Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

query(group) indicators by domain name

If I have a tenant/account that has incidents.some of those incidents have indicators / entities tied to abc.com or xyz.comIs there a way to query for, show me all the incidents that have hostnames or account names that end in abc.com?Wasn't having luck in xsoar, so i switched over to kibana and our elastic database, but I don't see any of my in...

JoshBoyd by L2 Linker
  • 1372 Views
  • 1 replies
  • 0 Likes

Resolved! Generating reports through automation

Hi everyone, In our environment, we are supposed to generate reports through playbooks since we want to be able to customize the template according to the incident type. Executing the report is simple but downloading is not that simple. I am following the api documentation https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR-API/ here/rep...

Move War Room Entries section

Hi all!I want to move this section to a different tab in the layout. How do I do that? I've tried using the War Room Entries section to the tab where I wanted it to be, but the filter 'URL Enrichment' is not listed. Any tips? Thanks!

Screenshot 2023-08-11 at 12.43.01 PM.png

parse error: " in non-quoted-field on list [phishing-inprocessHashList]

Hi, I encountered a parsing error while running the phishing playbook with the previously reported email. sharing the steps and input data for better understanding of this issue. "Check Mail Hash In Process or Not" Playbook steps: 1. Set HashIncidentCount to -1 2. Format Mail Hash 3. Get InProcess List 4. Get Incident ID 5. Get Incident ...

getting ERROR while fetching username from the email header

Hi, I am using this below-attached snapshot configuration to get the username from the email header. while running the playbook , it's capturing the output in the context data but also giving the ERROR: Execution paused, waiting for manual input #364: Get User DisplayName Missing argument value for script Set at Task Get User DisplayName (#3...

Cortex XSOAR Deployment

I want to ask for the Cortex XSOAR installation which is a free trial, can it only be installed on premise or can it be done on a cloud basis? because after I requested a free trial for cortex XSOAR they directed it to install on premise

Resolved! Playbook Args

Hi all, I want to get an argument from user when playbook running. Actually, the first method I can think of is as below. But can you give a more user-friendly example?  

Ekran görüntüsü 2023-08-10 163821.png

Resolved! XSOAR Shift Management and Incident Assignment

I've read a little about the Shift Management function.Does this allow for intelligence to auto-assign incidents?Example:5 people on shift, based on threshold of SLA, auto-assign incident round robin style to the analyst that are in the queue?Is there anything like that out of the box?

JoshBoyd by L2 Linker
  • 3206 Views
  • 2 replies
  • 0 Likes

Resolved! AWS describe-vpc-endpoints

I am not seeing the AWS command describe-vpc-endpoints in any of the integrations...I just want to confirm I'm not missing it somewhere before I submit a feature request. Thanks.

Incident Layout dynamic section as input

Hello!I would like to ask you how to implement a way to define the input values on the Incident Layout. For example, I would need it in a case where I have a sub playbook and I want to give a value to one of its mandatory arguments without having to navigate to the playbook view (work plan). So the specific question is how to implement task inpu...

szodinn by L0 Member
  • 2087 Views
  • 2 replies
  • 0 Likes

A doubt with ElasticSearch Integration and EQL searches (es-eql-search)

Hi everyone, I'm currently working on how to make some EQL queries to my Elastic Instance from Cortex XSOAR. I'm using ElasticSearch integration, specifically the command "es-eql-search" which purposoe, I guess, is to make a EQL query to ElasticSearch API. However, regarding to the XSOAR documentation related to the Elastic's integrations, I c...

  • 1305 Posts
  • 45 Subscriptions