Cortex XSOAR Playbook and Automation permission

Hi,
I would like to ask for help on how to be able to implement within XSOAR the ability to determine which playbooks and automation can be executed or viewed by the user via the command line (by typing !) while still having the ability for the same u

Creating a custom incident summary report

How can I create a customised incident summary report with tables, merged cells etc我? And then populated with incident fields information?

Cortex XSOAR support for RHEL 8.9 version

Hi All, 

We were reviewing the prerequisites document for Cortex XSOAR installation from the below link

https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.11/Cortex-XSOAR-Administrator-Guide/System-Requirements 

We couldn't find whether XSOAR is

How to get the execution context of an automation

There are many ways to trigger an automation, by field display actions, field change actions, a task of playbook or CLI. I want to know how my automation is being triggered. Is there any way to grab that info when an automation is triggered?

GetIndicatorsByQuery command

Hi all,

Does anyone knows how to retrieve the firstSeen/creation date of an indicator using the GetIndicatorsByQuery command?

These are the only fields I know that can be returned so far but none of them is the firstSeen/creationDate of the indic

XSOAR + Threat Intelligence

Hi, All!

I am working on integrating more threat intelligence into our XSOAR platform. Our latest efforts have been integrating other free sources of IOCs (AlienVault, Abuse.ch, etc...) and then we are going to work that into playbooks to create lo

User Restriction and permission

Hi,

using XSOAR I came across some issues related to user permissions and audit logs to have an account of the various activities performed on the platform:

- Is it possible to restrict user permission to execute scripts/commands only via field chang

XSOAR - Error in XDR Automation

Hi,

When i am trying to execute the automation xdr-get-incident-extra-data (Cortex XDR - IR) in playbook, i am getting an error as shown in the screenshot below. What could be the reason? Kindly help,

Thanks,

Nithin

Pulling Calendar Invites from Inbox - EWS O365 Integration

We are using the EWS O365 integration to monitor an Exchange Online inbox. Any emails that hit the inbox get an incident created, and a Playbook handles things from there. This is working just fine but the problem I'm having is that it is ignoring ca

How to send command (like !send-mail) between two tenants?

Hi all,I have two tenants. One of them is called A and one is called B. I have Mail integration on tenant B. How can I run "!send-mail to= example[@]example[.]com subject=Hello body=Hello body" from tenant A to tenant B? Is it done with demisto.inter

xdr-get-incident command date time dispute

Hello everyone,

I have a script that need to get incidents from server. 

MITRE ATT&CK Framework

Hi , 
Is there a way to automate the process of mapping every incident to its MITRE Technique ,
or it should be manual for every incident ?