This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Cortex XSOAR support for RHEL 8.9 version

Hi All, We were reviewing the prerequisites document for Cortex XSOAR installation from the below linkhttps://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.11/Cortex-XSOAR-Administrator-Guide/System-Requirements We couldn't find whether XSOAR is supported on RHEL version 8.9. It was not listed in the documentation. Could anyone confirm wheth...

Resolved! Automation to query incident team from current and linked incidents

Hi, TLDR: How can i write an automation that returns the incident team of multiple investigation ids (1,2,[...]) without needing to run the automation manually in each investigation. I want to create an automation to send an E-Mail to all users in the incident team of the current incident, as well as all linked incidents. To achieve this for...

GetIndicatorsByQuery command

Hi all, Does anyone knows how to retrieve the firstSeen/creation date of an indicator using the GetIndicatorsByQuery command? These are the only fields I know that can be returned so far but none of them is the firstSeen/creationDate of the indicator. id,value,lastSeen,investigationIDs I'm unable to have it populate every fields as well ...

LIEWS05 by L0 Member
  • 1345 Views
  • 1 replies
  • 0 Likes

XSOAR + Threat Intelligence

Hi, All! I am working on integrating more threat intelligence into our XSOAR platform. Our latest efforts have been integrating other free sources of IOCs (AlienVault, Abuse.ch, etc...) and then we are going to work that into playbooks to create logic based off of the new IOCs we are bringing in. For example, if an event is created where it sh...

User Restriction and permission

Hi, using XSOAR I came across some issues related to user permissions and audit logs to have an account of the various activities performed on the platform: - Is it possible to restrict user permission to execute scripts/commands only via field changes in layouts? - using the command !listExecutedCommands source=All I cannot see the commands lau...

XSOAR - Error in XDR Automation

Hi, When i am trying to execute the automation xdr-get-incident-extra-data (Cortex XDR - IR) in playbook, i am getting an error as shown in the screenshot below. What could be the reason? Kindly help, Thanks, Nithin

nithink_0-1703677129627.png
nithin.k by L1 Bithead
  • 1505 Views
  • 3 replies
  • 0 Likes

Pulling Calendar Invites from Inbox - EWS O365 Integration

We are using the EWS O365 integration to monitor an Exchange Online inbox. Any emails that hit the inbox get an incident created, and a Playbook handles things from there. This is working just fine but the problem I'm having is that it is ignoring calendar invite emails. Some phishing attempts we've seen come in as calendar invites, so I'd like ...

sackett by L1 Bithead
  • 2171 Views
  • 6 replies
  • 0 Likes

xdr-get-incident command date time dispute

Hello everyone, I have a script that need to get incidents from server. incidents = execute_command( "xdr-get-incidents", { "lte_creation_time": last_creation_time.split("+")[0], "gte_creation_time": first_creation_time.split("+")[0], "page": page, "limit...

Resolved! Unblock IP

Hi, I have been using Panorama integration to block the IP. Is there any way where I can unblock the IP or remove the IP from address group of Panorama.

Himangi by L2 Linker
  • 2584 Views
  • 3 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks