Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Resolved! XSOAR: MDE malware- Incident Enrichment

I am running error trying to pull the alert_id from a Defender incident under the sub playbook MDE Malware-Incident Enrichment -> Get full alert details using automation: 'microsoft-atp-get-alert-by-id'. 

 

Error: 

 Get full alert details: Missin
...

Disable/Enable Integration Instance via API

Can anyone provide an example of the API request they're utilizing to disable or enable an instance for an Integration via the CORE API?

 

Everything I've tried results in 400 error with this message:
"id": "errOptimisticLock",
"status": 400,
"title": "

...

mikeahrendt_0-1687536527716.png

automation script to take password

I'm attempting to write an automation that takes a user password. 

Then sends an api call containing that password, but when I enable the mandatory sensitive options on the automation script. The API call I wrote no longer runs. Are there any example

...

Sig_9 by L1 Bithead
  • 1861 Views
  • 2 replies
  • 1 Likes

Incident assignment in XSOAR

Hi,

 

Anyone please help me to understand automatic incident assignment by DBot to analyst. what are the steps have to perform?

how to define the shift in user roles?

 

Thanks.

DP696 by L2 Linker
  • 1319 Views
  • 2 replies
  • 0 Likes

E-mail preview image

Is there any way to use a task to preview an email (from an msg or eml) and not just see the filtered results?

I'm looking for a solution to display an email in xsoar as if I were to open it in outlook.

For analysis it would be important to see the e

...

Multiple sync on the same incident

Dear LIVEcommunity users,

 

Since version 6.0, Cortex XSOAR implements incident mirroring. Do you know if it is possible to enable two (or more) different syncs on the same incident (e.g. 2 Jira integrations, or 1 Jira and 1 ServiceNow) ?

If yes :

  • Ho
...

how to re-pull QRadar case

Our client leverages QRadar as their SIEM.

will pull in all cases and then have a pre-processing rule that drops any case that does not have "MSSP" in the name.

This works 99% of the time, but there are certain times when MSSP cases get dropped and we

...

JoshBoyd by L2 Linker
  • 1231 Views
  • 2 replies
  • 0 Likes
  • 1125 Posts
  • 36 Subscriptions
Top Solution Authors
Top Liked Authors