Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Resolved! Playbooks seems never end

Hello everyone

 

Recently I am developing playbooks for the management of possible security incidents.

 

Something that catches my attention is that, in case of errors throughout the playbook, I have established that the case is closed through the "C

...

War Room Table to Layout view

Hi, I am building the playbook, where I have one task that is searching for incidents using the query as in:
!SearchIncidentsV2 query="type:FireEye NX Alert and fireeyenxalertvictimip:11.11.11.11 or 134.122.90.162"

With a help of community members I wa

...

MMagdic_0-1689838826342.png
MMagdic by L2 Linker
  • 1047 Views
  • 1 replies
  • 0 Likes

splunk notable hash

Hello, i get some problems during setup my splunk to xsoar:

 

The problem i get is xsoar take the notable event hash filed like it was a file hash and i didn't want it in my playbook.

Some of you has already face this issue ? do you have resolved it

...

Resolved! Custom Fields not showing in context data

Hi all,

 

I have two custom fields. Initially, these fields were added to the context data even if they are empty. Now, they don't get added at all. This code used to work demisto.incident()['customFields']['fieldhere'] to grab the custom fields, bu

...

Resolved! Create incident with Script

Hi all,

I am creating an incident with script as following:

uri = f'/incident' body = { "name": incident_name, "type": incident_type, "createInvestigation": True, #"rawJSON": json.dumps({'hello': 'test'}) }...

Resolved! Issue while usin 'JQ' Transformer

Hello,

I would like to use 'jq' Transformer as designed in a custom "Mapper", but it constantly says to me that error message, whatever I am testing :
===> "Result: Failed to execute jq. Error: the JSON object must be str, bytes or bytearray, not dict"

...

Chronicle Errors for a while now -

!gcb-list-detections alert_state="ALERTING" page_size="100" detection_for_all_versions="False" list_basis="CREATED_TIME" start_time="2023-07-17T14:52:46.000Z" end_time="2023-07-17T14:57:46.894Z" retry-count="2" retry-interval="30" is returning "Faile

...

NickyR by L1 Bithead
  • 920 Views
  • 1 replies
  • 0 Likes

Resolved! SearchIncidentsV2 not returning results

Hi, I am using SearchIncidentsV2 automation to loop through 2 IP addresses previously saved to IP incident key, to see if these IPs are showing in FireEye NX alerts. When I try to loop I receive empty foundIncidents key:  

 

 

 

When I hardcode the

...

MMagdic_0-1689670794647.png
MMagdic by L2 Linker
  • 2281 Views
  • 8 replies
  • 0 Likes
  • 1125 Posts
  • 36 Subscriptions
Top Solution Authors
Top Liked Authors