Hi all, I want to get an argument from user when playbook running. Actually, the first method I can think of is as below. But can you give a more user-friendly example?
I've read a little about the Shift Management function.Does this allow for intelligence to auto-assign incidents?Example:5 people on shift, based on threshold of SLA, auto-assign incident round robin style to the analyst that are in the queue?Is there anything like that out of the box?
Hello, We are using long sleeps in playbooks, when the XSOAR is restarted these sleeps get stucked and never finish. We have to go by one by one finishing the tasks manually. How can this be avoid?
Dears All, Kindly we need your support to provide us with best practices for muti-site high availability architecture (DC, DR)
I am not seeing the AWS command describe-vpc-endpoints in any of the integrations...I just want to confirm I'm not missing it somewhere before I submit a feature request. Thanks.
Hello!I would like to ask you how to implement a way to define the input values on the Incident Layout. For example, I would need it in a case where I have a sub playbook and I want to give a value to one of its mandatory arguments without having to navigate to the playbook view (work plan). So the specific question is how to implement task inpu...
Hi everyone, I'm currently working on how to make some EQL queries to my Elastic Instance from Cortex XSOAR. I'm using ElasticSearch integration, specifically the command "es-eql-search" which purposoe, I guess, is to make a EQL query to ElasticSearch API. However, regarding to the XSOAR documentation related to the Elastic's integrations, I c...
From the Welcome mail I receive Palo Alto network Support expected is Hub right?
Hi all, I'm trying out SlackAskV2 and my message is being sent to the channel successfully. I used 'Yes' and 'No' as options. When I click the 'Yes' or 'No' buttons from the slack channel, nothing is returned to the War Room. Now, where do I find the response so that I can use the 'Yes' or 'No' for the next task?
I'd appreicate guidance on how to update IOC fields with information extracted from an excuted playbook task. My use case centers around updating File Hash IOCs to include file signature metadata information to enable easier cleaning up of IOCs associated with known vendors such as Microsoft. Any assistance is appreciated.
Hi Everyone I have multiple simple playbooks tasks taking over a mins to complete, such as closing ticket, condition select etc, We checked the CPU and Memory usage it seems normal, Any suggestion where I can change why ti taking so long? Cheers
in a multi tenant environment, should I forward all the system configurations to tenants or are some of them meant only for hosts? CSP cases in particular, can be pretty confusing. CSP tells me to put a sys config on the main account and in another comment they say to set the conf on the host as well and in some they recommend forwarding it to t...
Hello!I have a question. How can I make it so that I would like to rasterize email/url. The image that appears in the war room (which is the result of running the command) i would like to display on one layout field.I guess I should use dynamic sections but can someone help me how exactly? Thanks in advance.
I want to achieve below steps. is there any exiting playbook or have to customized playbook? Step 1: Checking Existing IOCs in Microsoft APT In this first step, we will fetch the list of existing IOCs from Microsoft APT and compare them with the IOCs you wish to add. Step 2: Handling Existing IOCs Upon comparing the fetched list with your desire...
Hello! During incident investigations, it would be useful if certain Context Data fields (if they have a value) are written to the incident layout and you don't have to search for the value in the Context. My question would be, how can I make it so that the contents of the context data fields associated with the incident are written to the incid...
