Hi, I'm integrating XSOAR with Cisco Ironport, after entering enough information, I get an error like above. Has anyone encountered this case?
Hello everyone
Recently I am developing playbooks for the management of possible security incidents.
Something that catches my attention is that, in case of errors throughout the playbook, I have established that the case is closed through the "C
...
Hi,
Sometime when I'm trying to uploading images in incident warroom, its not coming as link, and not able to view what's in the image. attaching screenshots for reference.
Thanks
Is it possible to disable local user login on tenants in xsoar. We want to allow local user login via main account only.
Hi, I am building the playbook, where I have one task that is searching for incidents using the query as in:
!SearchIncidentsV2 query="type:FireEye NX Alert and fireeyenxalertvictimip:11.11.11.11 or 134.122.90.162"
With a help of community members I wa
Hello, i get some problems during setup my splunk to xsoar:
The problem i get is xsoar take the notable event hash filed like it was a file hash and i didn't want it in my playbook.
Some of you has already face this issue ? do you have resolved it
...
I have been notified by my firewall team that the Cisco Umbrella API is being updated to version 2. I have tried updating the creds that I am using to this new version but with no luck. Has anyone else been having the same issues? The current version
...
Hi all,
I have two custom fields. Initially, these fields were added to the context data even if they are empty. Now, they don't get added at all. This code used to work demisto.incident()['customFields']['fieldhere'] to grab the custom fields, bu
Hi all,
I am creating an incident with script as following:
uri = f'/incident'
body = {
"name": incident_name,
"type": incident_type,
"createInvestigation": True,
#"rawJSON": json.dumps({'hello': 'test'})
}...
Hello,
I would like to use 'jq' Transformer as designed in a custom "Mapper", but it constantly says to me that error message, whatever I am testing :
===> "Result: Failed to execute jq. Error: the JSON object must be str, bytes or bytearray, not dict"
!gcb-list-detections alert_state="ALERTING" page_size="100" detection_for_all_versions="False" list_basis="CREATED_TIME" start_time="2023-07-17T14:52:46.000Z" end_time="2023-07-17T14:57:46.894Z" retry-count="2" retry-interval="30" is returning "Faile
...
I am writing to request support for migrating from the old playbook (Endpoint Malware Investigation - Generic) to the new playbook (Malware Investigation & Response Incident handler) and I have only the Standard Success support.
Additionally, I would
Hi, I am using SearchIncidentsV2 automation to loop through 2 IP addresses previously saved to IP incident key, to see if these IPs are showing in FireEye NX alerts. When I try to loop I receive empty foundIncidents key:
When I hardcode the
...
Hello everyone!
I am currently using the Elasticsearch integrations to retrieve events related to an incident or events for a specific report and generally have no issues with that. However, sometimes some "reports" have queries that retrieve +10k
...
Hi everyone,
This issue started to happen recently, I am not running anything on the main server and I didn't have any issues on that account so far . Syncing all the account however hangs the main server. I am considering either adding more resour
...
