Cortex XSOAR Discussions

Is there automation that delete old incident tikcet?

I have a job run every 5 mins and it will upload a file to AWS, after it runs it would create an incident which I don't want to keep, is there any out of box automation that can delete incident as well as the artifact the job created to save some spa

...

Resolved! running polling commands from automations

opsgenie-get-request is a polling command but when it is being run from an automation it results in an error. From CLI or through playbook tasks, the output returns to the war room once it finishes. That's doesn't seem to be the case in automations.

...

XSOAR getIncidents command

Hi community,

I've been making great use of custom scripts to extract reporting metrics that wouldn't have been possible with the built in widgets. But something I've noticed recently is that querying incidents seems to be causing huge spikes in C

...

Resolved! Docker Image [exit status 120]

I created an 'image' with the 'docker_image_create' command, containing the pymisp and pandas libraries. I'm having a problem now and I can't make sense of it, any ideas?

Error from Scripts is : Script failed to run: Container exit with error. contain

...

Resolved! XSOAR Delete Messages using Graph API

I know EWS and O365 are current options for the Delete messages playbook however does anyone know it the Graph API is going to be added as an option? Due to certain restrictions I am being forced down the Graph API route for the preferred integration

...

Resolved! Add a screenshot to indicator layout using rasterize url

Currently using rasterize url to add screenshots to incidents, any way to do the same for indicators?

Thanks for any help

How can I surely say that incident is changed from Pending state to Active state during outgoing mirroring?

When we change the incident from Active state to Close state, we get "closeReason", "closingUserId", and "closeNotes" in the delta of "UpdateRemoteSystemArgs". But when the incident is changed from Pending state to Active state, we do not get anythin

...

Blueliv API integration error

We are testing XSOAR and integrations. We have some problems when we try to fetch incidents in BlueLiv integration.

This is the complete error:

Error: Script failed to run: 
Error: [Traceback (most recent call last):
   
   File "<string>", line 5

...

Extract Indicator in XSOAR

Hi all,

I want to manually extract the 'IOC alarm' coming from XDR. But the incoming IP addresses come in 2 ways as 'action_local_ip' and 'action_remote_ip'. If I extract according to action_local_ip or action_remote_ip, some IOCs get an error (wrong

...

Issue with certificates - Encountering SSL handshake failure error

Hi,
Created own self-signed certificate, and replaced with the certificate and key in the designated path '/usr/local/demisto/d1.cert.pem & /usr/local/demisto/d1.key.pem' (on XSOAR engine) and given the required permission and ownership to the files.

...

Resolved! Incident fetch reset timestamp

Hi

I have a doubt regarding incident fetch -if we reset the timestamp in any integration in xsoar and set the first fetch as 24 hours. Will it fetch only the new incidents or will it fetch incidents from past 24 hours

(note - this is for integrat

...

SMAX Integration Error

Hi Everyone,

We have integrated SMAX as the ticketing solution on XSOAR for one of the clients.

After configuring, it is giving an unexpected error. I don't think its a network issue or issue with the credentials.

Some assistance on the error wou

...

Resolved! McAfee Mvision Integration Missing Image

Hello,

I am attempting to use the integration provided by EDR-Integrations by Martin Ohl.

When performing the test I receive the error "Error response from daemon: pull access denied for mohlcyber/dxl, repository does not exist or may require 'docke

...

Run a command on all tenants from master

hi everyone,

I need some help with microsoft graph integrations with multi tenancy

I configured an instance of Microsoft Graph Mail Single User integration in the master and want to sync to all the tenants. Simply syncing won't work because the i

...

Resolved! XSOAR Mirroring - Move all cases from one tenant to another (with all related information)

Hello,

We're looking to move all our cases from one tenant to another one.

Looking at the XSOAR Mirroring integration to move all cases. We would like to retrieve all content inside every case.

The default settings of the integration (below) doesn't

...

Discussions

Is there automation that delete old incident tikcet?

Resolved! running polling commands from automations

XSOAR getIncidents command

Resolved! Docker Image [exit status 120]

Resolved! XSOAR Delete Messages using Graph API

Resolved! Add a screenshot to indicator layout using rasterize url

How can I surely say that incident is changed from Pending state to Active state during outgoing mirroring?

Blueliv API integration error

Extract Indicator in XSOAR

Issue with certificates - Encountering SSL handshake failure error

Resolved! Incident fetch reset timestamp

SMAX Integration Error

Resolved! McAfee Mvision Integration Missing Image

Run a command on all tenants from master

Resolved! XSOAR Mirroring - Move all cases from one tenant to another (with all related information)

Field Change Script To System Fields

How to Copy Incident Files from Linked Incidents

Can XSOAR disk space vary automatically?

Assign incident to new owner

unable to push the content from dev to prod

XSOAR Feature Request

ServiceNow Developer looking for ideas

Unlock your full community experience!

Resolved! running polling commands from automations

Resolved! Docker Image [exit status 120]

Resolved! XSOAR Delete Messages using Graph API

Resolved! Add a screenshot to indicator layout using rasterize url

Resolved! Incident fetch reset timestamp

Resolved! McAfee Mvision Integration Missing Image

Resolved! XSOAR Mirroring - Move all cases from one tenant to another (with all related information)