This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Problem retrieving fields from XDR

Hello community, I am having a problem retrieving fields in XSOAR from XDR. I get most of the fields, but there are some that do not reach XSOAR, such as, for example, the "action_evtlog_data_fields" (it is not that they do not appear in the context, it is simply that the incident in XSOAR does not have those fields, as shown in the picture)....

rafaelusano_0-1695313186329.png
rafaelusano_1-1695313371429.png

Resolved! Disable auto assign incidents

Currently, XSOAR is randomly assigning incidents to users. This includes user accounts who will never work incidents. As I understand this is the default built-in process. I looked at the AssignAnalystToIncident script, but really don't know what needs to be updated here. I would like to completely disable the auto assigning of incidents. I...

Send Automated Alert from Cortex Xsoar

HI All, I have created a playbook in Cortex Xsoar to sent automate email when a particular incident came. The issue is when i am getting email it was in the below format:- Hello Team, We have observed an alert , kindly find the alert details below - Event Name - Source IP in Event - Raw Data - Recommendations: Kindly check the business rel...

Krati199 by L0 Member
  • 1217 Views
  • 1 replies
  • 0 Likes

QR code read from an image locally

Hi! I would like to be able to read QR codes locally. The marketplace offering does not suggest a local QR read option. What would it take to develop one, as I can generally see that Python related libraries do exist? Could I request a QR related docker image to be created (currently i do not seem to find one)? Thanks, Antanas

Antanas by L2 Linker
  • 2299 Views
  • 3 replies
  • 0 Likes

Resolved! XSOAR Incident Workflow implementation

hi,is there a possibility in xsoar to prevent an incident from being closed if certain conditions are not met? I would like to implement in incident workflow where one part is executed automatically and the other by the analyst, then if certain fields are not valorised prevent the closure of the incident.Thank you very muchregards

Resolved! Error "Docker timeout" while using datetime library

Hi all, We were experiencing issues with integrations that are making use of the library "datetime" When trying to execute this piece of code:   It returns the following error:   We've tried using different Docker images, creating our own images from scratch and running the code in different hosts but we are getting the same error all ...

MicrosoftTeams-image (3).png
MicrosoftTeams-image (4).png

Resolved! Use DT format inside an automation.

Hello, We are working on an automation which calls many different lists of nested dicts. Example: upField: 0: field1:value1 field2: value2 1: field1:value3 field2: value4 In a playbook it will be easy to call only field1 using this expression: ${upField.field1} . It will create an array with these values: [value1, value3] However, if we want t...

Josep by L4 Transporter
  • 3307 Views
  • 2 replies
  • 0 Likes

Shorten returned values in query

I'm creating a widget so I can have a report run returning certain Managment Audit log information. One of the fields, "Management_Auditing_type" has values that are quite long that I would like to truncate. For example, have "MANAGEMENT_AUDIT_ACTION_CENTER" changed to "Action Center", and "Management_Audit_Policy_Profiles" changed to just "Po...

Onboarding Playbook Questions

Hi, I am needing to build a playbook for onboarding new accounts into Active Directory. I do know they have some Premium Playbooks but I don't have that budget so building our own. How do I take in to account the aspect if the username is already taken and how to adjust for that? Is there a task to create an email account when Hybrid 365 is u...

War Room showing limited outputs

Hello, We are executing a long playbook. This playbook started to work incorrectly. To check what was happening, we looked inside the War Room, but it only showed a limited number of outputs. In order to check more outputs, we had to scroll up inside the War Room, however, it took too long to load just a couple of new outputs. How can we obtain ...

Josep by L4 Transporter
  • 2309 Views
  • 3 replies
  • 0 Likes

ElasticSearch Integration(insert/select/delete)

Hello, I have some questions about ElasticSearch Intergration.This integration imports only events as incidents?If I want to execute (run) insert/select/delete commands in ElasticSearch should I update the integration? Or did you have any other way to do it that could be a better idea? Automate or update the integration duplicated?Thanks

Delete List using automation/command?

Hi All, I wanted to delete a list using a playbook tasks, but I dont find any automation that can achieve it. It only have createList, and remove data from List May I know any workaround for it? Regards,Jia Kai

JOng39 by L1 Bithead
  • 4003 Views
  • 3 replies
  • 0 Likes

Resolved! ParseExcel automation issue

hello,using XSOAR I wanted to parse an excel from an e-mail and insert the information into a table. I created a Grid field by inserting it inside the incident, used ParseExcel inside a playbook setting as "Mapping" inside the automation to identify the output and then inserted it inside the created Grid field as you can see from the image. Unf...

FrancescoBarducci_0-1695725938445.png

Upgrade issue with the description of incident field

Hi community. We have issue with the upgrade scenario of the description (tooltip) of the incident field for the Dataminr Pulse integration for XSOAR. We have updated the description of the incident fields: Dataminr Pulse Post Link and Dataminr Pulse Expand Alert URL. After upgrading pack from 1.0.5 to 1.0.6, we are not able to see the tool...

Resolved! How to access incidents a user is participant of

Roles field is a good way to restrict access to incidents. but in my case I just want to assign a group of people to manage an incident and not restrict the incidents to other people. In order to do that I am adding users to the incident as a team member. Team member is used mainly because it can add team members by tagging '@' Once these use...

  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks