This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

False Positives Microsoft Teams Large Upload

Hey, I need your help. We are receiving alerts "XDR Incident 945 - 'Large upload (generic)' generated by #XDR Analytics detected... Basically, this appears when the user makes a call, shares documents, or shares their screen (using Microsoft Teams). In the #XSOAR event I can see that the processname is ms-teams.exe and the destination ip is ...

tlmarques by L4 Transporter
  • 1890 Views
  • 2 replies
  • 0 Likes

CrowdStrike XDR Use cases with Pala Alto Cortex

Hi Team, Can you please suggest a few case studies where CrowdStrike XDR is integrated with Cortex SOAR and what were the areas and use cases that were implemented and helped the customer? We wanted to present this to a management that already has crowdstrike XDR and we want to showcase how cortex SOAR can help.

AYadav45 by L0 Member
  • 2397 Views
  • 1 replies
  • 0 Likes

Resolved! Playbook waiting for a manual Set task

Hello community, I have some playbooks that are responsible for closing incidents in the various sources (XDR, QRadar, XSOAR, JIRA, ...) once I enter a reason or reason for them to be closed. I have done this using a "Set" automation that waits for input from the user and gives an error as it is a "Set" where the value "value" that is i...

rafaelusano_0-1703592508555.png
rafaelusano_1-1703592616387.png

Per Month Query using Beve Query Syntax

Hi, I am trying to take a sum of incidents over a given time, and divide this sum per month, using Beve Syntax. I there any syntax that would give me a per-month break down? So I can take incidents per month, and display them in a widget using a bar graph. Thanks

No remote "Content Repository" tab despite ui.version.control.show.remote = true

Hi, I am trying to setup remote repositories, in a first step only the dev environment. In About -> Troubleshooting I have set "ui.version.control.show.remote" to "true" (copy-pasting it from the documentation [1] and checking multiple times for typos and additional spaces). However, in the "Advanced" view it does not show the "Content Re...

Charly by L0 Member
  • 1084 Views
  • 1 replies
  • 0 Likes

incidents pulling time

Hi , in my Qradar integration I don't have this parameter , I have enabled the "Long Running Instance" and still it takes too long for the incidents to be fetched. Is there a way to manually configure the Incident Fetch Interval. I'm using IBM QRadar v3

Bar_Magnezi_0-1702974903501.png

Resolved! Custom Widget Xsoar

Hi, I am trying to create a custom widget that calculate follwing (Total Incident+ Total Command Execution) with date paramters adjusted by widget. I tried to implement this with JSON method and Automation Script but unable to get the solution. Can you suggest some solution and how this will be acheieved using automation script. Second questio...

Syedhkt by L2 Linker
  • 2203 Views
  • 1 replies
  • 0 Likes

Resolved! Mapping labels "message" to Incident Context without Regex

Kind of similar to the below link: LIVEcommunity - Cortex XSOAR Context Issue - LIVEcommunity - 437729 (paloaltonetworks.com) I've tried mapping content from the Abnormal Security integration and from the Syslog v2 integration. The Abnormal Security integration dumps the raw logs into labels.messages, meanwhile Syslog dumps the whole raw log i...

Create Slack Channel from XSOAR

I am attempting to create a Slack channel from XSOAR using the slack-create-channel command. After a few minutes, I get the following error:"Reason Error from SlackV3 is : Script failed to run: Timeout Error: Docker code script failed due to timeout, consider changing timeout value for this automation, Error: Failed to decode (loop) data from...

Bug in native playbook 'QRadarFullSearch'

Hello,XSOAR's native playbook named 'QRadarFullSearch' has a task called 'Get QRadar search results'. Everytime we run this task, it fails with the following error log:Failed to execute qradar-get-search-results command.Error:Traceback (most recent call last):File "<string>", line 15863, in mainFile "<string>", line 14390, in qradar_...

adocasar by L1 Bithead
  • 2042 Views
  • 1 replies
  • 1 Likes

Using "GetFailedTasks" with a relative time range of 7 or 30 days lookback

Hello all, I am working with the task 'GetFailedTasks' withing the Integrations & Incidents Health Check playbook. When running this task within this system playbook I am only getting failed tasks from the beginning of the year and this is likely due to the Max_incidents flag for this task. How would I go about adding to the query a relative...

Drop and Update but NOT Create (Pre-Processing)

Hi, I am trying to write some preprocessing rules to report on and update BitSight incidents. I only want to create incidents that have a grade of 'BAD' or 'WARN'. I do want to capture, however, when a given incident's grade is updated within BitSight to 'GOOD', because that will let me know the issue is resolved. I wrote my pre-processing rul...

AFamera by L0 Member
  • 1840 Views
  • 1 replies
  • 0 Likes

bitsight-company-findings-get automation

Hello, I am attempting to use the 'bitsight-company-findings-get' command within my automation script, but I am getting an error after I run my script in the playground war room saying I'm using the invalid character '{' even though I copied the command directly from the "Script Helper." Everything up to line 19 works fine and I confirmed the ...

AFamera_0-1698881718740.png
AFamera_1-1698881866094.png
AFamera by L0 Member
  • 1207 Views
  • 1 replies
  • 0 Likes

Resolved! Storing Incident Notes in Context Data

Hello all, I am working on a use-case in which I need to store text based comments (Including MD) to context data for report generation. I have tried to create a script for this yet I have not succeeded. Is there a way to access the comment section in order to pull comments dynamically ? Cortex XSOAR

Resolved! Working with lists

Hi , In the settings section i created a new list The list contains for example: TEST,Mon Oct 30 2023,Teva.com/\teva.co.il/\test@gmail.com,user1,BBLTD,Mon Oct 30 2023,10.0.0.14/\DASD.com/\sdasdas.co.il,user1,BBMA,Mon Oct 30 2023,10.0.0.14/\DASD.com/\sdasdas.co.il,user2 in a playbook a user can choose 1 of the 3 ("TEST"/"BBLTD"/"BBMA")Then ...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks