Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Even though get-remote-data command executes successfully, the entries returned in the GetRemoteDataResponse object is not being added to the incident

When the get-remote-data is being called, I am getting below errors when returning entries to the GetRemoteDataResonse. The command is executes successfully, but I do not get entries in the XSOAR incident which I have passed to the GetRemoteDataRespo

...

HarshPanchal_0-1674821669351.png
HarshPanchal_2-1674821769217.png

Panoroma IP Blocking Issue

I wanted to block ips via using xsoar, on Pan-os panorama. We have integrated xsoar and panoroma but non of the automations provide us a blocking on panorama. In addition to that I tried to give inputs to Block IP Generic v3 playbook(which is provide

...

UmutAK by L1 Bithead
  • 861 Views
  • 1 replies
  • 0 Likes

Search IOCs on VirusTotal Faster

We are running a playbook to search a list of IOCs on VirusTotal, the list is received by an attachment on incident creation. The playbook then exports the VirusTotal scores into the war room as a csv file. All this is achieved by manual indicator cr

...

XSOAR Tenant RO access

Hi All,

In an environment where one has a multi tenant setup, what is required from a licensing perspective in order to setup an account (pref read only) to be able to view both the master and any child tenants within. requirement for this account is

...

Ants by L1 Bithead
  • 701 Views
  • 1 replies
  • 0 Likes

Microsoft Sentinel Integration

I am having the following error while trying to create an instance of  "Microsoft Sentinel Integration":

Error
(April 12, 2023 9:47 AM)

Script failed to run: Error: [Traceback (most recent call last): File "<string>", line 1, in <module> NameError:

...

MSSSOC by L0 Member
  • 1261 Views
  • 1 replies
  • 0 Likes

Get MFA authentication methods

Hello community!

 

I was wondering if there's any integration that would allow me to get the defined authentication methods for a given user. The use case is to know if someone who has entered credentials in a phishing portal has MFA enabled or not a

...

adocasar by L1 Bithead
  • 1065 Views
  • 1 replies
  • 0 Likes

Avoid using too many containers

Hello,

We're trying to avoid using too many containers. In order to reduce it, we have come up with two options for the automation:

  • Use the exact same container for automations (If they use the same libraries)
  • Or use the empty "Docker image name" opti
...

Josep_1-1679989178081.png
Josep by L4 Transporter
  • 2710 Views
  • 6 replies
  • 0 Likes

Resolved! Incidents in error - how to rerun last task?

Hi!

 

I often encounter errors in incidents due to temporary API integrations failure. I have some automated retries setup for each task which mitigate it somewhat. However if the failure lasts longer - incidents stop in error. I usually open each in

...

Antanas by L2 Linker
  • 2295 Views
  • 4 replies
  • 0 Likes

Multitenant and JOB

Hi everyone,
I use a multi-tenant structure. As you know, JOBs are not distributed between tenants.
I have more than twenty tenants. I want to create a structure that will send a notification in case any of them get an error in the integration (unable

...

Resolved! Context key reorganize

Hi!

 

I want to be able to manipulate context keys by selecting the keys I want, and moving them to upper level. E.g.: Assuming I have the following in the context:

 

I want to have a new context key with only Name and HairColor:

 

 

GetFields tran

...

f1.JPG
f2.JPG
Antanas by L2 Linker
  • 1467 Views
  • 4 replies
  • 0 Likes
  • 1084 Posts
  • 32 Subscriptions
Top Solution Authors
Top Liked Authors