This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Create incident with Script

Hi all,

I am creating an incident with script as following:

uri = f'/incident' body = { "name": incident_name, "type": incident_type, "createInvestigation": True, #"rawJSON": json.dumps({'hello': 'test'}) }...

Resolved! Issue while usin 'JQ' Transformer

Hello,

I would like to use 'jq' Transformer as designed in a custom "Mapper", but it constantly says to me that error message, whatever I am testing :
===> "Result: Failed to execute jq. Error: the JSON object must be str, bytes or bytearray, not dict"

...

Chronicle Errors for a while now -

!gcb-list-detections alert_state="ALERTING" page_size="100" detection_for_all_versions="False" list_basis="CREATED_TIME" start_time="2023-07-17T14:52:46.000Z" end_time="2023-07-17T14:57:46.894Z" retry-count="2" retry-interval="30" is returning "Faile

...

NickyR by L1 Bithead
  • 1010 Views
  • 1 replies
  • 0 Likes

Resolved! SearchIncidentsV2 not returning results

Hi, I am using SearchIncidentsV2 automation to loop through 2 IP addresses previously saved to IP incident key, to see if these IPs are showing in FireEye NX alerts. When I try to loop I receive empty foundIncidents key:  

 

 

 

When I hardcode the

...

MMagdic_0-1689670794647.png
MMagdic by L2 Linker
  • 2449 Views
  • 8 replies
  • 0 Likes

Issues after upgrading XSOAR

Hello wonderful people,

 

I just upgraded XSOAR from version 6.9 to version 6.11 in a live environment.

 

The upgrade was successful but "I got failed to migrate podman containers" after the upgrade.

 

Also after all, whenever I try to pull data from

...

Resolved! Delete Indicators Command

1) Is there a way to delete a batch of indicators with a single command, let's say all IP addresses imported with Feed XXX?

2) When I change Domain indicator expire time (Indicator Type) from 14 days to 1 hour, after expiration time indicators are st

...

MMagdic by L2 Linker
  • 4280 Views
  • 7 replies
  • 0 Likes

Resolved! Generate Investigation Summary Report

Hi

I have used the automation Generate Investigation Summary Report to generate a report of particular incident. But I am not getting full content in the report that is being generated. In war room I can see details but in the generated report inform

...

Himangi by L2 Linker
  • 1416 Views
  • 1 replies
  • 0 Likes
  • 1159 Posts
  • 38 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks