query(group) indicators by domain name

If I have a tenant/account that has incidents.

some of those incidents have indicators / entities tied to abc.com or xyz.com

Is there a way to query for, show me all the incidents that have hostnames or account names that end in abc.com?

Wasn't having l

Move War Room Entries section

Hi all!
I want to move this section to a different tab in the layout. How do I do that?

I've tried using the War Room Entries section to the tab where I wanted it to be, but the filter 'URL Enrichment' is not listed. Any tips?

Thanks!

parse error: " in non-quoted-field on list [phishing-inprocessHashList]

Hi, 

I encountered a parsing error while running the phishing playbook with the previously reported email. sharing the steps and input data for better understanding of this issue.

How do I get network traffic data in XSOAR from the SIEM ingestions?

We have to Generate a report that presents the network traffic data in XSOAR obtained from our SIEM. We would appreciate the guidance on the calculation process and the essential aspects we should include in the report.

Thank you
Cortex XSOAR

getting ERROR while fetching username from the email header

Hi,

I am using this below-attached snapshot configuration to get the username from the email header. while running the playbook , it's capturing the output in the context data but also giving the ERROR:

Execution paused, waiting for manual input 

Cortex XSOAR Deployment

I want to ask for the Cortex XSOAR installation which is a free trial, can it only be installed on premise or can it be done on a cloud basis? because after I requested a free trial for cortex XSOAR they directed it to install on premise

Sleep task bugged when XSOAR is restarted

Hello,

We are using long sleeps in playbooks, when the XSOAR is restarted these sleeps get stucked and never finish. We have to go by one by one finishing the tasks manually. How can this be avoid? 

XSOAR muti-site (DC,DR) design best practice

Dears All,

Kindly we need your support to provide us with best practices for muti-site high availability architecture (DC, DR)

Incident Layout dynamic section as input

Hello!
I would like to ask you how to implement a way to define the input values on the Incident Layout.

For example, I would need it in a case where I have a sub playbook and I want to give a value to one of its mandatory arguments without having to

A doubt with ElasticSearch Integration and EQL searches (es-eql-search)

Hi everyone,

I'm currently working on how to make some EQL queries to my Elastic Instance from Cortex XSOAR. I'm using ElasticSearch integration, specifically the command "es-eql-search" which purposoe, I guess, is to make a EQL query to ElasticSea

AWS Market place Prisma Cloud (PAYG with 15-Day Free Trial)

From the Welcome mail I receive Palo Alto network Support expected is Hub right?