Hello team,
I'm trying to use the extended context feature to keep only the data I'm interrested in and put them where I need them to be.
The automation I'm using is infoblox-get-ip from Infoblox integration.
Here is the output of the automation:
I'm
...
Hi,
I was making 2 playbooks.
In the first playbook, after creating the same I scheduled it as a job. Each time the job runs, it creates a incident case. How do I prevent the incident case from being created when the job runs?
In the second playbook,
...
Hello,
We are working in an integration between XSOAR and XDR.
We want to upload IOCs from a given file to XDR, we have seen that Cortex XDR - IOC integration allows a synchronization of IOCs but what we want is a manual push of new IOCs to XDR, not to
Hi,
I am trying to create a playbook that
1) Searches for expired accounts in AD
2) Retrieves the sAMAccountName, Display name and expired date
3) Delete the accounts
4) Sent an email notification with the details of the accounts deleted.
I created the l
...
Hi, I configured TAXII Server v1 on Cortex XSOAR. I am trying to get understand the idea of collections. I wish to create a multiple collections within XSOAR so that when a taxii client polls for the list of collections, it can see the list and selec
...
We are experiencing the weird behavior, where the "tanium-tr-alert-update-state" command update all alert status.
The full command used is as below
!tanium-tr-alert-update-state alert_ids=2267 state=resolved
I have updated the Tanium Threat Response V2
...
Greetings,
So I have been pulling rasterized images with the names of the URLs attached into XSOAR and attempting to pipe them into some ServiceNow tickets, but character restrictions are giving the system issues on what files to call during the uploa
Hi all,
I have problem and I would like please you for help.
My target is, from API (via postman) run some playbook with own data. For example, call playbook, where I added into playbook Inputs property "Left".
How I tried set $Input.Left from my API,
...
Hi,
There is a playbook task at one of the early steps which asks analyst to start investigation or not. The below command let me change owner to command executer himself but i need this execution inside the playbook. When an analyst click "Yes" to p
...
I am trying to use the built in demisto-api-download autmation to download a file from our hosted xsoar instance
I am struggling to figure out how to format my command in the automation. From the documentation these are the inputs :
Arguments Descrip
...
I am attempting to use the Email Communication type to create email threads instead of new incidents when a reply is received. From what I understand you set a Proccessing-Rule based on type and then set "Run a script" to Pre-process email script. I
...
Hello guys,
I'm currently trying to create a Playbook that auto-categorize already analyzed phishing email, let me explain :
Here is the current process :
1. An analyst tags an email as Phishing using Outlook categories in the main Email box
2. Thanks to
...
Hi, XSOAR is giving us warnings everyday at 1pm. We are receiving the email below
```
System Diagnostics found 1 issue(s) and 0 warning(s). Issues: Docker service is down Warnings: None Review warnings and issues in the System Diagnostics page. View it
Hi,
I want to set sla times per severity type but it seems xsoar bind sla's to incident type, so i think i need to start each sla per severity in playbook by testing severity it is nearly clear for me. But i am confused what type of SLA should i crea
...
Hi,
In a multitenant deployment i want to place the response page somewhere else from the "Host-tenant" machine lets say customer environment. And configure "External Host Name" to this new server which is accessible from customer local area.
Reg
...
