This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Getting data from multiple incident contexts?

Hi! I want to extract specific key data from context of multiple incidents. The context key I'm looking for is not under "incident". Specifically, I have many incidents of type "Phishing" and want to output the contents of "Recipient Selection.Answers.0" key from all of them. I thought of using SearchIncidentsV2 but it does not seem to include...

Antanas by L2 Linker
  • 2477 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR 8 API - Attachment upload with entryID

The code below, creates an incident with attachment uploaded but in the incident itself, when I see the context, I dont see any file. Since there is no entryID for the file, I cannot read the attachment and also cannot run the playbooks. Any change I need to make to make the attachment appear as File with entryID? https://docs-cortex.pal...

Cortex XSOAR

Morning everyone, I hope that you are doing well I have a little problem. We have implemented the XSOAR in our customer environment and configure th EWS O365 content pack for phishing attacks but since we do not have a case, we cannot show to the customer how it work in a real case. We alrea;dy gernerated incident with the onboarding content...

Ingest Taxii feed into XSOAR 6.12

Hi, I am trying to ingest our taxii feed into XSOAR 6.12 with following steps: installed XSOAR 6.12 on ubuntu 22.0.4 LTS launched the web portal, and installed TAXII Feed (1.x) pack from marketplace Ingest feed using "Integration Instance Settings" Typed in the parameters such as name, discovery service URL, username/password, collection nam...

TonyZhu by L2 Linker
  • 7776 Views
  • 16 replies
  • 0 Likes

Resolved! Reruning playbook and preventing communication tasks from being rerun

Hello All, I have been working on the XSOAR Platform for a long time and there is something which I haven't been able to find a solution for. I would like to rerun a playbook for multiple incidents and I use the !setPlaybook to do this. I do this after rectifying the issue on the playbook for example task error or similar. The problem is that m...

new host does not appear in the ACCOUNT MANAGEMENT

Hi!I'm installing XSOAR multi tenant environment. Currently its a Community edition for POC.Installed main host and tenant host as per documentation. Both Ubuntu 22.04I am unable to connect tenant host to main host.Settings - account management - new account - host/HA group only shows main host:hostname:443They are both in same subnet, main host...

Did not get the expected value from test (85) issue with Remedy Integration

- Hi, While doing the customized Remedy integration test, getting-"Did not get the expected value from test (85)" but able to fetch the incident status via "remedy-incident-get incidentID", OAuth test successful via "remedy-auth-test" in playground through queries and also generating the Incidents. Could anyone assist me with this?

Resolved! Dynamic Section using Context

I was wondering how we can add splunk results into Incident layout. Possibly a CSV file or markdown. We use splunk to search our email logs to see other recipients who got phishing email. Wanted to display that in the Incident layout. Any advise is highly appreciated. Thank you.

Getting null in output

Hi, I am using a splunk search automation and passing a query in input and I am getting appropriate result without any null value. So I have added a new task after that to convert the output in csv, I am using Exporttocsv automation, but here the input value is consisting of null followed by the result of splunk search because of which I am ge...

Himangi_1-1698821557749.png
Himangi_0-1698821510351.png
Himangi by L2 Linker
  • 1672 Views
  • 2 replies
  • 0 Likes

Qradar Integration

Hi , Is there a way to make the the system pull incidents more often , now it takes about 3 min since the offense first appears in the Qradar until it appears in the Demisto.

  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks