Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Chronicle Errors for a while now -

!gcb-list-detections alert_state="ALERTING" page_size="100" detection_for_all_versions="False" list_basis="CREATED_TIME" start_time="2023-07-17T14:52:46.000Z" end_time="2023-07-17T14:57:46.894Z" retry-count="2" retry-interval="30" is returning "Failed to execute gcb-list-detections command. Error: list index out of range" for a week now, was wor...

NickyR by L1 Bithead
  • 1507 Views
  • 1 replies
  • 0 Likes

Integration of "Malware Investigation And Response" Playbook

I am writing to request support for migrating from the old playbook (Endpoint Malware Investigation - Generic) to the new playbook (Malware Investigation & Response Incident handler) and I have only the Standard Success support.Additionally, I would like to inquire if it is possible to get support from the live community to assist with the i...

Resolved! SearchIncidentsV2 not returning results

Hi, I am using SearchIncidentsV2 automation to loop through 2 IP addresses previously saved to IP incident key, to see if these IPs are showing in FireEye NX alerts. When I try to loop I receive empty foundIncidents key: When I hardcode the IP addresses everything works as it should. What I am missing?Cortex XSOAR

MMagdic_0-1689670794647.png
MMagdic by L2 Linker
  • 4111 Views
  • 8 replies
  • 0 Likes

Resolved! Elasticsearch integration events return limit

Hello everyone! I am currently using the Elasticsearch integrations to retrieve events related to an incident or events for a specific report and generally have no issues with that. However, sometimes some "reports" have queries that retrieve +10k events. Looking at the Elasticsearch integration, I can see that the maximum event count limit ...

Is it normal for the main account to hang when syncing 30 tenants at a time

Hi everyone, This issue started to happen recently, I am not running anything on the main server and I didn't have any issues on that account so far . Syncing all the account however hangs the main server. I am considering either adding more resources or syncing only a few tenant at a time to not burden the main account.

Issues after upgrading XSOAR

Hello wonderful people, I just upgraded XSOAR from version 6.9 to version 6.11 in a live environment. The upgrade was successful but "I got failed to migrate podman containers" after the upgrade. Also after all, whenever I try to pull data from my instances, I keep getting the below error: Script failed to run: "docker images demisto/pyt...

Resolved! Delete Indicators Command

1) Is there a way to delete a batch of indicators with a single command, let's say all IP addresses imported with Feed XXX? 2) When I change Domain indicator expire time (Indicator Type) from 14 days to 1 hour, after expiration time indicators are still shown as active?!? Cortex XSOAR

MMagdic by L2 Linker
  • 6568 Views
  • 7 replies
  • 0 Likes

Resolved! I can't close the incident with Pre-processing Script

Hi all, In the incoming incident for CarbonBlack I use some conditions. If it matches these conditions i want to close the incident in CarbonBlack and XSOAR. (I use pre-processing script)If i want to close in CarbonBlack and drop in XSOAR, i use demisto.results("False") but i don't want it. I want to close in both(XSOAR and CarbonBlack). How ...

Cannot start demisto service after changing certificates.

Hello folks, I followed the steps here to change the GUI certs to new self-signed certificates, but the service doesn't come back up. I found below error in server tail. error Could not load scheduled jobs [error 'database not open'] (source: /builds/GOPATH/src/gitlab.xdr.pan.local/xdr/xsoar/server/services/queue.go:1153) warning Failed t...

amados by L0 Member
  • 2857 Views
  • 2 replies
  • 0 Likes

Resolved! Generate Investigation Summary Report

Hi I have used the automation Generate Investigation Summary Report to generate a report of particular incident. But I am not getting full content in the report that is being generated. In war room I can see details but in the generated report information is missing.Like I have added a task to check IP reputation, but in the report nothing is th...

Himangi by L2 Linker
  • 2132 Views
  • 1 replies
  • 0 Likes

What is everyone doing with their TIM license?

Hi everyone, I am running a multi tenant version of XSOAR, this version doesn't come with TIM so I don't have access to full screen view for indicators. So far I have been extracting indicators with an automation and verdicts for those indicators are delivered by a few threat intelligence integrations. Some of the indicators are enriched for d...

Facing service now integration issue across all US tenants.

Hi , need support to get clarification on the below error , we are facing this service now integration issue accross US region almost 5 plus tenants,So need some help to fix this issue as we were unable to create any ticket using snow as we were facing frequent disconnection.We have tried all the possiblities by updating the latest content packs...

Creating an XSOAR Incident from Splunk

Hey team, We tried to push splunk alerts to XSOAR and we used the Splunk create XSOAR incident. Splunk logs show that it was successful, but we do not see any incidents in XSOAR. apparently 06-19-2023 16:33:01.558 +0000 INFO sendmodalert [373426 AlertNotifierWorker-0] - action=create_xsoar_incident - Alert action script completed in durati...

  • 1304 Posts
  • 45 Subscriptions