Cortex XSOAR Discussions

How can i change type (shorttext, multiselect) of incident field?

Hi all,

Earlier, I created a field called propagation_x and posted it to the main account. The type of this field is shorttext. I want to change the type of this field to multiselect. In YML file shows multiselect, but XSOAR shows as shorttext. How c

...

XSOAR integration fetching incidents past the set time.

We're only running one instance of the integration and we've set the first fetch timestamp to be 3 days.
When we run the integration, initially it only fetches incidents in the past three days and then after a while it starts fetching incidents as old

...

Resolved! custom automation issue

Hi ,
I created a custom automation that creates a pdf using fpdf.
Is there anyway to upload the file to the war room so it will have an entryID ?

Moving a file

Hello,

Anyone know how I can run an automation in the playground, to save a string of text into a file locally on the system?

Resolved! Jobs never ending - is running forever when Playbook is done...

Hello all

We are using Cortex XSOAR Version Version 6.0.0; Build 79522 and having problems with Jobs.

I've created a Job, which calls a playbook. this playbook is done withing 1 minute - but the Jobs-Status is always on "running".

The playbook has a

...

Xsoar unable to install in Client machine

Dear Team,

We are doing xsoar server installation 6.11 in Linux machine. But while running the package, we are unable to configure. We are getting many errors. Kindly help us on the same.

Thanks & Regards,

Priya M

XSOAR Integration with Cisco IronPort Email API - HTTP/1.0 500 The application raised an exception

Hi, I'm integrating XSOAR with Cisco Ironport, after entering enough information, I get an error like above. Has anyone encountered this case?

Resolved! Playbooks seems never end

Hello everyone

Recently I am developing playbooks for the management of possible security incidents.

Something that catches my attention is that, in case of errors throughout the playbook, I have established that the case is closed through the "C

...

If image is upload in incident warroom, sometimes not able to open it

Hi,

Sometime when I'm trying to uploading images in incident warroom, its not coming as link, and not able to view what's in the image. attaching screenshots for reference.

Thanks

Disable local login for tenant accounts

Is it possible to disable local user login on tenants in xsoar. We want to allow local user login via main account only.

War Room Table to Layout view

Hi, I am building the playbook, where I have one task that is searching for incidents using the query as in:
!SearchIncidentsV2 query="type:FireEye NX Alert and fireeyenxalertvictimip:11.11.11.11 or 134.122.90.162"

With a help of community members I wa

...

splunk notable hash

Hello, i get some problems during setup my splunk to xsoar:

The problem i get is xsoar take the notable event hash filed like it was a file hash and i didn't want it in my playbook.

Some of you has already face this issue ? do you have resolved it

...

Cisco Umbrella Cloud Security integration API update

I have been notified by my firewall team that the Cisco Umbrella API is being updated to version 2. I have tried updating the creds that I am using to this new version but with no luck. Has anyone else been having the same issues? The current version

...

Resolved! Custom Fields not showing in context data

Hi all,

I have two custom fields. Initially, these fields were added to the context data even if they are empty. Now, they don't get added at all. This code used to work demisto.incident()['customFields']['fieldhere'] to grab the custom fields, bu

...

Resolved! Create incident with Script

Hi all,

I am creating an incident with script as following:

    uri = f'/incident'
    body = {
        "name": incident_name,
        "type": incident_type,
        "createInvestigation": True,
        #"rawJSON": json.dumps({'hello': 'test'})
    }

...

Discussions

How can i change type (shorttext, multiselect) of incident field?