This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Add additional fields in Jira edit issue task

Hi All, "Jira-edit-Issue" task has some default Arguments as Inputs (eg: IssueID, priority,status, summary, description etc.,). Now I need to add new field as Inputs to Jira edit issue from XSOAR, fields like resolution, etc. I tried editing the script also.. Can anyone please help me which part of the script needs to be edited. Thanks

Himangi by L2 Linker
  • 2193 Views
  • 2 replies
  • 0 Likes

Resolved! Playbook runs in Playbooks page but not with incident

Hello all, I have a playbook, the one from XSOAr Engineer you tube course actually, video #8, sub-playbooks. This runs flawlessly in the playbook page but when I run it from an incident it ends up trying to reset the password for every AD user even though I specify james.bond as the user. I am not sure of the logic. It doesn't seem to "call" t...

GWynn by L3 Networker
  • 7062 Views
  • 13 replies
  • 0 Likes

Resolved! Grid Field Setup In XSOAR

Dear All I am trying to setup a new Grid Field in XSOAR. I have added few column header with the field names that I require however, in the layout, not all columns are shown. There are certain fields which are missing in the display.

Uploading report via demisto api post request

Hello everyone, I am trying to upload json file to create report. Despite I tried tons of way I couldn't send the body properly. demisto-api-post request need multipart/form-data content type. Is there any way to send raw json properly? Here is my code; content = demisto.args().get('page_content') page_number = demisto.args().get('page_num')...

Paint markdown table cells or rows

Hello, We use markdown tables to show the analysts' incident data. We use them for manual tasks in details as in layouts. We'd like to paint those cells where the data shown is critical. For example, on a markdown table where some hashes are detonated, we'd like to paint the rows or cells where hashes are malicious.

Josep by L4 Transporter
  • 8905 Views
  • 3 replies
  • 0 Likes

XSOAR Threat intel IOC Ingestion to Splunk

Hi, We have created EDL query to ingest IOC to the SPLUNK from XSOAR Threat intel management Platform. We have to know that Refresh List will work and how to get all IOC via EDL query from XSAOR Kindly share any best practice any one implemented in their environment

Resolved! Create widget for bioc and ioc rule numbers

Hello everyone, I am trying to get numbers of bioc and ioc rules from our xdr integration. I want to create a widget to see that how many ioc and bioc rules added week by week. Do anyone have idea for this? Thanks in advance. Cortex XDR Cortex XSOAR

query(group) indicators by domain name

If I have a tenant/account that has incidents.some of those incidents have indicators / entities tied to abc.com or xyz.comIs there a way to query for, show me all the incidents that have hostnames or account names that end in abc.com?Wasn't having luck in xsoar, so i switched over to kibana and our elastic database, but I don't see any of my in...

JoshBoyd by L2 Linker
  • 1319 Views
  • 1 replies
  • 0 Likes

Resolved! Generating reports through automation

Hi everyone, In our environment, we are supposed to generate reports through playbooks since we want to be able to customize the template according to the incident type. Executing the report is simple but downloading is not that simple. I am following the api documentation https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR-API/ here/rep...

Move War Room Entries section

Hi all!I want to move this section to a different tab in the layout. How do I do that? I've tried using the War Room Entries section to the tab where I wanted it to be, but the filter 'URL Enrichment' is not listed. Any tips? Thanks!

Screenshot 2023-08-11 at 12.43.01 PM.png

parse error: " in non-quoted-field on list [phishing-inprocessHashList]

Hi, I encountered a parsing error while running the phishing playbook with the previously reported email. sharing the steps and input data for better understanding of this issue. "Check Mail Hash In Process or Not" Playbook steps: 1. Set HashIncidentCount to -1 2. Format Mail Hash 3. Get InProcess List 4. Get Incident ID 5. Get Incident ...

getting ERROR while fetching username from the email header

Hi, I am using this below-attached snapshot configuration to get the username from the email header. while running the playbook , it's capturing the output in the context data but also giving the ERROR: Execution paused, waiting for manual input #364: Get User DisplayName Missing argument value for script Set at Task Get User DisplayName (#3...

Cortex XSOAR Deployment

I want to ask for the Cortex XSOAR installation which is a free trial, can it only be installed on premise or can it be done on a cloud basis? because after I requested a free trial for cortex XSOAR they directed it to install on premise

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks