Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Recurrent data input problems in tasks

Hello,

Data key received from API calls don't always have the same format in the context. Example:

Sometimes it could be:

data.[0].results.username

data.results.[0].username

data.[0].results.[0].username

data.results.username

The API call is the one

...

Josep by L4 Transporter
  • 1020 Views
  • 2 replies
  • 0 Likes

XSOAR XDR Query Context Data Delay

Hi everybody,

could you please help me with following issue?

When I use XQL query to XDR dataset (!xdr-xql-generic-query) it returns correct data to the War room but before are this data moved to Context data it takes almost 5 minutes (No matter how

...

Resolved! Problem with setIncident command

I am working on a new automation which gets triggered dynamically from layout where in I need to check a custom attribute has changed in my remote machine, then update it on the xsoar incident. The custom attribute is a list/array. This is what I am

...

sudhesub by L1 Bithead
  • 1263 Views
  • 2 replies
  • 0 Likes

Test sample in the playbook

Hi,

 

Is it possible to influence the sample data that is shown in playbook edit mode, when using Test to validate the data in any task? I find that in some playbooks it can give me to select the latest incident of that type, but on others - it only

...

Antanas by L2 Linker
  • 881 Views
  • 1 replies
  • 0 Likes

Appending Incident field from a script

Dears, 

 

I am blocking urls on a security control then save the value of URL in incident field name (blocked urls) using setIncident command, 

But every time I block new url the incident field is not appending the new url to the old url. It replace

...

  • 920 Posts
  • 30 Subscriptions