This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Custom Automation issue

Hi , I created a custom automation in python and in one point I need to retrieve a value from the incident the automation was running on.For example , in a playbook there is an automation set to status=[ERROR,SUCCESS,ERROR,ERROR] and after that there is my automation that needs to use this value from the context data.So how do I get this value i...

Extract some fields from csv file

Hi, I have exported a output of splunk query in csv format using exporttocsv automation in a playbook. Now I wanted to use a column of this csv output to be a input for other task. Any one can please suggest if this is possible.

Himangi by L2 Linker
  • 1352 Views
  • 1 replies
  • 0 Likes

Resolved! AWS - IAM Identity Center Integration

Hi All, Thank you in advance. I am facing an issue currently in integrating the AWS - IAM Identity Center Community Contribution. I am not able to find the relevant information for the integration such as Role Session Name, and Role Session duration. Can you assist me in understanding this requirement more so that I can find the relevant i...

Netskope API v2 error in XSOAR

XSOAR does not parse properly the ids from Netskope. It changes the last two digits with zeros. These errors are in the official XSOAR documentation. Example: "incident_id": 1478029261577663500 "app_session_id": 4359394467077842400 "browser_session_id": 2893692091617575400 "connection_id": 8981978357397935000 "request_id": 2605900362175087600 ...

SanDev by L2 Linker
  • 1667 Views
  • 2 replies
  • 0 Likes

Auto Incidnet closure

Dear Community, I'm looking for a way to daily automatically close all incidents with specific criteria. I'm trying to archive that using jobs , I'm trying to create a playbook the query incidents (with specific criteria) and whatever the query outcome I need to close those incidents. any suggestions on achieving that , I'm open for all su...

Issue with talos integration

Dear Community, I'm getting the following issue in Talos integration. Error (November 26, 2023 1:29 PM) Error in Talos Feed Integration. Verify that the server URL parameter is correct and that you have access to the server from your host. (85) The URL used is https://talosintelligence.com/documents/ip-blacklist when I open it on m...

talos.png

Multiple Instances fetching VS. One instance and then claasify and post a new incident

Hi, We've got an scenario where we are fetching mails from a mail server. When an email is received in the mail server, it applies some ruling and send it to a folder, then with XSOAR we've got N instances, one per folder and this is how we are classifying incidents and Use Cases. While there we few folders, it seemed to be the right choice....

Download the previous version of XSOAR dockerimages file

How can I download the dockerimage file of the previous version of XSOAR? For example, the dockerimage file of version 6.11. If I use command “wget https://download.demisto.com/download-params?token=xxxxxxx&email=user@paloaltonetworks.com&downloadName=dockerimages&eula=accept”to download, the latest version of the file will be downlo...

Installation of cortex SOAR offline

Dear All, i was trying to install COrtext SOAR in an Airgap (offline)Enviorment with no internet where i was refering cortex offline installation guide, and i i could not complte the installation and stuck in uploading docker dependaci file to which explain below , did any one here installed XSOAR offline and get sucsess, if yes please help m...

Bulk Changing Incident Status from Pending to Active

I have created an integration that produces many alerts and I have a few thousand incidents that are currently in the Pending state. The plabyook has yet to run etc. What I would like to is select the incidents from the "Incident" page and change the status for these incidents from pending to active without entering each incident manually. I hav...

Why is the severity became "unknown"?

Hello All, I have a question, i have mapped an incident from qradar with the playbook i've created. At first it's worked, the incident severity was "high". but later until now, the severity become "unknown". What is the main cause of this issue?Thank You

awarman by L0 Member
  • 2000 Views
  • 2 replies
  • 0 Likes
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks