This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Playbooks seems never end

Hello everyone

 

Recently I am developing playbooks for the management of possible security incidents.

 

Something that catches my attention is that, in case of errors throughout the playbook, I have established that the case is closed through the "C

...

War Room Table to Layout view

Hi, I am building the playbook, where I have one task that is searching for incidents using the query as in:
!SearchIncidentsV2 query="type:FireEye NX Alert and fireeyenxalertvictimip:11.11.11.11 or 134.122.90.162"

With a help of community members I wa

...

MMagdic_0-1689838826342.png
MMagdic by L2 Linker
  • 1506 Views
  • 1 replies
  • 0 Likes

splunk notable hash

Hello, i get some problems during setup my splunk to xsoar:

 

The problem i get is xsoar take the notable event hash filed like it was a file hash and i didn't want it in my playbook.

Some of you has already face this issue ? do you have resolved it

...

Resolved! Custom Fields not showing in context data

Hi all,

 

I have two custom fields. Initially, these fields were added to the context data even if they are empty. Now, they don't get added at all. This code used to work demisto.incident()['customFields']['fieldhere'] to grab the custom fields, bu

...

Resolved! Create incident with Script

Hi all,

I am creating an incident with script as following:

uri = f'/incident' body = { "name": incident_name, "type": incident_type, "createInvestigation": True, #"rawJSON": json.dumps({'hello': 'test'}) }...

Resolved! Issue while usin 'JQ' Transformer

Hello,

I would like to use 'jq' Transformer as designed in a custom "Mapper", but it constantly says to me that error message, whatever I am testing :
===> "Result: Failed to execute jq. Error: the JSON object must be str, bytes or bytearray, not dict"

...

Chronicle Errors for a while now -

!gcb-list-detections alert_state="ALERTING" page_size="100" detection_for_all_versions="False" list_basis="CREATED_TIME" start_time="2023-07-17T14:52:46.000Z" end_time="2023-07-17T14:57:46.894Z" retry-count="2" retry-interval="30" is returning "Faile

...

NickyR by L1 Bithead
  • 1244 Views
  • 1 replies
  • 0 Likes

Resolved! SearchIncidentsV2 not returning results

Hi, I am using SearchIncidentsV2 automation to loop through 2 IP addresses previously saved to IP incident key, to see if these IPs are showing in FireEye NX alerts. When I try to loop I receive empty foundIncidents key:  

 

 

 

When I hardcode the

...

MMagdic_0-1689670794647.png
MMagdic by L2 Linker
  • 3217 Views
  • 8 replies
  • 0 Likes
  • 1257 Posts
  • 43 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks