This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Playbooks seems never end

Hello everyone Recently I am developing playbooks for the management of possible security incidents. Something that catches my attention is that, in case of errors throughout the playbook, I have established that the case is closed through the "Close Investigation (builtin)" automation. Although on other occasions, the question I want to ask...

War Room Table to Layout view

Hi, I am building the playbook, where I have one task that is searching for incidents using the query as in:!SearchIncidentsV2 query="type:FireEye NX Alert and fireeyenxalertvictimip:11.11.11.11 or 134.122.90.162"With a help of community members I was able to insert the variable IP which contains a list of IP addresses to search for (above these...

MMagdic_0-1689838826342.png
MMagdic by L2 Linker
  • 2103 Views
  • 1 replies
  • 0 Likes

splunk notable hash

Hello, i get some problems during setup my splunk to xsoar: The problem i get is xsoar take the notable event hash filed like it was a file hash and i didn't want it in my playbook. Some of you has already face this issue ? do you have resolved it ? Thanks Cortex XSOAR

Resolved! Custom Fields not showing in context data

Hi all, I have two custom fields. Initially, these fields were added to the context data even if they are empty. Now, they don't get added at all. This code used to work demisto.incident()['customFields']['fieldhere'] to grab the custom fields, but now it returns a KeyError error. Any advice?

Resolved! Create incident with Script

Hi all, I am creating an incident with script as following: uri = f'/incident' body = { "name": incident_name, "type": incident_type, "createInvestigation": True, #"rawJSON": json.dumps({'hello': 'test'}) } return execute_command('demisto-api-post', {'uri': uri, 'body': body}, fail_on_error=False) ...

Resolved! Issue while usin 'JQ' Transformer

Hello,I would like to use 'jq' Transformer as designed in a custom "Mapper", but it constantly says to me that error message, whatever I am testing :===> "Result: Failed to execute jq. Error: the JSON object must be str, bytes or bytearray, not dict"Event though I tried barely everything in order to be able to test it, as you would be able to...

Chronicle Errors for a while now -

!gcb-list-detections alert_state="ALERTING" page_size="100" detection_for_all_versions="False" list_basis="CREATED_TIME" start_time="2023-07-17T14:52:46.000Z" end_time="2023-07-17T14:57:46.894Z" retry-count="2" retry-interval="30" is returning "Failed to execute gcb-list-detections command. Error: list index out of range" for a week now, was wor...

NickyR by L1 Bithead
  • 1452 Views
  • 1 replies
  • 0 Likes

Integration of "Malware Investigation And Response" Playbook

I am writing to request support for migrating from the old playbook (Endpoint Malware Investigation - Generic) to the new playbook (Malware Investigation & Response Incident handler) and I have only the Standard Success support.Additionally, I would like to inquire if it is possible to get support from the live community to assist with the i...

Resolved! SearchIncidentsV2 not returning results

Hi, I am using SearchIncidentsV2 automation to loop through 2 IP addresses previously saved to IP incident key, to see if these IPs are showing in FireEye NX alerts. When I try to loop I receive empty foundIncidents key: When I hardcode the IP addresses everything works as it should. What I am missing?Cortex XSOAR

MMagdic_0-1689670794647.png
MMagdic by L2 Linker
  • 3912 Views
  • 8 replies
  • 0 Likes

Resolved! Elasticsearch integration events return limit

Hello everyone! I am currently using the Elasticsearch integrations to retrieve events related to an incident or events for a specific report and generally have no issues with that. However, sometimes some "reports" have queries that retrieve +10k events. Looking at the Elasticsearch integration, I can see that the maximum event count limit ...

Is it normal for the main account to hang when syncing 30 tenants at a time

Hi everyone, This issue started to happen recently, I am not running anything on the main server and I didn't have any issues on that account so far . Syncing all the account however hangs the main server. I am considering either adding more resources or syncing only a few tenant at a time to not burden the main account.

Issues after upgrading XSOAR

Hello wonderful people, I just upgraded XSOAR from version 6.9 to version 6.11 in a live environment. The upgrade was successful but "I got failed to migrate podman containers" after the upgrade. Also after all, whenever I try to pull data from my instances, I keep getting the below error: Script failed to run: "docker images demisto/pyt...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks