This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Move War Room Entries section

Hi all!I want to move this section to a different tab in the layout. How do I do that? I've tried using the War Room Entries section to the tab where I wanted it to be, but the filter 'URL Enrichment' is not listed. Any tips? Thanks!

Screenshot 2023-08-11 at 12.43.01 PM.png

parse error: " in non-quoted-field on list [phishing-inprocessHashList]

Hi, I encountered a parsing error while running the phishing playbook with the previously reported email. sharing the steps and input data for better understanding of this issue. "Check Mail Hash In Process or Not" Playbook steps: 1. Set HashIncidentCount to -1 2. Format Mail Hash 3. Get InProcess List 4. Get Incident ID 5. Get Incident ...

getting ERROR while fetching username from the email header

Hi, I am using this below-attached snapshot configuration to get the username from the email header. while running the playbook , it's capturing the output in the context data but also giving the ERROR: Execution paused, waiting for manual input #364: Get User DisplayName Missing argument value for script Set at Task Get User DisplayName (#3...

Cortex XSOAR Deployment

I want to ask for the Cortex XSOAR installation which is a free trial, can it only be installed on premise or can it be done on a cloud basis? because after I requested a free trial for cortex XSOAR they directed it to install on premise

Resolved! Playbook Args

Hi all, I want to get an argument from user when playbook running. Actually, the first method I can think of is as below. But can you give a more user-friendly example?  

Ekran görüntüsü 2023-08-10 163821.png

Resolved! XSOAR Shift Management and Incident Assignment

I've read a little about the Shift Management function.Does this allow for intelligence to auto-assign incidents?Example:5 people on shift, based on threshold of SLA, auto-assign incident round robin style to the analyst that are in the queue?Is there anything like that out of the box?

JoshBoyd by L2 Linker
  • 3184 Views
  • 2 replies
  • 0 Likes

Resolved! AWS describe-vpc-endpoints

I am not seeing the AWS command describe-vpc-endpoints in any of the integrations...I just want to confirm I'm not missing it somewhere before I submit a feature request. Thanks.

Incident Layout dynamic section as input

Hello!I would like to ask you how to implement a way to define the input values on the Incident Layout. For example, I would need it in a case where I have a sub playbook and I want to give a value to one of its mandatory arguments without having to navigate to the playbook view (work plan). So the specific question is how to implement task inpu...

szodinn by L0 Member
  • 2059 Views
  • 2 replies
  • 0 Likes

A doubt with ElasticSearch Integration and EQL searches (es-eql-search)

Hi everyone, I'm currently working on how to make some EQL queries to my Elastic Instance from Cortex XSOAR. I'm using ElasticSearch integration, specifically the command "es-eql-search" which purposoe, I guess, is to make a EQL query to ElasticSearch API. However, regarding to the XSOAR documentation related to the Elastic's integrations, I c...

Resolved! SlackAskV2 automation

Hi all, I'm trying out SlackAskV2 and my message is being sent to the channel successfully. I used 'Yes' and 'No' as options. When I click the 'Yes' or 'No' buttons from the slack channel, nothing is returned to the War Room. Now, where do I find the response so that I can use the 'Yes' or 'No' for the next task?

Mapping fields to XSOAR IOCs

I'd appreicate guidance on how to update IOC fields with information extracted from an excuted playbook task. My use case centers around updating File Hash IOCs to include file signature metadata information to enable easier cleaning up of IOCs associated with known vendors such as Microsoft. Any assistance is appreciated.

jemeche by L0 Member
  • 2019 Views
  • 3 replies
  • 0 Likes
  • 1303 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks