This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Auto Incidnet closure

Dear Community, I'm looking for a way to daily automatically close all incidents with specific criteria. I'm trying to archive that using jobs , I'm trying to create a playbook the query incidents (with specific criteria) and whatever the query outcome I need to close those incidents. any suggestions on achieving that , I'm open for all su...

Issue with talos integration

Dear Community, I'm getting the following issue in Talos integration. Error (November 26, 2023 1:29 PM) Error in Talos Feed Integration. Verify that the server URL parameter is correct and that you have access to the server from your host. (85) The URL used is https://talosintelligence.com/documents/ip-blacklist when I open it on m...

talos.png

Multiple Instances fetching VS. One instance and then claasify and post a new incident

Hi, We've got an scenario where we are fetching mails from a mail server. When an email is received in the mail server, it applies some ruling and send it to a folder, then with XSOAR we've got N instances, one per folder and this is how we are classifying incidents and Use Cases. While there we few folders, it seemed to be the right choice....

Download the previous version of XSOAR dockerimages file

How can I download the dockerimage file of the previous version of XSOAR? For example, the dockerimage file of version 6.11. If I use command “wget https://download.demisto.com/download-params?token=xxxxxxx&email=user@paloaltonetworks.com&downloadName=dockerimages&eula=accept”to download, the latest version of the file will be downlo...

Installation of cortex SOAR offline

Dear All, i was trying to install COrtext SOAR in an Airgap (offline)Enviorment with no internet where i was refering cortex offline installation guide, and i i could not complte the installation and stuck in uploading docker dependaci file to which explain below , did any one here installed XSOAR offline and get sucsess, if yes please help m...

Bulk Changing Incident Status from Pending to Active

I have created an integration that produces many alerts and I have a few thousand incidents that are currently in the Pending state. The plabyook has yet to run etc. What I would like to is select the incidents from the "Incident" page and change the status for these incidents from pending to active without entering each incident manually. I hav...

Why is the severity became "unknown"?

Hello All, I have a question, i have mapped an incident from qradar with the playbook i've created. At first it's worked, the incident severity was "high". but later until now, the severity become "unknown". What is the main cause of this issue?Thank You

awarman by L0 Member
  • 1907 Views
  • 2 replies
  • 0 Likes

Getting data from multiple incident contexts?

Hi! I want to extract specific key data from context of multiple incidents. The context key I'm looking for is not under "incident". Specifically, I have many incidents of type "Phishing" and want to output the contents of "Recipient Selection.Answers.0" key from all of them. I thought of using SearchIncidentsV2 but it does not seem to include...

Antanas by L2 Linker
  • 2363 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR 8 API - Attachment upload with entryID

The code below, creates an incident with attachment uploaded but in the incident itself, when I see the context, I dont see any file. Since there is no entryID for the file, I cannot read the attachment and also cannot run the playbooks. Any change I need to make to make the attachment appear as File with entryID? https://docs-cortex.pal...

Cortex XSOAR

Morning everyone, I hope that you are doing well I have a little problem. We have implemented the XSOAR in our customer environment and configure th EWS O365 content pack for phishing attacks but since we do not have a case, we cannot show to the customer how it work in a real case. We alrea;dy gernerated incident with the onboarding content...

Ingest Taxii feed into XSOAR 6.12

Hi, I am trying to ingest our taxii feed into XSOAR 6.12 with following steps: installed XSOAR 6.12 on ubuntu 22.0.4 LTS launched the web portal, and installed TAXII Feed (1.x) pack from marketplace Ingest feed using "Integration Instance Settings" Typed in the parameters such as name, discovery service URL, username/password, collection nam...

TonyZhu by L2 Linker
  • 7391 Views
  • 16 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks