Cortex XSOAR Discussions

Get raw log with IBM Qradar integrations for Corex XSOAR

Hi all, we are bulding a playbook on our XSOAR integration that, after pulling an offense from a QRadar istance, send a mail related to it and enrich the message with some html code and other customizations.

Our SOC asked us to include, in the mail s

Threat intell feed integration with a python script.

I have been facing an issue with my script that downloads feeds from the provided URLs. The script was previously working fine without any changes, but recently I have been unable to download any feeds using the script. The issue has persisted for th

Azure Log Analytics integration suddenly started throwing error Error: Key or Certificate Thumbprint and Private Key must be provided

Suddenly Azure Log Analytics integration in XSOAR started throwing the error for Key or Certificate Thumbprint and Private Key must be provided prior to that it was working fine. Does any facing same issue. How to solve this issue.   

XSOAR and Ellucian Banner integration

I'm curious if anyone has had any success leveraging XSOAR with Banner to automate onboarding.  

automation script to take password

I'm attempting to write an automation that takes a user password. 

Then sends an api call containing that password, but when I enable the mandatory sensitive options on the automation script. The API call I wrote no longer runs. Are there any example

Incident assignment in XSOAR

Hi,

Anyone please help me to understand automatic incident assignment by DBot to analyst. what are the steps have to perform?

how to define the shift in user roles?

Thanks.

E-mail preview image

Is there any way to use a task to preview an email (from an msg or eml) and not just see the filtered results?

I'm looking for a solution to display an email in xsoar as if I were to open it in outlook.

For analysis it would be important to see the e

Multiple sync on the same incident

Dear LIVEcommunity users,

Since version 6.0, Cortex XSOAR implements incident mirroring. Do you know if it is possible to enable two (or more) different syncs on the same incident (e.g. 2 Jira integrations, or 1 Jira and 1 ServiceNow) ?

If yes :

• Ho

how to re-pull QRadar case

Our client leverages QRadar as their SIEM.

will pull in all cases and then have a pre-processing rule that drops any case that does not have "MSSP" in the name.

This works 99% of the time, but there are certain times when MSSP cases get dropped and we

Closing an incident on CortexXDR with pre-processing.

Hi all,

I want to mark the Cortex XDR incident coming into XSOAR as TP or FP with preprocessing. Does preprocessing allow this (run a script)? Or does it only do drop processing?

Inquiry on how Javascript integration works with Cortex XSOAR

Hi Support,

We have a special setup on our cortex xsoar which allows podman to use a Proxy A for pulling images from docker repositories (via http_proxy and http_proxy) and a Proxy B for python integration (Via python.extra.keys) to access internet