This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Create widget for bioc and ioc rule numbers

Hello everyone,

 

I am trying to get numbers of bioc and ioc rules from our xdr integration. I want to create a widget to see that how many ioc and bioc rules added week by week. Do anyone have idea for this?

 

Thanks in advance.

 

Cortex XDR Cortex

...

query(group) indicators by domain name

If I have a tenant/account that has incidents.

some of those incidents have indicators / entities tied to abc.com or xyz.com

Is there a way to query for, show me all the incidents that have hostnames or account names that end in abc.com?

Wasn't having l

...

JoshBoyd by L2 Linker
  • 1265 Views
  • 1 replies
  • 0 Likes

Resolved! Generating reports through automation

Hi everyone,

 

In our environment, we are supposed to generate reports through playbooks since we want to be able to customize the template according to the incident type. Executing the report is simple but downloading is not that simple.

 

I am foll

...

Move War Room Entries section

Hi all!
I want to move this section to a different tab in the layout. How do I do that?

I've tried using the War Room Entries section to the tab where I wanted it to be, but the filter 'URL Enrichment' is not listed. Any tips?

 

Thanks!

Screenshot 2023-08-11 at 12.43.01 PM.png

Cortex XSOAR Deployment

I want to ask for the Cortex XSOAR installation which is a free trial, can it only be installed on premise or can it be done on a cloud basis? because after I requested a free trial for cortex XSOAR they directed it to install on premise


Resolved! Playbook Args

Hi all, 

I want to get an argument from user when playbook running. Actually, the first method I can think of is as below. But can you give a more user-friendly example?

Ekran görüntüsü 2023-08-10 163821.png

Resolved! XSOAR Shift Management and Incident Assignment

I've read a little about the Shift Management function.

Does this allow for intelligence to auto-assign incidents?

Example:
5 people on shift, based on threshold of SLA, auto-assign incident round robin style to the analyst that are in the queue?

Is ther

...

JoshBoyd by L2 Linker
  • 2928 Views
  • 2 replies
  • 0 Likes

Resolved! AWS describe-vpc-endpoints

I am not seeing the AWS command describe-vpc-endpoints in any of the integrations...I just want to confirm I'm not missing it somewhere before I submit a feature request.  Thanks.

Incident Layout dynamic section as input

Hello!
I would like to ask you how to implement a way to define the input values on the Incident Layout.

For example, I would need it in a case where I have a sub playbook and I want to give a value to one of its mandatory arguments without having to

...

szodinn by L0 Member
  • 1875 Views
  • 2 replies
  • 0 Likes
  • 1291 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks