This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! SearchIncidentsV2 not returning results

Hi, I am using SearchIncidentsV2 automation to loop through 2 IP addresses previously saved to IP incident key, to see if these IPs are showing in FireEye NX alerts. When I try to loop I receive empty foundIncidents key: When I hardcode the IP addresses everything works as it should. What I am missing?Cortex XSOAR

MMagdic_0-1689670794647.png
MMagdic by L2 Linker
  • 4081 Views
  • 8 replies
  • 0 Likes

Resolved! Elasticsearch integration events return limit

Hello everyone! I am currently using the Elasticsearch integrations to retrieve events related to an incident or events for a specific report and generally have no issues with that. However, sometimes some "reports" have queries that retrieve +10k events. Looking at the Elasticsearch integration, I can see that the maximum event count limit ...

Is it normal for the main account to hang when syncing 30 tenants at a time

Hi everyone, This issue started to happen recently, I am not running anything on the main server and I didn't have any issues on that account so far . Syncing all the account however hangs the main server. I am considering either adding more resources or syncing only a few tenant at a time to not burden the main account.

Issues after upgrading XSOAR

Hello wonderful people, I just upgraded XSOAR from version 6.9 to version 6.11 in a live environment. The upgrade was successful but "I got failed to migrate podman containers" after the upgrade. Also after all, whenever I try to pull data from my instances, I keep getting the below error: Script failed to run: "docker images demisto/pyt...

Resolved! Delete Indicators Command

1) Is there a way to delete a batch of indicators with a single command, let's say all IP addresses imported with Feed XXX? 2) When I change Domain indicator expire time (Indicator Type) from 14 days to 1 hour, after expiration time indicators are still shown as active?!? Cortex XSOAR

MMagdic by L2 Linker
  • 6515 Views
  • 7 replies
  • 0 Likes

Resolved! I can't close the incident with Pre-processing Script

Hi all, In the incoming incident for CarbonBlack I use some conditions. If it matches these conditions i want to close the incident in CarbonBlack and XSOAR. (I use pre-processing script)If i want to close in CarbonBlack and drop in XSOAR, i use demisto.results("False") but i don't want it. I want to close in both(XSOAR and CarbonBlack). How ...

Cannot start demisto service after changing certificates.

Hello folks, I followed the steps here to change the GUI certs to new self-signed certificates, but the service doesn't come back up. I found below error in server tail. error Could not load scheduled jobs [error 'database not open'] (source: /builds/GOPATH/src/gitlab.xdr.pan.local/xdr/xsoar/server/services/queue.go:1153) warning Failed t...

amados by L0 Member
  • 2816 Views
  • 2 replies
  • 0 Likes

Resolved! Generate Investigation Summary Report

Hi I have used the automation Generate Investigation Summary Report to generate a report of particular incident. But I am not getting full content in the report that is being generated. In war room I can see details but in the generated report information is missing.Like I have added a task to check IP reputation, but in the report nothing is th...

Himangi by L2 Linker
  • 2109 Views
  • 1 replies
  • 0 Likes

What is everyone doing with their TIM license?

Hi everyone, I am running a multi tenant version of XSOAR, this version doesn't come with TIM so I don't have access to full screen view for indicators. So far I have been extracting indicators with an automation and verdicts for those indicators are delivered by a few threat intelligence integrations. Some of the indicators are enriched for d...

Facing service now integration issue across all US tenants.

Hi , need support to get clarification on the below error , we are facing this service now integration issue accross US region almost 5 plus tenants,So need some help to fix this issue as we were unable to create any ticket using snow as we were facing frequent disconnection.We have tried all the possiblities by updating the latest content packs...

Creating an XSOAR Incident from Splunk

Hey team, We tried to push splunk alerts to XSOAR and we used the Splunk create XSOAR incident. Splunk logs show that it was successful, but we do not see any incidents in XSOAR. apparently 06-19-2023 16:33:01.558 +0000 INFO sendmodalert [373426 AlertNotifierWorker-0] - action=create_xsoar_incident - Alert action script completed in durati...

Get the output of demisto.results() inside an automation for "msgraph-download-file"

Hello, We'd like to use the command "msgraph-download-file" insde an automation, then use the FileID to import a csv and finally convert it to pandas. The problem we find is that the output of "msgraph-download-file" is completely different when it's is used inside an automation. How can we get this file inside an automation?

Josep by L4 Transporter
  • 4731 Views
  • 5 replies
  • 0 Likes

XSOAR Pre-process Rule for forwarded Phishing Campaign

I need to drop any email under pre-process rule in XSOAR for any forwarded phishing campaigns. These forwarded emails are being sent by the user to our shared mailbox and will then create an incident in XSOAR which became an added items to our false positive. I am thinking of making a list then getting it on the preprocess rule so if it sustai...

  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks