This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

We are having an error in the ForwardAuditLogsToSplunkHEC: Reason: Failed to execute BaseScript. Error: string indices must be integers

We are having an error in the ForwardAuditLogsToSplunkHEC: Reason: Failed to execute BaseScript. Error: string indices must be integers. We have a job sending the logs from XSOAR to Splunk, and suddenly has stopped working. As the script is part of the XSOAR default one. Please help resolve this.

Resolved! How to send via HTTP to the XSOAR data to be injected in a playbook?

I have a playbook that needs feedback from outside. To set some context, let's say that the playbook generates a UUID a5de4f06-2941-4e26-975e-5e6cb316916d and informs a user that they need to go to https://example.com/a5de4f06-2941-4e26-975e-5e6cb316916d. Over there they have some things to set and the backend of https://example.com is ready to ...

Hiding Incident Types from Specific Role

Hello all, I have recently come across a use case that requires me to hide incidents from the Tier 1 Team during escalation in order that it can be free to be assigned to a Tier 2 analyst. Is there a way to hide an incident based on an incident field being true, through a script or some kind of built - in function? I don't want to hide tabs or ...

Cortex XSOAR integration with Logrhythm SIEM

We were recently having use case for a SIEM integration with cortex XSOAR. We have an on-premise LogRhythm SIEM server which we need to integrate with our Cortex XSOAR. I have gone through the official XSOAR documentation for the integration but it wasn't of much help. Has anyone done the integration and made any playbooks? Kindly share the ...

XSOAR CreateEmailHtmlBody Error

I am attempting to create an email from an HTML template but am receiving an error stating "Item not found (8) on list..." followed my the HTML contents of my saved list. I am sure it is looking for the key attribute that is required for the script, however I am not sure what it is asking for. Based on docs, the key argument is the "The context ...

Python Scripts

Hi community, Can anyone provide python scripts that automate the most common 3-4 SOC use cases + any non security use case that could be automated

regish by L0 Member
  • 1188 Views
  • 1 replies
  • 0 Likes

Cortex XSOAR queries

Hi Team, We planned to integrate the IOC push from Cortex XSOAR to other tools, for example, Palo Alto firewalls, other firewalls, SIEM tools, and XDR tools. Is this possible? If so, could you please share any documentation or guidance?

HTML field

Hello everybody, I have a question regarding HTML fields in XSOAR. So I have a Python script to get data from a table but I'm wondering how do I configure an HTML field so that the data my script returns is displayed in an HTML format? I tried connecting the HTML field to the script but haven't had any luck getting the data to display. Thanks ...

mof2024 by L0 Member
  • 1396 Views
  • 1 replies
  • 0 Likes

Resolved! Can't Append strings into incident.Hostnames

Hi all!, I'm having issues trying to update the incident.Hostnames field. What I want to do: I'm receiving an alert which involve different hostnamed, for the sake of simplicity and to track easier the incidents we want to add the hostnames to the incidentHostnames field: As it is an array there shouldn't be any issue but when we perform....

FOtero_0-1706113371425.png
FOtero_1-1706113684985.png
FOtero_2-1706113857656.png
FOtero_3-1706113963629.png
F.Otero by L1 Bithead
  • 2159 Views
  • 2 replies
  • 0 Likes

Resolved! XSOAR Indicator Management webinar: Expired indicator and Bolt Database

**This question was asked during Part 1 of the webinar series: Indicator Management. You may review the recording here If we are using Bolt database and an indicator is expired and has a last seen date of September 1, 2023 - does that mean it exists in the September Bolt database file? If we call the indicator command and the last seen date i...

rtsedaka by L6 Presenter
  • 1991 Views
  • 1 replies
  • 0 Likes

IPs en lista Barracuda Reputation Block List (BRBL)

Estimados tengo implementado un playbook en Xsoar que usa varias fuentes de enriquecimiento y se ha identificado que Barracuda esta identificando como IP maliciosa, IPs de redes solciales como facebook, instagram, whatssap, etc y otras publicas de la empresa donde laboro que al realizar las revisiones manuales no veo estas IPs como maliciosa, en...

ISOC_PNP by L0 Member
  • 1784 Views
  • 1 replies
  • 0 Likes

HA Setup for community version

Hi All, It seems like I can't find anything about HA setup for the community version. I wanted to try out to do a HA setup (Active/Passive) in the community version before proceeding to the enterprise version. Appreciate all the help from all.

Resolved! automation scripts

Cortex XSOAR Hi community, Can I get a few sample automation scripts in Python implementing any use cases or achieving any useful task via XSOAR. Any links to such a resource

regish by L0 Member
  • 2118 Views
  • 1 replies
  • 0 Likes

Automation in Python using parallel processing

#Cortex XSOAR Hi, Is there a way of creating parallel processing inside an automation in Python ? My goal is to execute the same function on multiple incidents (pausing and/or starting timers). The thing is, sometimes we have a lot of incidents and the current automation using a mere "for x in y" can timeout. Obviously we could increase the t...

sdes by L0 Member
  • 2678 Views
  • 2 replies
  • 0 Likes
  • 1300 Posts
  • 45 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks