Hi,
I'm trying to use the condition to check if incident.destinationip is an public IP. But when selecting from context incident.destinationip and then IsRFC1918Address you need to fill in something in the right side. I checked the automation script
...
Relatively new admin to XSOAR; previous admin has left.
Just completed upgrade to latest 6.5 version.
Could anyone help me understand the following:
I have a service account that seems to run xsoar demisto server containers; used ps-ef|grep demisto and
Recently had some performance problems reported from my xsoar users.
Found a tenant crashing. Upon investigating I found the following error in the logs:
App03 host:
error Couldn't calc cores number [error 'open /proc/stat: too many open files']error C
Seeing the following every multiple times a minute in my server.log
Note i replaced the host with <host>
error Some requests to accounts failed for incidents export [error '2 of 18 requests to accounts failed! failing accounts are [acc_Dem01,acc_Demi
...
Dear All ,
FortiSiem integration is failing due to the Auth issues , Your help would be appreciated
I have a field trigger script on dbot status changing; essentially updating a custom field to nothing if the an incident is re-opened.
if field=="dbotStatus" and old=="Closed" and new=="Active" and incidentType=="Azure Sentinel":
demisto.executeComman
Hello,
I am trying to pull a file from the context. I tried pulling the 'EntryId' for the file, but the playbook returned an error saying there was not a file at that file path. Is it possible to pull a file from the context, and if so, how can it be
...
Dear Team ,
We are unable to fetch incidents via web-hook integration , it thrown an error (
{"detail":"Method Not Allowed"} )while testing
your help would be greatly appreciated
We have a MT XSOAR deployment, and I need to move a created account that is on the main host to a different one, when I try to move the account I get the error
"Account acc_XXXX could not be moved to HOST because address phoenix.scilabs.mx: missing p
...
Hello,
I have multiple screenshots from various tasks in the playbook such as Rasterize among others from a Sandbox Integration. I would like to make individual widgets on the Layout that can display these Image Files Separately.
1. Can the images be
...
!py script=`return_results(demisto.executeCommand("azure-sentinel-list-incident-entities", {"incident_id":"xxxxxxx-xxxxxx-xxxxx"}))`
The above works and turns in human readable format; however i want to return the raw json.
This works:
!azure-sentinel-
Hi Everyone,
We try to use twitter api on XSOAR.We created instince and try to test connection and get error:
AttributeError: 'Client' object has no attribute 'say_hello'
Anyone saw this error?
Thanks for helps.
I can close an azure incident in xsoar war-room with the following:
!azure-sentinel-update-incident incident_id="xx-xxxxx-xxxxx" status="Closed" classification="Undetermined"
However when i try to re-open the incident in azure from war-room with the f
...
Dear Team,
Getting an error when Integrate the SMAX with XSOAR.
Failed to execute test-module command. Error: 'latin-1' codec can't encode characters in position 16-247: ordinal not in range(256) (85)
Please help to resolve this Issue.
Hi all,
A customer of ours is trying a curious thing and I am not sure if it is possible in general, so I guessed the best way would be to ask right away. Our customer created a XSOAR list, that contains a html string with context data variables in it
...
TomYoung
on:
Issue with talos integration
