Able to get time when a user opens an XSOAR incident for the first time?

Hi, I would like to get this context key/value as I need it to track SLAs. Is there a way to do so, rather than manually configuring a button in my playbook workflow to call the `!GetTime` script? Thank you.

Automation to Print output and set tag in warroom

Trying to create an automation to print output in the warroom, which works. 

print(handover) 

Only thing is how can I give a tag automatically to the output in the warroom. 

I want to give the tag "Handover" to this output for example. 

Does an

What is everyone doing with their TIM license?

Hi everyone,

I am running a multi tenant version of XSOAR, this version doesn't come with TIM so I don't have access to full screen view for indicators. So far I have been extracting indicators with an automation and verdicts for those indicators a

Facing service now integration issue across all US tenants.

Hi , need support to get clarification on the below error , we are facing this service now integration issue accross US region almost 5 plus tenants,
So need some help to fix this issue as we were unable to create any ticket using snow as we were faci

Creating an XSOAR Incident from Splunk

Hey team,

We tried to push splunk alerts to XSOAR and we used the Splunk create XSOAR incident.

Splunk logs show that it was successful, but we do not see any incidents in XSOAR.

apparently 06-19-2023 16:33:01.558 +0000 INFO sendmodalert [37342

Get the output of demisto.results() inside an automation for "msgraph-download-file"

Hello,

We'd like to use the command "msgraph-download-file" insde an automation, then use the FileID to import a csv and finally convert it to pandas. The problem we find is that the output of "msgraph-download-file" is completely different when it's

XSOAR Pre-process Rule for forwarded Phishing Campaign

I need to drop any email under pre-process rule in XSOAR for any forwarded phishing campaigns. These forwarded emails are being sent by the user to our shared mailbox and will then create an incident in XSOAR which became an added items to our false

SAML connection error with PingID

Been fighting an integration issue for awhile now.  Was hoping someone had seen this error before.

Could not init SAML instance, IDPSSOURL: 'https://pid-dev.domain.com/site/SignOn.saml' is not available.

I was told by the tech who working on Ping

How to set a timeout for a sub playbook task ?

Dear Members , 

Hoe you are all doing well.

What is the best option to set a timeout for a sub playbook task, so if that playbook run exceed x amount of time it continues to the next task in the playbook.

Thanks.

Is there a way to mass rename closed XSOAR cases?

Hi, I know that we can mass rename active cases but what about mass renaming closed cases? I can rename closed cases one at a time manually but it is super tedious to do so as we have thousands of existing cases. Any suggestions? Thanks.

Cortex XSOAR Starter Edition vs Cortex TIM Edition - Funtionality Difference

Hi, 

I am looking for functionality differences between the two licenses of XSOAR i.e. Cortex XSOAR Starter Edition and Cortex TIM Edition.

As per the Admin Guide, it seems the broad differences are in number of Automated Tasks and feeds...but noth

Disable/Enable Integration Instance via API

Can anyone provide an example of the API request they're utilizing to disable or enable an instance for an Integration via the CORE API?

Everything I've tried results in 400 error with this message:
"id": "errOptimisticLock",
"status": 400,
"title": "