1 replies
  • 0 Likes

Reopen XSOAR Incidents Bulk in XSOAR

Hello all, I need to reopen a large amount of incidents on Xsoar. Can anyone suggest how I can do this? I have tried to run both the built-in command and the automation to reopen from the run command button with the bulk incidents selected but to no avail. Many thanks, MR Cortex XSOAR

Get Specific List from /lists Endpoint (XSOAR API)

Hello, When Im sending GET request to https://myxsoar/lists. Im getting list of all XSOAR lists, there is anyway to get Specific list? I tried: https://myxsoar/lists/test_list but it doesn't work. I didn't find on the documentations anything about this endpoint. Any idea how or if I can do it? (Can run over the response list and search for spe...

BHalifa by L1 Bithead
  • 1120 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR - EmailAskUserResponse

Hi I am new to XSOAR. I am trying to configure sending email to user and capturing their response via email. I used the script named ‘EmailAskUser’ to send email and then I am trying to capture the response using ‘EmailAskUserResponse’. However, it says item not found. The ‘responsentryid’ is mentioned of Task EmailAskUser. Share suggestions ...

Resolved! Help with feeds

Hello, I need your help. I need feeds for domain classification and another feed for phishing, to determine whether domains have been compromised or not. What do you recommend for Cortex XSOAR #

tlmarques by L4 Transporter
  • 1759 Views
  • 1 replies
  • 0 Likes

We are having an error in the ForwardAuditLogsToSplunkHEC: Reason: Failed to execute BaseScript. Error: string indices must be integers

We are having an error in the ForwardAuditLogsToSplunkHEC: Reason: Failed to execute BaseScript. Error: string indices must be integers. We have a job sending the logs from XSOAR to Splunk, and suddenly has stopped working. As the script is part of the XSOAR default one. Please help resolve this.

Resolved! How to send via HTTP to the XSOAR data to be injected in a playbook?

I have a playbook that needs feedback from outside. To set some context, let's say that the playbook generates a UUID a5de4f06-2941-4e26-975e-5e6cb316916d and informs a user that they need to go to https://example.com/a5de4f06-2941-4e26-975e-5e6cb316916d. Over there they have some things to set and the backend of https://example.com is ready to ...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks