Hi,
Sometime when I'm trying to uploading images in incident warroom, its not coming as link, and not able to view what's in the image. attaching screenshots for reference.
Thanks
Is it possible to disable local user login on tenants in xsoar. We want to allow local user login via main account only.
Hi, I am building the playbook, where I have one task that is searching for incidents using the query as in:
!SearchIncidentsV2 query="type:FireEye NX Alert and fireeyenxalertvictimip:11.11.11.11 or 134.122.90.162"
With a help of community members I wa
Hello, i get some problems during setup my splunk to xsoar:
The problem i get is xsoar take the notable event hash filed like it was a file hash and i didn't want it in my playbook.
Some of you has already face this issue ? do you have resolved it
...
I have been notified by my firewall team that the Cisco Umbrella API is being updated to version 2. I have tried updating the creds that I am using to this new version but with no luck. Has anyone else been having the same issues? The current version
...
Hi all,
I have two custom fields. Initially, these fields were added to the context data even if they are empty. Now, they don't get added at all. This code used to work demisto.incident()['customFields']['fieldhere'] to grab the custom fields, bu
Hi all,
I am creating an incident with script as following:
uri = f'/incident'
body = {
"name": incident_name,
"type": incident_type,
"createInvestigation": True,
#"rawJSON": json.dumps({'hello': 'test'})
}...
Hello,
I would like to use 'jq' Transformer as designed in a custom "Mapper", but it constantly says to me that error message, whatever I am testing :
===> "Result: Failed to execute jq. Error: the JSON object must be str, bytes or bytearray, not dict"
!gcb-list-detections alert_state="ALERTING" page_size="100" detection_for_all_versions="False" list_basis="CREATED_TIME" start_time="2023-07-17T14:52:46.000Z" end_time="2023-07-17T14:57:46.894Z" retry-count="2" retry-interval="30" is returning "Faile
...
I am writing to request support for migrating from the old playbook (Endpoint Malware Investigation - Generic) to the new playbook (Malware Investigation & Response Incident handler) and I have only the Standard Success support.
Additionally, I would
Hi, I am using SearchIncidentsV2 automation to loop through 2 IP addresses previously saved to IP incident key, to see if these IPs are showing in FireEye NX alerts. When I try to loop I receive empty foundIncidents key:
When I hardcode the
...
Hello everyone!
I am currently using the Elasticsearch integrations to retrieve events related to an incident or events for a specific report and generally have no issues with that. However, sometimes some "reports" have queries that retrieve +10k
...
Hi everyone,
This issue started to happen recently, I am not running anything on the main server and I didn't have any issues on that account so far . Syncing all the account however hangs the main server. I am considering either adding more resour
...
Hello wonderful people,
I just upgraded XSOAR from version 6.9 to version 6.11 in a live environment.
The upgrade was successful but "I got failed to migrate podman containers" after the upgrade.
Also after all, whenever I try to pull data from
...
1) Is there a way to delete a batch of indicators with a single command, let's say all IP addresses imported with Feed XXX?
2) When I change Domain indicator expire time (Indicator Type) from 14 days to 1 hour, after expiration time indicators are st
...
