This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

XSOAR - Scaling for pop-up windows and drop-down menus

Currently there are several areas of the Cortex XSOAR platform experience where pop-up windows and drop down menus appear in a static size regardless of available screen real estate. Automatic scaling to the existing window size would be fantastic! Barring that a manual option to resize each instance would suffice. Added a screenshot of the ...

SplunkPy Integration

Hi everyone,I get data from splunk with the "search index=notable" query using Splunkpy. I assign the incoming data to the type named Splunk Generic Notable by default. Here, when an incident occurs, there are fields such as event_code, process_name in "labels". But on the mapper page, the label section comes empty. This data appears in _raw (in...

Splunk integration - Mirroring not working

I have a problem with the incoming mirroring, the comments have not been synced back to XSOAR when using Splunk ES8. As a result I upgraded the splunk content pack to 3.3, but now the entire mirroring is broken. No updates are synced back to XSOAR (Version 6.14.0 Build 3036535). I noticed the developer tools are listed as mandatory but they ar...

Ability to paste images in Incident Tasks

As in War Room, it would be very useful to be able to paste an image from the clipboard using Ctrl+V for Add-on type tasks. For example, this could be provided through the add-on pop-up (Screenshot 2) in the Incident Tasks section (Screenshot 1). Cortex XSOAR

Splunk Search Result Issue

Dear All, I have query that return 11587 records, i checked on splunk. I run this query on xsoar but it showed me total record is 11587 but the actual data is 4900 i trying to figure out, i checked event limit size, query setting all fine but still issue. on xsoar side server unable to open file due to too large , any suggestion pls

How to access context data from a send-notifcation command used in ask-by communication channel of data collection?

Hi everyone, We’re working with a custom integration that includes a command called send-notification, designed to request customer confirmation regarding an incident. This command is intended for use within the data collection communication channel ask-by. Currently, we’re encountering a challenge: the send-notification command does not ap...

XSOAR Mark war room entries as note

Hi everyone, I have button in the incident layout and the script it triggers creates a new incident and posts all of the war room entries to the new incident. In the incident, we have some notes that should also be seen as notes in the new incidents but I was not able to tag them succesfully. Read the XSOAR API documentation and I am using "/e...

Is possible to implement Failover Handling Integration (BYOI)

Is possible to implement own BYOI Integration with failover handling between multiple engine without load-balancing group because we concerned about the sequence of "Run on" engines must be run on primary engine first and secondary after primary is failover. we tried to implement python based BYOI with "demisto.executeCommand(..., using=primary)...

B.Kulnin by L0 Member
  • 1718 Views
  • 0 replies
  • 0 Likes

Xsoar-web-server to setup a web form submission

I am currently using a setup where a google form is hosted and a google apps script send the data over to XSOAR upon submission on google form.How about the integrated "Xsoar-web-server" Is there a way we could use this to eliminate google form and apps script. Cortex XSOAR

Retrieve screenshots from Notes section

Hi! We are trying to give more importance to XSOAR within our SOC processes. As part of the changes we are introducing, we want all alert documentation to be done from now on in the 'Notes' section of each XSOAR incident. The issue we are facing is that when we include screenshots as part of the evidence in the Notes, those images do not app...

adocasar by L1 Bithead
  • 1000 Views
  • 2 replies
  • 0 Likes

WHOIS Integration - Connection Refused Errors

Hi All, I am using hois integration to use "domain" command. I sometimes have array of strings for domains and sometimes single string and in most of cases whois return results to me but i got sometimes "Connection Refused" Issue. I already adjusted settigns in integrations , also enabled suppress option and also on task level i adjusted retry m...

Syedhkt by L2 Linker
  • 1262 Views
  • 1 replies
  • 0 Likes

How to Handle High-Volume Email Events in XSOAR Without Overloading the System

Hello guys, I am currently working on Use Case for my organization to handle email threats that bypass our Trend Micro Email Security (TMS) gateway. Context My organization uses Trend Micro Email Security as the email gateway. Some phishing, spam, and malware emails still bypass TMS filtering and reach user inboxes. These emails are logged...

DT Query, special characters in key:value pair

I'm trying to create a "dt" filter for use with the GenericPolling playbook. (https://xsoar.pan.dev/docs/playbooks/generic-polling)The key I need to check for the existence of is MsGraph.Alert.Evidence.[1].@odata\.type (XSOAR automatically adds the "\" before ".type" as the period is part of the key name when copying the context path of the key)...

cmcneil_0-1726072639505.png
cmcneil_1-1726073507105.png
cmcneil by L2 Linker
  • 2083 Views
  • 3 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks