This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Delete Indicators Command

1) Is there a way to delete a batch of indicators with a single command, let's say all IP addresses imported with Feed XXX? 2) When I change Domain indicator expire time (Indicator Type) from 14 days to 1 hour, after expiration time indicators are still shown as active?!? Cortex XSOAR

MMagdic by L2 Linker
  • 6282 Views
  • 7 replies
  • 0 Likes

Resolved! I can't close the incident with Pre-processing Script

Hi all, In the incoming incident for CarbonBlack I use some conditions. If it matches these conditions i want to close the incident in CarbonBlack and XSOAR. (I use pre-processing script)If i want to close in CarbonBlack and drop in XSOAR, i use demisto.results("False") but i don't want it. I want to close in both(XSOAR and CarbonBlack). How ...

Cannot start demisto service after changing certificates.

Hello folks, I followed the steps here to change the GUI certs to new self-signed certificates, but the service doesn't come back up. I found below error in server tail. error Could not load scheduled jobs [error 'database not open'] (source: /builds/GOPATH/src/gitlab.xdr.pan.local/xdr/xsoar/server/services/queue.go:1153) warning Failed t...

amados by L0 Member
  • 2727 Views
  • 2 replies
  • 0 Likes

Resolved! Generate Investigation Summary Report

Hi I have used the automation Generate Investigation Summary Report to generate a report of particular incident. But I am not getting full content in the report that is being generated. In war room I can see details but in the generated report information is missing.Like I have added a task to check IP reputation, but in the report nothing is th...

Himangi by L2 Linker
  • 2044 Views
  • 1 replies
  • 0 Likes

What is everyone doing with their TIM license?

Hi everyone, I am running a multi tenant version of XSOAR, this version doesn't come with TIM so I don't have access to full screen view for indicators. So far I have been extracting indicators with an automation and verdicts for those indicators are delivered by a few threat intelligence integrations. Some of the indicators are enriched for d...

Facing service now integration issue across all US tenants.

Hi , need support to get clarification on the below error , we are facing this service now integration issue accross US region almost 5 plus tenants,So need some help to fix this issue as we were unable to create any ticket using snow as we were facing frequent disconnection.We have tried all the possiblities by updating the latest content packs...

Creating an XSOAR Incident from Splunk

Hey team, We tried to push splunk alerts to XSOAR and we used the Splunk create XSOAR incident. Splunk logs show that it was successful, but we do not see any incidents in XSOAR. apparently 06-19-2023 16:33:01.558 +0000 INFO sendmodalert [373426 AlertNotifierWorker-0] - action=create_xsoar_incident - Alert action script completed in durati...

Get the output of demisto.results() inside an automation for "msgraph-download-file"

Hello, We'd like to use the command "msgraph-download-file" insde an automation, then use the FileID to import a csv and finally convert it to pandas. The problem we find is that the output of "msgraph-download-file" is completely different when it's is used inside an automation. How can we get this file inside an automation?

Josep by L4 Transporter
  • 4491 Views
  • 5 replies
  • 0 Likes

XSOAR Pre-process Rule for forwarded Phishing Campaign

I need to drop any email under pre-process rule in XSOAR for any forwarded phishing campaigns. These forwarded emails are being sent by the user to our shared mailbox and will then create an incident in XSOAR which became an added items to our false positive. I am thinking of making a list then getting it on the preprocess rule so if it sustai...

SAML connection error with PingID

Been fighting an integration issue for awhile now. Was hoping someone had seen this error before. Could not init SAML instance, IDPSSOURL: 'https://pid-dev.domain.com/site/SignOn.saml' is not available. I was told by the tech who working on PingID the url is valid.Any thoughts on how to troubleshoot this?

Resolved! XSOAR: MDE malware- Incident Enrichment

I am running error trying to pull the alert_id from a Defender incident under the sub playbook MDE Malware-Incident Enrichment -> Get full alert details using automation: 'microsoft-atp-get-alert-by-id'. Error: Get full alert details: Missing argument alert_ids for script microsoft-atp-get-alert-by-id at Task Get full alert details -...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks