Hello, I need your help. I need feeds for domain classification and another feed for phishing, to determine whether domains have been compromised or not. What do you recommend for Cortex XSOAR #
Server configurations such as additional headers are required. Is it possible to configure directly in a configuration file through the console?
We are having an error in the ForwardAuditLogsToSplunkHEC: Reason: Failed to execute BaseScript. Error: string indices must be integers. We have a job sending the logs from XSOAR to Splunk, and suddenly has stopped working. As the script is part of the XSOAR default one. Please help resolve this.
I have a playbook that needs feedback from outside. To set some context, let's say that the playbook generates a UUID a5de4f06-2941-4e26-975e-5e6cb316916d and informs a user that they need to go to https://example.com/a5de4f06-2941-4e26-975e-5e6cb316916d. Over there they have some things to set and the backend of https://example.com is ready to ...
Hi, I'd like to install Rad Hat patches on the XSOAR server. Is it possible, or is there a risk? Many thanks, Paz
Hello all, I have recently come across a use case that requires me to hide incidents from the Tier 1 Team during escalation in order that it can be free to be assigned to a Tier 2 analyst. Is there a way to hide an incident based on an incident field being true, through a script or some kind of built - in function? I don't want to hide tabs or ...
We were recently having use case for a SIEM integration with cortex XSOAR. We have an on-premise LogRhythm SIEM server which we need to integrate with our Cortex XSOAR. I have gone through the official XSOAR documentation for the integration but it wasn't of much help. Has anyone done the integration and made any playbooks? Kindly share the ...
I am attempting to create an email from an HTML template but am receiving an error stating "Item not found (8) on list..." followed my the HTML contents of my saved list. I am sure it is looking for the key attribute that is required for the script, however I am not sure what it is asking for. Based on docs, the key argument is the "The context ...
Hi community, Can anyone provide python scripts that automate the most common 3-4 SOC use cases + any non security use case that could be automated
Hi Team, We planned to integrate the IOC push from Cortex XSOAR to other tools, for example, Palo Alto firewalls, other firewalls, SIEM tools, and XDR tools. Is this possible? If so, could you please share any documentation or guidance?
Hello everybody, I have a question regarding HTML fields in XSOAR. So I have a Python script to get data from a table but I'm wondering how do I configure an HTML field so that the data my script returns is displayed in an HTML format? I tried connecting the HTML field to the script but haven't had any luck getting the data to display. Thanks ...
Hi all!, I'm having issues trying to update the incident.Hostnames field. What I want to do: I'm receiving an alert which involve different hostnamed, for the sake of simplicity and to track easier the incidents we want to add the hostnames to the incidentHostnames field: As it is an array there shouldn't be any issue but when we perform....
**This question was asked during Part 1 of the webinar series: Indicator Management. You may review the recording here If we are using Bolt database and an indicator is expired and has a last seen date of September 1, 2023 - does that mean it exists in the September Bolt database file? If we call the indicator command and the last seen date i...
Estimados tengo implementado un playbook en Xsoar que usa varias fuentes de enriquecimiento y se ha identificado que Barracuda esta identificando como IP maliciosa, IPs de redes solciales como facebook, instagram, whatssap, etc y otras publicas de la empresa donde laboro que al realizar las revisiones manuales no veo estas IPs como maliciosa, en...
Hi All, It seems like I can't find anything about HA setup for the community version. I wanted to try out to do a HA setup (Active/Passive) in the community version before proceeding to the enterprise version. Appreciate all the help from all.
