Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Extract data in value

To extract the specified highlighted dictionary value from the context data mentioned below, which script command and transformer should be utilized....?

 [{'type': 'events_fetched', 'value': '1'}, {'type': 'rules', 'value': '[{"id":112363,"name":112

...

Resolved! XSOAR 8 Engine Upgrade Failure

Did anyone recently observed that the engines are failing to connect with a reason saying "update required"? It should be get updated automatically since those are shell based.

 

Cortex XSOAR 

SlackASKV2 Response Stuck

Hi All,

Yesterday I dont know why slackaskv2 suddenly gave me error because of block key format. I fixed it but slack send message to channel using button and when user click on button no response come back. Idk whats wrong with this annoying stuff.

...

TSOARSupport_0-1724385873638.png

MS Graph Teams (Community Edition)

Has anybody used the O365 Teams (Using Graph API) (Community Contribution) integration to send chat messages and was able to successful @ a user?

I'm looking at the https://learn.microsoft.com/en-us/graph/api/chatmessage-post?view=graph-rest-1.0&tabs=

...

Failed to add entries

Team,

While pushing the ioc to arcsight active list using arcsight resource id is not found with status code 404..

And also as I checked the resourceID is similar with xsoar and arcsight...but still issue persits. #arcsight #xsoar #as-qdd-entries

To add the Description while push IOCs to XDR

Hello Team,

 

We need to add the description comment to IOC's while pushing to XDR. Already description was added to Indicators it was visible in Indicators Page. 

 

while pushing the IOC's to XDR the description was not adding to it when seeing in X

...

cV V by L2 Linker
  • 582 Views
  • 5 replies
  • 0 Likes

Usecase for IP block

Hi Team,

 

I am new to this Xsoar platform. Trying to create custom playbook, just want help on parsing an email from external source.

 

Our customer will sent an email with IOC attachment in excel format to our SOC operation team to block the IOC in

...

Phishing PlayBook Issue

Hi everyone,

I'm currently developing a phishing playbook that is already available in XSOAR. I'm curious why the IOCs are not being extracted from the email body, while it seems that IOC extraction only occurs from attachments in the .eml or .msg fi

...

Syedhkt_0-1728275077529.png
Syedhkt by L2 Linker
  • 283 Views
  • 1 replies
  • 0 Likes

Resolved! Using XSOAR API Stoplight

Anyone tried with Stoplight XSOAR 8 API.

I am trying the APIs listed https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/kjn2q21a7yrbm-get-started-with-cortex-xsoar-8-ap-is 

However, I am getting 401 Unauthorized on every call. 

I have tried generat

...

  • 1116 Posts
  • 34 Subscriptions
Top Solution Authors
Top Liked Authors