Hi all,
A customer of ours is trying a curious thing and I am not sure if it is possible in general, so I guessed the best way would be to ask right away. Our customer created a XSOAR list, that contains a html string with context data variables in it
...
I am attempting to ingest Qradar into the XSOAR using the Integration. I need to pull custom fields from the SIEM and what I need to understand is as follows;
Is it preferable to pull these fields within an AQL Search at the playbook stage ?
Or is it
...
Hello,
I need to make an HTTP request to get suppressed incidents from the main account. Is anyone has an idea how can a filter those incidents? Thanks!
Hi all
I would like to search in Cortex XSOAR for running timers that exceed a certain time. I tried it but it didn't worked out.
It should work like this that I can search for an timer (in this case detectionsla the total duration) and afterwards it s
Is it possible to automate deletion of phishing emails if the backend Exchange server is Exchange 2013? I noticed there is an integration for Exchange 2016 but I did not find one for Exchange 2013.
Any thoughts on why this is failing; this always returns Entries Found regardless if there are entities or not.
You can see in the screenshot above there are 0 results, no entries.
When I run this script, you'll see the screenshot below.
------Scrip
...
Hi everyone,
I was trying to make a playbook to extract indicators (Hash values, domains, IP addresses) from a PDF file. I tried to use the ReadPDFFile V2 utility, however it gives the below error on 2 of the PDF files I tried.
Hello,
I would like to create an HTML template inside XSOAR (using a list) and adding a html image to it. I would like to know, if there is any local resource in where i can save the image and then import it in XSOAR, or it has to be done in a public
This command works:
demisto.executeCommand('setIncident', {'summary': "test"})`
Note: summary is a custom field of text.
This fails:
demisto.executeCommand('setIncident', {'sentinelclosereason': "JOSH"})
The only difference I can see is that sentinelclos
Onboarding to a new company.
No post processing on incident type (azure sentinel).
When a ticket is closed on the close form, we have a custom "Azure Closure Reason" and "Classification Comment"; based on this we have a script(CloseSentinelCase) that t
hi All,
I have changed my etc/demisto.conf file to move data folders(https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/manage-data/move-data-folders-to-another-location-on-the-server.html)
and after upgrading my app server
...
Hello ,
On of our customer is dependent on their partner for Minemeld EDL
The Partner is hosting the Minemeld server and now our customer is planning to build their own Minemeld
As Minemeld is no longer supported by PAN and is purely an open Source s
...
Hi everyone,
does anyone of you know how to check a custom indicator with !GetIndicatorDBotScore?
Due to the recent change in the URL indicator type's regex, we needed to create a new indicator type, that makes use of the old regex. Unfortunately this
...
Hello everyone;
Cortex:
The console reports 481 agents of which it gives with lost connection 110, in the licensing section it indicates 371 agents installed of the 500 licensed, so it seems that it does not take into account those of lost connection,
