Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Get Specific List from /lists Endpoint (XSOAR API)

Hello, When Im sending GET request to https://myxsoar/lists. Im getting list of all XSOAR lists, there is anyway to get Specific list? I tried: https://myxsoar/lists/test_list but it doesn't work. I didn't find on the documentations anything about this endpoint. Any idea how or if I can do it? (Can run over the response list and search for spe...

BHalifa by L1 Bithead
  • 1196 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR - EmailAskUserResponse

Hi I am new to XSOAR. I am trying to configure sending email to user and capturing their response via email. I used the script named ‘EmailAskUser’ to send email and then I am trying to capture the response using ‘EmailAskUserResponse’. However, it says item not found. The ‘responsentryid’ is mentioned of Task EmailAskUser. Share suggestions ...

Resolved! Help with feeds

Hello, I need your help. I need feeds for domain classification and another feed for phishing, to determine whether domains have been compromised or not. What do you recommend for Cortex XSOAR #

tlmarques by L4 Transporter
  • 1869 Views
  • 1 replies
  • 0 Likes

We are having an error in the ForwardAuditLogsToSplunkHEC: Reason: Failed to execute BaseScript. Error: string indices must be integers

We are having an error in the ForwardAuditLogsToSplunkHEC: Reason: Failed to execute BaseScript. Error: string indices must be integers. We have a job sending the logs from XSOAR to Splunk, and suddenly has stopped working. As the script is part of the XSOAR default one. Please help resolve this.

Resolved! How to send via HTTP to the XSOAR data to be injected in a playbook?

I have a playbook that needs feedback from outside. To set some context, let's say that the playbook generates a UUID a5de4f06-2941-4e26-975e-5e6cb316916d and informs a user that they need to go to https://example.com/a5de4f06-2941-4e26-975e-5e6cb316916d. Over there they have some things to set and the backend of https://example.com is ready to ...

Hiding Incident Types from Specific Role

Hello all, I have recently come across a use case that requires me to hide incidents from the Tier 1 Team during escalation in order that it can be free to be assigned to a Tier 2 analyst. Is there a way to hide an incident based on an incident field being true, through a script or some kind of built - in function? I don't want to hide tabs or ...

Cortex XSOAR integration with Logrhythm SIEM

We were recently having use case for a SIEM integration with cortex XSOAR. We have an on-premise LogRhythm SIEM server which we need to integrate with our Cortex XSOAR. I have gone through the official XSOAR documentation for the integration but it wasn't of much help. Has anyone done the integration and made any playbooks? Kindly share the ...

XSOAR CreateEmailHtmlBody Error

I am attempting to create an email from an HTML template but am receiving an error stating "Item not found (8) on list..." followed my the HTML contents of my saved list. I am sure it is looking for the key attribute that is required for the script, however I am not sure what it is asking for. Based on docs, the key argument is the "The context ...

Python Scripts

Hi community, Can anyone provide python scripts that automate the most common 3-4 SOC use cases + any non security use case that could be automated

regish by L0 Member
  • 1235 Views
  • 1 replies
  • 0 Likes

Cortex XSOAR queries

Hi Team, We planned to integrate the IOC push from Cortex XSOAR to other tools, for example, Palo Alto firewalls, other firewalls, SIEM tools, and XDR tools. Is this possible? If so, could you please share any documentation or guidance?

HTML field

Hello everybody, I have a question regarding HTML fields in XSOAR. So I have a Python script to get data from a table but I'm wondering how do I configure an HTML field so that the data my script returns is displayed in an HTML format? I tried connecting the HTML field to the script but haven't had any luck getting the data to display. Thanks ...

mof2024 by L0 Member
  • 1431 Views
  • 1 replies
  • 0 Likes

Resolved! Can't Append strings into incident.Hostnames

Hi all!, I'm having issues trying to update the incident.Hostnames field. What I want to do: I'm receiving an alert which involve different hostnamed, for the sake of simplicity and to track easier the incidents we want to add the hostnames to the incidentHostnames field: As it is an array there shouldn't be any issue but when we perform....

FOtero_0-1706113371425.png
FOtero_1-1706113684985.png
FOtero_2-1706113857656.png
FOtero_3-1706113963629.png
F.Otero by L1 Bithead
  • 2222 Views
  • 2 replies
  • 0 Likes

Resolved! XSOAR Indicator Management webinar: Expired indicator and Bolt Database

**This question was asked during Part 1 of the webinar series: Indicator Management. You may review the recording here If we are using Bolt database and an indicator is expired and has a last seen date of September 1, 2023 - does that mean it exists in the September Bolt database file? If we call the indicator command and the last seen date i...

rtsedaka by L6 Presenter
  • 2048 Views
  • 1 replies
  • 0 Likes
  • 1304 Posts
  • 45 Subscriptions