Cortex XSOAR Discussions

What is everyone doing with their TIM license?

Hi everyone,

I am running a multi tenant version of XSOAR, this version doesn't come with TIM so I don't have access to full screen view for indicators. So far I have been extracting indicators with an automation and verdicts for those indicators a

Facing service now integration issue across all US tenants.

Hi , need support to get clarification on the below error , we are facing this service now integration issue accross US region almost 5 plus tenants,
So need some help to fix this issue as we were unable to create any ticket using snow as we were faci

Creating an XSOAR Incident from Splunk

Hey team,

We tried to push splunk alerts to XSOAR and we used the Splunk create XSOAR incident.

Splunk logs show that it was successful, but we do not see any incidents in XSOAR.

apparently 06-19-2023 16:33:01.558 +0000 INFO sendmodalert [37342

Get the output of demisto.results() inside an automation for "msgraph-download-file"

Hello,

We'd like to use the command "msgraph-download-file" insde an automation, then use the FileID to import a csv and finally convert it to pandas. The problem we find is that the output of "msgraph-download-file" is completely different when it's

XSOAR Pre-process Rule for forwarded Phishing Campaign

I need to drop any email under pre-process rule in XSOAR for any forwarded phishing campaigns. These forwarded emails are being sent by the user to our shared mailbox and will then create an incident in XSOAR which became an added items to our false

SAML connection error with PingID

Been fighting an integration issue for awhile now.  Was hoping someone had seen this error before.

Could not init SAML instance, IDPSSOURL: 'https://pid-dev.domain.com/site/SignOn.saml' is not available.

I was told by the tech who working on Ping

How to set a timeout for a sub playbook task ?

Dear Members , 

Hoe you are all doing well.

What is the best option to set a timeout for a sub playbook task, so if that playbook run exceed x amount of time it continues to the next task in the playbook.

Thanks.

Is there a way to mass rename closed XSOAR cases?

Hi, I know that we can mass rename active cases but what about mass renaming closed cases? I can rename closed cases one at a time manually but it is super tedious to do so as we have thousands of existing cases. Any suggestions? Thanks.

Cortex XSOAR Starter Edition vs Cortex TIM Edition - Funtionality Difference

Hi, 

I am looking for functionality differences between the two licenses of XSOAR i.e. Cortex XSOAR Starter Edition and Cortex TIM Edition.

As per the Admin Guide, it seems the broad differences are in number of Automated Tasks and feeds...but noth

Disable/Enable Integration Instance via API

Can anyone provide an example of the API request they're utilizing to disable or enable an instance for an Integration via the CORE API?

Everything I've tried results in 400 error with this message:
"id": "errOptimisticLock",
"status": 400,
"title": "

Get raw log with IBM Qradar integrations for Corex XSOAR

Hi all, we are bulding a playbook on our XSOAR integration that, after pulling an offense from a QRadar istance, send a mail related to it and enrich the message with some html code and other customizations.

Our SOC asked us to include, in the mail s

Threat intell feed integration with a python script.

I have been facing an issue with my script that downloads feeds from the provided URLs. The script was previously working fine without any changes, but recently I have been unable to download any feeds using the script. The issue has persisted for th

Azure Log Analytics integration suddenly started throwing error Error: Key or Certificate Thumbprint and Private Key must be provided

Suddenly Azure Log Analytics integration in XSOAR started throwing the error for Key or Certificate Thumbprint and Private Key must be provided prior to that it was working fine. Does any facing same issue. How to solve this issue.