Cortex XSOAR Discussions

In the ServiceNow V2 integration, mirrored attachments are not visible on the layout.

I am using the ServiceNow V2 integration. XSOAR fetches the attachments related to an incident from ServiceNow when creating an XSOAR incident. But, when I add another attachment to that ServiceNow incident, the attachment panel does not reflect th

...

XSOAR Search queries

Hello Team,

Trying to remove tags from multiple cases at one go however failed due to incorrect syntax.

!lr-case-tags-remove case_id:"16563,16532,16626" tag_numbers=154
Should it be split into multiple lines to execute? could someone assist me wi

...

Automate download of playbooks backup

Hello,

Is there any way to automate this?

Thank you in advance

Notify user by Microsoft Teams from XSOAR

Hello,

I'd like to send direct messages using Microsoft Teams from XSOAR. No command was found inside Microsoft Teams integration to do it. Do you know how can create this feature?

Resolved! Creation of table from arrays

I am trying to create a table something like this:

I already have arrays (of names in this example) for each situation. So my HasX array would be like ["John", "Roger"] and my 'doesn't have X' array would be ["Steve"], and similar for Y with ["R

...

Resolved! not able to retrieve Extend Context Output

Hi Team,

I'm trying to get the output field which I want in "jira-issue-query" command. But I couldn't be able to get it.

Below are the default outputs for Jira Issue. Now I want only one particular Field as an output.

So I used Extend Context f

...

Cortex XSOAR Multi-Tenant Live Backup License File

Hi,

Does someone know how long the demisto requires to complete the sync license from the primary server to the backup server?

Please note you are posting a public message where community members and experts can provide assistance. Sharing private i...

integration mirroring vs post processing script mirroring

Our current setup mirrors incidents by post processing scripts. Bulk incident close makes too much noise in the system. It creates a container for each incident at the same time. It can overload the system from time to time. How does mirroring in the

...

Preprocess rule - link & run a script in the same rule

Hi,

Is there a way to configure pre-process rule to link and run preprocess script? I have to link incidents with few identical fields and set some fields values using script. I thought to make preprocess script which will do both, but I ran into a

...

How to modify edit fields form applied to multiple incident types for bulk editing

Hi All,

I'm attempting to add a custom field to the edit feature in XSOAR and cannot find any documentation when it comes to having that field show up in the edit form when editing multiple incidents regardless of type. When the edit layout is upda

...

Resolved! How to mirror XSOAR severity incident field with an integrations severity

What is the best path to change XSOARs incident severity to match the severity another tool is pulling in?

Ex. PhishER (KnowBe4) has it's own severity field called "PhishER" Severity, I want XSOAR's severity to mirror the incoming PhisihER severit

...

Resolved! How to add additional Input in "Jira-edit-Issue" task ?

Hi All,

"Jira-edit-Issue" task has some default Arguments as Inputs (eg: IssueID, priority,status, summary, description etc.,). Now I need to add new field as Inputs to edit jira issue from XSOAR.

Can anyone tell how to include/add new inputs i

...

Create a job to check if an instance pull has failed

Hello,

Sometimes on instance fails pulling the data, however the instance has connection. It's just an error feeding the instance.

How can a job be created to check is a pull has failed?

Put alerts of the same type in just a single one daily.

Hello,

I receive many alerts of the same type each day creating an incident for each.

I would like to put together all them in an incident and avoid creating incidents individually. So it will be solved just once.

Docker Hardening

Hello,

I followed this docker hardening documentation to harden the docker containerzied environment for Cortex XSOAR solutin.

I added the first server configuration key as this (docker.run.internal.asuser = true), and reset docker containers th

...

Discussions

In the ServiceNow V2 integration, mirrored attachments are not visible on the layout.

XSOAR Search queries

Automate download of playbooks backup

Notify user by Microsoft Teams from XSOAR

Resolved! Creation of table from arrays

Resolved! not able to retrieve Extend Context Output

Cortex XSOAR Multi-Tenant Live Backup License File

integration mirroring vs post processing script mirroring

Preprocess rule - link & run a script in the same rule

How to modify edit fields form applied to multiple incident types for bulk editing

Resolved! How to mirror XSOAR severity incident field with an integrations severity

Resolved! How to add additional Input in "Jira-edit-Issue" task ?

Create a job to check if an instance pull has failed

Put alerts of the same type in just a single one daily.

Docker Hardening

ML Content Pack Issue - Phishing Email

Expiration time 1725520943000 is invalid; expiration date cannot be in the past.

How to upload CSV string containing \n to XSOAR?

The command does not exist or it is disabled

Discussion: Send email to user with #xsoar link for them to upload files?

Re: Discussion: Send email to user with #xsoar link for them to upload files?

Re: XSOAR to analyze PDF and Office files

Re: Expiration time 1725520943000 is invalid; expiration date cannot be in the past.

Re: The command does not exist or it is disabled

Re: Core REST API query: Want to know how we can restrict specific API endpoint from XSOAR UI

Unlock your full community experience!

Resolved! Creation of table from arrays

Resolved! not able to retrieve Extend Context Output

Resolved! How to mirror XSOAR severity incident field with an integrations severity

Resolved! How to add additional Input in "Jira-edit-Issue" task ?