This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

XSOAR customer support problems

I have noticed that many of my recent support cases are being lodged into the XSOAR Queue rather than being assigned a support case owner. Is anyone else having this problem and can anyone advise how I get an update for these cases. I have tried call

...

Resolved! Not getting result of splunk query in xsoar

I am trying one splunk query to fetch some result in xsoar using automation splunk-search, but I am not getting any result in xsoar whereas for the same query I am getting result in splunk, can anyone please help, below is the query:

index=cbuae_wind

...

Himangi by L2 Linker
  • 1749 Views
  • 1 replies
  • 0 Likes

Passing a JSON Value to a JSON API Request

Hi All, I have faced one issue while sending a API call to IVANTI. I need to call one value into this request as below

{
"OrgUnitLink": "${org}",
"Symptom": "${body}",
"Subject": "${incident.labels.Email/subject}",
"Source": "Email",
"Status": "Submitted"
...

Json.PNG
Ivanti.PNG

Custom Web server on XSOAR

Hi,

 

I'ld like to run a simple web server on demand, which would listen for POST requests and put the data posted in a file (or context).

So far I achieved similar by modifying community integration XSOAR-Web-Server, which use long lasting instance

...

Antanas by L2 Linker
  • 1563 Views
  • 3 replies
  • 0 Likes

XSOAR Lead Wanted

We are looking for a Cortex XSOAR lead to join our growing team!  What better place to look for the right talent than in the Live Community!!  DM for more information if you have the skillset, are motivated to succeed, and want to join a winning orga

...

Resolved! Yara Rules error

Hi,

 

Trying to use yarascan automation from yara pack on marketplace, always receiving "HasMatch: false"

 

Here it goes the printscreen with the command and the contextdata showing the entryid

 

 

The content has that rule

 

 

Could you help?

 

Re

...

FabioFerreira_0-1679411632399.png
FabioFerreira_1-1679411743582.png

SetGridField

How can I map keys (query, network.cidr, network.country) to a table? I'm trying with below command, is not working for CIDR & Country.

!SetGridField context_path="Whois.IP" grid_id="whoisipinfo" overwrite="true" columns="IP Address,CIDR,Country" key

...

How to realign taskIds number

Hello,

While I'm creating a playbook, the taskids don't follow the proper order due to the changes made.

How can these tasks be realigned to follow an ascending order?

Thanks,

Josep

Josep by L4 Transporter
  • 927 Views
  • 1 replies
  • 0 Likes

Resolved! SAML Role Mapping in XSOAR

Hi,

 

We are using SAML integration for XSOAR user authentication and azure AD as an IDP. I'm bit confused in SAML role mapping in XSOAR. for eg. in Azure AD we have only one group and users are mapped to it. but in XSOAR we want to give analyst perm

...

DP696 by L2 Linker
  • 1676 Views
  • 2 replies
  • 0 Likes

Formatting an Array of Values

Hey Everyone,

 

In the context I have one key that holds multiple email values, I need to use them in my "SendEmailReply" automation. However when I call the key as a variable in To field, it comes as an array not single object. Is there any out of t

...

Resolved! Email Classification with Subject

I'm currently using EWSv2 to listen to emails and have a classifier as well for fixed subjects. Is there a approach that I can use to take a part of an email subject to classify emails?

 

As an example:

Email Subject 1: Incident#1213131 

Email Subjec

...

Resolved! Need a time limit for EmailAskUser task.

When automation EmailAskUser is used, a wait task is placed after it waiting if there's an answer. If there's no answer the automation will stay there forever, a time threshold is needed to continue the automation. How can be this time limit set?

Josep by L4 Transporter
  • 3735 Views
  • 8 replies
  • 0 Likes

Resolved! Add manual input to a query on a button?

Greetings all.
I have this situation I am trying to resolve, but can't find a solution.

I have a dynamic section in a layout, in which I want to add a button. When clicked, this button should run a query, but it should first ask for a user input, which

...

Integrating splunk with XSOAR.

Hi,

 

Can someone help me with the below queries?

We are in process of integrating splunk with XSOAR.
It’s a cloud service and can be accessed via SplunkCloud and SplunkEnterpriseSecuritySuite.

 

It should be integrated via SplunkCloud or SplunkEnterp

...

DP696 by L2 Linker
  • 3577 Views
  • 1 replies
  • 0 Likes
  • 1186 Posts
  • 40 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks