Cortex XSOAR Discussions

Integration issue Mail Listener v2 with O365

Dear All, I would like to seek support if anyone encounter issue Cortex XSOAR "Mail-Listener-v2" with O365? I have do allow permission and try with different IMAP and Port, but the issue still persist. Appreciate, for any advice to resolve this matter. Best Regards, Sopanha

[Proposing Solution] Failure to extract zip file downloaded from ThreatGrid integration command

Cisco Secure Malware Analytics (Threat Grid) v2 is an OOTB integration comes as part of Cisco Secure Malware Analytics content pack to connect with ThreatGrid(TG) platform and achieve various functionalities. Issue background: !threat-grid-sample-list integration command downloads resources for the given sample id from ThreatGrid depending on th...

XSOAR SLA Script

Hi everyone, I have a question regarding SLA tagged scripts on XSOAR. I have a field-change-triggerred script that starts an SLA timer within automation if the field is changed to certain values. This part is okay and we observe that the sla timer starts succesfully. I want to run an SLA script when breach is triggerred for this timer. I have...

Is there Any STIX format for external threat feeds via TAXII Protocol

Hi Palo Alto Community, Is there any documentation or configuration for Palo Alto NGFW that can be integrate with some external threat intelligence feed (via TAXII) to block any IoCs list? I need documentation for direct device, but if you have documentation using TIM in Cortex XSOAR, you can share to me. Now I using TIM in Cortex XSOAR to gat...

XSOAR - Scaling for pop-up windows and drop-down menus

Currently there are several areas of the Cortex XSOAR platform experience where pop-up windows and drop down menus appear in a static size regardless of available screen real estate. Automatic scaling to the existing window size would be fantastic! Barring that a manual option to resize each instance would suffice. Added a screenshot of the ...

SplunkPy w/ES 8 Capability

Those of you that work with a Splunk environment with Enterprise Security, what has been your experience? We were fine until we upgraded to ES 8.x...

SplunkPy Integration

Hi everyone,I get data from splunk with the "search index=notable" query using Splunkpy. I assign the incoming data to the type named Splunk Generic Notable by default. Here, when an incident occurs, there are fields such as event_code, process_name in "labels". But on the mapper page, the label section comes empty. This data appears in _raw (in...

Splunk integration - Mirroring not working

I have a problem with the incoming mirroring, the comments have not been synced back to XSOAR when using Splunk ES8. As a result I upgraded the splunk content pack to 3.3, but now the entire mirroring is broken. No updates are synced back to XSOAR (Version 6.14.0 Build 3036535). I noticed the developer tools are listed as mandatory but they ar...

Ability to paste images in Incident Tasks

As in War Room, it would be very useful to be able to paste an image from the clipboard using Ctrl+V for Add-on type tasks. For example, this could be provided through the add-on pop-up (Screenshot 2) in the Incident Tasks section (Screenshot 1). Cortex XSOAR

Splunk Search Result Issue

Dear All, I have query that return 11587 records, i checked on splunk. I run this query on xsoar but it showed me total record is 11587 but the actual data is 4900 i trying to figure out, i checked event limit size, query setting all fine but still issue. on xsoar side server unable to open file due to too large , any suggestion pls

Couldn't sort by date in bar graph widget in Dashboard

We couldn't sort by date in bar graph widget in custom dashboard. We are in XSOAR 8.7. Please assist.

How to access context data from a send-notifcation command used in ask-by communication channel of data collection?

Hi everyone, We’re working with a custom integration that includes a command called send-notification, designed to request customer confirmation regarding an incident. This command is intended for use within the data collection communication channel ask-by. Currently, we’re encountering a challenge: the send-notification command does not ap...

XSOAR Mark war room entries as note

Hi everyone, I have button in the incident layout and the script it triggers creates a new incident and posts all of the war room entries to the new incident. In the incident, we have some notes that should also be seen as notes in the new incidents but I was not able to tag them succesfully. Read the XSOAR API documentation and I am using "/e...

Is possible to implement Failover Handling Integration (BYOI)

Is possible to implement own BYOI Integration with failover handling between multiple engine without load-balancing group because we concerned about the sequence of "Run on" engines must be run on primary engine first and secondary after primary is failover. we tried to implement python based BYOI with "demisto.executeCommand(..., using=primary)...

Xsoar-web-server to setup a web form submission

I am currently using a setup where a google form is hosted and a google apps script send the data over to XSOAR upon submission on google form.How about the integrated "Xsoar-web-server" Is there a way we could use this to eliminate google form and apps script. Cortex XSOAR

Discussions