Cortex XSOAR Discussions

Resolved! Block IP using Panorama Integration

Hi,

I have integrated Panorama with XSOAR, instance is successfully created.

Now I have to block IP using this integration. I want to block ips just using panorama xsoar integration by using Static Address Group
Can anyone please assist how to go forw

...

Resolved! Exclude character while using variable.

incident.labels.source_address_ids:["1.2.3.4']

for above json value when i am parsing/using variable in title field getting error ( i.e. expecting ',' )

is there any way while calling variable we can ignore/exclude characters ( [ and " )

tried

...

Resolved! Setting a pre-processing rule

Hi all,

In a list field, I want to go through all indexes one by one and if there is *malware* in all indexes(malware execution, malware alert, malware), I want to drop it. However, I could not edit this in the "Conditions for Incoming Incident" fiel

...

Attaching a CSV File to the Mail Attachment

I want to attach the CSV file in the Playbook as an attachment to the e-mail and send it. I use Msgraph. If I send it without attachments, the mail is sent. But when I add an attachment, the mail is not sent. I'm using the following command. I tried

...

How to include the initial Email as attachment OR how to reply on the same Email sent

I am trying to develop a playbook that sends reminder after 24 hours if no response by user received.

I was able to create a timer task that sleeps for 24 hours and runs without a worker. But i don't know how i can send a reply on the same email th

...

Close Incident when offense closed via Qradar

Hi ,
Is there any option to automatically close Incident when offense closed via Qradar ?

In the integration setting there is the option - "Close Mirrored XSOAR Incident" but it doesn't for work me.

Resolved! delay in a playbook

Hello everyone,

What is the best option to add a delay in a playbook, for example I have 2 automated tasks and want task 2 to start after task 1 finishes by 1 hour.

I thought of creating a one-line automation that has time.sleep(amount) and addi

...

Close Incidents from Preprocess Rule "Script"

Dears,

Hope you are doing well.

We need to close the Incidents on xsoar from preprocess script, How can we close it using a script in preprocess rule?

I dont need other options like: link and close or drop or close. Because there are some mandato

...

How to know if a zip file is encrypted in XSOAR

Hello,

We'd like to know if a zip file is encrypted inside a playbook or a automation. The way in which XSOAR works with these files does not allow the use of python libraries. Is there a way through the File context value to know if the file is encr

...

Resolved! Include Linked incidents table in email notification

Dear Community members,

hope you are all doing well !

I'm wondering if there is an option to include linked incident table (can be added to the incident layout) in email template.

I'm using Mail sender (New) : https://xsoar.pan.dev/docs/referenc

...

Could use some help with Azure SSO for community edition Cortex XSOAR

Hello,

I have tried many settings and can't seem to quite figure out what text is to be entered into the setup section within Xsoar for the Azure SAML SSO setup. I keep getting this error:

" {"id":"errSAMLLogin","status":400,"title":"Failed to login

...

Resolved! Filter Incidents in specific Time interval

Hi ,

Is there a way to filter incidents in specific time interval ?

For example -

Filter incidents that occurred From 1/5/2023 to 31/5/2023 only between 7:00 to 14:00

Content Update Manger Playbook giving error in Task : Install updates for chosen packs

Error Detail:

ContentPackInstaller - Error occurred while setting up machine. string indices must be integers

Any suggestion, what could be the reason. Tried to pass integer values also but no luck.

Resolved! Running Script or Playbook in one tenant from another tenant.

Hi all,

I have a multi-tenant deployment. I want to run a script or playbook from one tenant to another tenant. How can I do this?

#XSOAR

How to Find and update existing incidents through Integration

Hi,

We are providing partner integration for our product and this is the requirement.

My product # generates/creates 'Cases' which are pulled inCortex XSOAR as incidents using fetchIncidents call. It might be possible that sometimes a 'Case' in ou

...

Discussions

Resolved! Block IP using Panorama Integration

Resolved! Exclude character while using variable.

Resolved! Setting a pre-processing rule

Attaching a CSV File to the Mail Attachment

How to include the initial Email as attachment OR how to reply on the same Email sent

Close Incident when offense closed via Qradar

Resolved! delay in a playbook

Close Incidents from Preprocess Rule "Script"

How to know if a zip file is encrypted in XSOAR

Resolved! Include Linked incidents table in email notification

Could use some help with Azure SSO for community edition Cortex XSOAR

Resolved! Filter Incidents in specific Time interval

Content Update Manger Playbook giving error in Task : Install updates for chosen packs

Resolved! Running Script or Playbook in one tenant from another tenant.

How to Find and update existing incidents through Integration

Can XSOAR disk space vary automatically?

Assign incident to new owner

unable to push the content from dev to prod

JSON Sample Incident Generator

Rename table headers

Re: Dashboard Graph Display Incident Count Per Month

Dashboard Graph Display Incident Count Per Month

Re: Incident Parent-Child Relationship

Re: Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.

Re: Couldn't sort by date in bar graph widget in Dashboard

Unlock your full community experience!

Resolved! Block IP using Panorama Integration

Resolved! Exclude character while using variable.

Resolved! Setting a pre-processing rule

Resolved! delay in a playbook

Resolved! Include Linked incidents table in email notification

Resolved! Filter Incidents in specific Time interval

Resolved! Running Script or Playbook in one tenant from another tenant.