Cortex XSOAR Discussions

Resolved! QRadar integration error: Failed to execute qradar-searches command (EDITED).

Hi all, I have a problem with QRadar integration. Let me summarize my environment and basic configuration.

Cortex XSoar version: 6.10.0
QRadar integration version: IBM QRadar v3
Mapper: QRadar - Generic Incoming Mapper
Incident type: Qradar Generic
Event

...

automation script to take password

I'm attempting to write an automation that takes a user password.

Then sends an api call containing that password, but when I enable the mandatory sensitive options on the automation script. The API call I wrote no longer runs. Are there any example

...

Incident assignment in XSOAR

Hi,

Anyone please help me to understand automatic incident assignment by DBot to analyst. what are the steps have to perform?

how to define the shift in user roles?

Thanks.

E-mail preview image

Is there any way to use a task to preview an email (from an msg or eml) and not just see the filtered results?

I'm looking for a solution to display an email in xsoar as if I were to open it in outlook.

For analysis it would be important to see the e

...

Multiple sync on the same incident

Dear LIVEcommunity users,

Since version 6.0, Cortex XSOAR implements incident mirroring. Do you know if it is possible to enable two (or more) different syncs on the same incident (e.g. 2 Jira integrations, or 1 Jira and 1 ServiceNow) ?

If yes :

Ho

...

how to re-pull QRadar case

Our client leverages QRadar as their SIEM.

will pull in all cases and then have a pre-processing rule that drops any case that does not have "MSSP" in the name.

This works 99% of the time, but there are certain times when MSSP cases get dropped and we

...

Closing an incident on CortexXDR with pre-processing.

Hi all,

I want to mark the Cortex XDR incident coming into XSOAR as TP or FP with preprocessing. Does preprocessing allow this (run a script)? Or does it only do drop processing?

Inquiry on how Javascript integration works with Cortex XSOAR

Hi Support,

We have a special setup on our cortex xsoar which allows podman to use a Proxy A for pulling images from docker repositories (via http_proxy and http_proxy) and a Proxy B for python integration (Via python.extra.keys) to access internet

...

Resolved! Block IP using Panorama Integration

Hi,

I have integrated Panorama with XSOAR, instance is successfully created.

Now I have to block IP using this integration. I want to block ips just using panorama xsoar integration by using Static Address Group
Can anyone please assist how to go forw

...

Resolved! Exclude character while using variable.

incident.labels.source_address_ids:["1.2.3.4']

for above json value when i am parsing/using variable in title field getting error ( i.e. expecting ',' )

is there any way while calling variable we can ignore/exclude characters ( [ and " )

tried

...

Resolved! Setting a pre-processing rule

Hi all,

In a list field, I want to go through all indexes one by one and if there is *malware* in all indexes(malware execution, malware alert, malware), I want to drop it. However, I could not edit this in the "Conditions for Incoming Incident" fiel

...

Attaching a CSV File to the Mail Attachment

I want to attach the CSV file in the Playbook as an attachment to the e-mail and send it. I use Msgraph. If I send it without attachments, the mail is sent. But when I add an attachment, the mail is not sent. I'm using the following command. I tried

...

Close Incident when offense closed via Qradar

Hi ,
Is there any option to automatically close Incident when offense closed via Qradar ?

In the integration setting there is the option - "Close Mirrored XSOAR Incident" but it doesn't for work me.

Resolved! delay in a playbook

Hello everyone,

What is the best option to add a delay in a playbook, for example I have 2 automated tasks and want task 2 to start after task 1 finishes by 1 hour.

I thought of creating a one-line automation that has time.sleep(amount) and addi

...

Close Incidents from Preprocess Rule "Script"

Dears,

Hope you are doing well.

We need to close the Incidents on xsoar from preprocess script, How can we close it using a script in preprocess rule?

I dont need other options like: link and close or drop or close. Because there are some mandato

...

Cortex XSOAR Discussions

Discussions

Resolved! QRadar integration error: Failed to execute qradar-searches command (EDITED).

automation script to take password

Incident assignment in XSOAR

E-mail preview image

Multiple sync on the same incident

how to re-pull QRadar case

Closing an incident on CortexXDR with pre-processing.

Inquiry on how Javascript integration works with Cortex XSOAR

Resolved! Block IP using Panorama Integration

Resolved! Exclude character while using variable.

Resolved! Setting a pre-processing rule

Attaching a CSV File to the Mail Attachment

Close Incident when offense closed via Qradar

Resolved! delay in a playbook

Close Incidents from Preprocess Rule "Script"

A Few Quick Questions About the Community Edition

How to work on File Content collected from Azure blob in Playbook

Powershell Modules in Xsoar Cloud

Azure Active Directory users - Incorrect padding

XSOAR 8 + Export Data to On-premise for Retention Compliance

Re: XSOAR - Transform Language

How can i trigger playbook once Indicator has beed added?

Re: How to work on File Content collected from Azure blob in Playbook

Re: How to work on File Content collected from Azure blob in Playbook

Re: buttons to allow specific continuation of workplan

Unlock your full community experience!

Cortex XSOAR Discussions

Resolved! QRadar integration error: Failed to execute qradar-searches command (EDITED).

Resolved! Block IP using Panorama Integration

Resolved! Exclude character while using variable.

Resolved! Setting a pre-processing rule

Resolved! delay in a playbook