This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! XSOAR Incident Workflow implementation

hi,
is there a possibility in xsoar to prevent an incident from being closed if certain conditions are not met? I would like to implement in incident workflow where one part is executed automatically and the other by the analyst, then if certain field

...

Resolved! Use DT format inside an automation.

Hello,

We are working on an automation which calls many different lists of nested dicts. Example:

upField:

0:

field1:value1

field2: value2

1:

field1:value3

field2: value4

 

In a playbook it will be easy to call only field1 using this expression: ${up

...

Josep by L4 Transporter
  • 2655 Views
  • 2 replies
  • 0 Likes

Shorten returned values in query

I'm creating a widget so I can have a report run returning certain Managment Audit log information.  One of the fields, "Management_Auditing_type" has values that are quite long that I would like to truncate.  For example, have "MANAGEMENT_AUDIT_ACTI

...

Onboarding Playbook Questions

Hi, I am needing to build a playbook for onboarding new accounts into Active Directory. I do know they have some Premium Playbooks but I don't have that budget so building our own. 

 

How do I take in to account the aspect if the username is already

...

War Room showing limited outputs

Hello,

We are executing a long playbook. This playbook started to work incorrectly. To check what was happening, we looked inside the War Room, but it only showed a limited number of outputs. In order to check more outputs, we had to scroll up inside

...

Josep by L4 Transporter
  • 1922 Views
  • 3 replies
  • 0 Likes

Delete List using automation/command?

Hi All,

 

I wanted to delete a list using a playbook tasks, but I dont find any automation that can achieve it. It only have createList, and remove data from List

 

May I know any workaround for it?

 

Regards,

Jia Kai

JOng39 by L1 Bithead
  • 3574 Views
  • 3 replies
  • 0 Likes

Resolved! ParseExcel automation issue

hello,
using XSOAR I wanted to parse an excel from an e-mail and insert the information into a table. I created a Grid field by inserting it inside the incident, used ParseExcel inside a playbook setting as "Mapping" inside the automation to identify

...

FrancescoBarducci_0-1695725938445.png

Resolved! Create clean Notes in the layout

Hello,

We'd like to create Notes in the layout. We can use the option "Mark results as note", but it shows the command executed. We'd like to show a clean note, nothing else.

Josep by L4 Transporter
  • 2504 Views
  • 3 replies
  • 1 Likes

"taskComplete isAutoRun=True" not working

Hello,

We are using a playbook to run again tasks which are already running. Just to reset the task. However, when the command "taskComplete isAutoRun=True" is used, it doesn't run again. How can we avoid this? Is there another option?

Josep by L4 Transporter
  • 1491 Views
  • 2 replies
  • 0 Likes

Resolved! Splunk Integration

Hi, I have been trying to integrate Splunk Enterprise with xsoar and I keep getting this error message 

 

 

with url: /services/auth/login (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1007)'))) ] (2604) (2...

  • 1283 Posts
  • 43 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks