Cortex XSOAR Discussions

How to send command (like !send-mail) between two tenants?

Hi all,I have two tenants. One of them is called A and one is called B. I have Mail integration on tenant B. How can I run "!send-mail to= example[@]example[.]com subject=Hello body=Hello body" from tenant A to tenant B? Is it done with demisto.inter

...

xdr-get-incident command date time dispute

Hello everyone,

I have a script that need to get incidents from server.

incidents = execute_command(

"xdr-get-incidents",

{

"lte_creation_time": last_creation_time.split("+")[0],

"gte_creati

...

MITRE ATT&CK Framework

Hi ,
Is there a way to automate the process of mapping every incident to its MITRE Technique ,
or it should be manual for every incident ?

Resolved! Unblock IP

Hi,

I have been using Panorama integration to block the IP. Is there any way where I can unblock the IP or remove the IP from address group of Panorama.

Resolved! XQL Query for CVE counts in XDR per endpoint_name

does anyone have a xql query that will return endpoint_names with and associated CVE count?

Extracting IOC from threat Intel Email

Hi everyone. I am new to this industry and I am looking for guidance on how to extract IOC from threat intel email body in Xsoar Playbook. Hoping if someone can help out. Thank you.

Resolved! Your session has expired. Logint to continue.

XSOAR server based community edition is always asking me my admin cred. It happens every 10 seconds. How can I remediate this issue ? Thanks in advance.

False Positives Microsoft Teams Large Upload

Hey,

I need your help.

We are receiving alerts "XDR Incident 945 - 'Large upload (generic)' generated by #XDR Analytics detected...

Basically, this appears when the user makes a call, shares documents, or shares their screen (using Microsoft Teams)

...

CrowdStrike XDR Use cases with Pala Alto Cortex

Hi Team,

Can you please suggest a few case studies where CrowdStrike XDR is integrated with Cortex SOAR and what were the areas and use cases that were implemented and helped the customer?

We wanted to present this to a management that already has

...

Resolved! Playbook waiting for a manual Set task

Hello community,

I have some playbooks that are responsible for closing incidents in the various sources (XDR, QRadar, XSOAR, JIRA, ...) once I enter a reason or reason for them to be closed.

I have done this using a "Set" automation that wa

...

Per Month Query using Beve Query Syntax

Hi,

I am trying to take a sum of incidents over a given time, and divide this sum per month, using Beve Syntax.

I there any syntax that would give me a per-month break down? So I can take incidents per month, and display them in a widget using a b

...

No remote "Content Repository" tab despite ui.version.control.show.remote = true

Hi,

I am trying to setup remote repositories, in a first step only the dev environment.

In About -> Troubleshooting I have set "ui.version.control.show.remote" to "true" (copy-pasting it from the documentation [1] and checking multiple times for ty

...

incidents pulling time

Hi ,
in my Qradar integration I don't have this parameter ,

I have enabled the "Long Running Instance" and still it takes too long for the incidents to be fetched.

Is there a way to manually configure the Incident Fetch Interval.
I'm using IBM QRad

...

Resolved! Custom Widget Xsoar

Hi, I am trying to create a custom widget that calculate follwing (Total Incident+ Total Command Execution) with date paramters adjusted by widget. I tried to implement this with JSON method and Automation Script but unable to get the solution. Can y

...

Resolved! Mapping labels "message" to Incident Context without Regex

Kind of similar to the below link:

LIVEcommunity - Cortex XSOAR Context Issue - LIVEcommunity - 437729 (paloaltonetworks.com)

I've tried mapping content from the Abnormal Security integration and from the Syslog v2 integration. The Abnormal Securit

...

Discussions

How to send command (like !send-mail) between two tenants?

xdr-get-incident command date time dispute

MITRE ATT&CK Framework

Resolved! Unblock IP

Resolved! XQL Query for CVE counts in XDR per endpoint_name

Extracting IOC from threat Intel Email

Resolved! Your session has expired. Logint to continue.

False Positives Microsoft Teams Large Upload

CrowdStrike XDR Use cases with Pala Alto Cortex

Resolved! Playbook waiting for a manual Set task

Per Month Query using Beve Query Syntax

No remote "Content Repository" tab despite ui.version.control.show.remote = true

incidents pulling time

Resolved! Custom Widget Xsoar

Resolved! Mapping labels "message" to Incident Context without Regex

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

Re: Cortex XSOAR intergration with Terraform Cloud?

Splunk integration - Mirroring not working

Unlock your full community experience!

Resolved! Unblock IP

Resolved! XQL Query for CVE counts in XDR per endpoint_name

Resolved! Your session has expired. Logint to continue.

Resolved! Playbook waiting for a manual Set task

Resolved! Custom Widget Xsoar

Resolved! Mapping labels "message" to Incident Context without Regex