This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! [Multi-Tenant] System configuration levels

in a multi tenant environment, should I forward all the system configurations to tenants or are some of them meant only for hosts? CSP cases in particular, can be pretty confusing. CSP tells me to put a sys config on the main account and in another comment they say to set the conf on the host as well and in some they recommend forwarding it to t...

Rasterized content on Incident Layout

Hello!I have a question. How can I make it so that I would like to rasterize email/url. The image that appears in the war room (which is the result of running the command) i would like to display on one layout field.I guess I should use dynamic sections but can someone help me how exactly? Thanks in advance.

szodinn by L0 Member
  • 1612 Views
  • 1 replies
  • 0 Likes

Playbook to update IOCs on Microsoft Advanced Threat Protection (APT)

I want to achieve below steps. is there any exiting playbook or have to customized playbook? Step 1: Checking Existing IOCs in Microsoft APT In this first step, we will fetch the list of existing IOCs from Microsoft APT and compare them with the IOCs you wish to add. Step 2: Handling Existing IOCs Upon comparing the fetched list with your desire...

vhebri by L1 Bithead
  • 1720 Views
  • 1 replies
  • 0 Likes

Create Incident layout fields from Context Data

Hello! During incident investigations, it would be useful if certain Context Data fields (if they have a value) are written to the incident layout and you don't have to search for the value in the Context. My question would be, how can I make it so that the contents of the context data fields associated with the incident are written to the incid...

How to read file from the pandas FileExcel?

I need to create some report and I am using pandas module for that but unable to read the file from my local rdp desktop. Note: I am using xsoar from web Interface. I try to use with "\\" to avoid escape sequence mistake. It is unable to read the file even the path is correct. Can anyone help me with that. I just started my xsoar journey. ***...

Resolved! Using SearchIncidentsV2 or GetIncidentsByQuery in automations

Hi, First of all, we are using a lot of automations searching for incidents using queries often with more than 100 results. The scripts line looks like this: res = demisto.executeCommand('SearchIncidentsV2', {'query': query, 'limit': 5000})[0].get('Contents') It seems however the "Content" only contains 100 results even though it shows the rig...

01.jpg
02.jpg
03.jpg
04.jpg
sdes by L0 Member
  • 4162 Views
  • 2 replies
  • 0 Likes

Resolved! No output in action

In the "cybereason-get-sensor-id" task we manage to retrieve the sensor id for a given machine, but only in the result tab. In fact, it looks like the integration doesn't return an output result, so we're not able to use the sensorId as an input further into the playbook. Is there any workaround to retrieve the actual result of this ta...

Aurelien19_0-1690534478128.png
Aurelien19_1-1690534544985.png

Custom Fetch Incidents

Hi, I want to use Exabeam integration in XSOAR but not to fetch incidents (incident responder) as it is currently set in fetch-incidents command, that is in fetch_incidents function. The plan would be to fetch with get-notable-users command, which produces this result (context-data), when using '!exabeam-get-notable-users time_period="1 month" l...

MMagdic by L2 Linker
  • 1730 Views
  • 1 replies
  • 0 Likes

Resolved! Limit of Support Licence

Hello, I am just wondering if we are losing XSOAR Support after installing several custom Docker images which are not in the following list, on our XSOAR* Environment :==> https://hub.docker.com/r/demisto * : OnPremise - BarMetal XSOAR Thanks in advance for your reply and Best Regards,Thomas Nicolas

How to run and or use HelloWorld Integration?

Hello all, Fresh install of XSOAR onto Ubuntu, all went well. I a trying to run the HelloWorld integration but I keep getting the error: Failed to execute test-module command. Error: Verify that the server URL parameter is correct and that you have access to the server from your host. Error Type: <requests.exceptions.ConnectionError> E...

GWynn by L3 Networker
  • 2615 Views
  • 3 replies
  • 0 Likes

Resolved! Custom Data Storage

Hello, Is there a way to store custom Data elsewhere than in incidents ? I suceeded in "Lists" but it appears than maximum list size is 209715 characters ==> https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.9/Cortex-XSOAR-Administrator-Guide/ListsDoes XSoar has a functionnality like Data Tables, or whatever wich could allow us to s...

Resolved! Widget expected data Format

Hello, I was not able to find in XSoar Documentation, the "formats" which are expected for all Widget Types :- Data Table- Graph- Text Input- Select- List- Map- Date Picker- File Picker Do you know them ? Thanks in advance for your reply and best regards,Thomas Nicolas

XSOAR integration fetching incidents past the set time.

We're only running one instance of the integration and we've set the first fetch timestamp to be 3 days.When we run the integration, initially it only fetches incidents in the past three days and then after a while it starts fetching incidents as old as 3 years ago.Has anyone observed this issue and if so, what could be the issue here?

  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks