Usecase for IP block

Hi Team,

I am new to this Xsoar platform. Trying to create custom playbook, just want help on parsing an email from external source.

Our customer will sent an email with IOC attachment in excel format to our SOC operation team to block the IOC in

XSOAR Exchange Integration Search Limit - It Does Not Return More Than 100 Result

Hello,

I have EWS2 integration on my XSOAR. When I try to delete phishing mail, for try to determine itemIds of mail will be deleted, I use ews-search-mailboxes command with +500 mail addresses. Syntax is correct but it give me only 100 results. I ch

Restrict visibility of specific incident types based on user roles

Hello Everyone,

We're currently focused on improving our access control model to limit the visibility of certain incident types based on user roles. Currently, this is done manually through the system command:

```
/set_incident role = <role name>
```

T

Phishing PlayBook Issue

Hi everyone,

I'm currently developing a phishing playbook that is already available in XSOAR. I'm curious why the IOCs are not being extracted from the email body, while it seems that IOC extraction only occurs from attachments in the .eml or .msg fi

Bot XSOAR in Slack > bad performance

Hi everyone! I have a question about the XSOAR Bot in Slack. If you send anything to the bot, it responds with a message like this:

Multiple XDR integrations in XSOAR

Hi team

Where we have multiple XDR tenants integrated into XSOAR, how can a playbook determine which tenant they are working with? For e.g. by running "!xdr-update-incident", the incident identifier is the XDR incident ID ("incident_id") which the

Filter away weekend cases from XSOAR Dashboard "Duration" / "Number" Widget

Would appreciate some guidance here, thank you in advance!

Running a Task on Multiple Instances of an Integration - Playbook Optimization

Hello,
we are working on a playbook that needs to run a single task on 10 different instances of the same integration. Currently, the only way we know to handle this is by creating a separate sub-playbook for each instance, with the task configured to

xsoar license

I currently have 5 SOAR licenses contracted. However, I have a question: Does the Admin user consume a license? It should be noted that this user has been assigned the administrator role.

Block multiple IP's using panorama

Hi,
I have been looking for a solution to block multiple IP's at the same time using pan-os integration. Is there any way where multiple IP's are given as input to block from firewall.