Create script to close XDR alerts from XSOAR.

Hello,

XSOAR and XDR are used with mirroring, when an incident is closed from XSOAR it's closed in XDR too. However, the alerts in XDR are not. So an script is needed in XSOAR to close those XDR alerts. How is this is script done? where should be set

Long Text Field Error when setting field with setIncident

We publish guides/playbooks on a 3rd party site for our analyst to use when troubleshooting an incident.
that 3rd party site has an api.

I've successfully pulled the guide / page into the warroom and it displays and returns correctly using return_re

XSOAR Cisco Secure Cloud Analytics (stealthwatch) integration

If I configure the integration in SOAR using an API key from Cisco Secure Cloud Analytics, I get an authorization error:

Executed: test-module
Instance Stealthwatch Cloud_instance_1d4e2580e-a33d-4ace-8877-59165345b343
Arguments {}
Start time 2022-07-2

Create dashboard or mail to report updates in own XSOAR content packs.

Hello,

We're having some problems with some content packs compatibility in XSOAR, normally we update all them as soon as possible. However, sometimes they fail, so going back to the last version is needed. We'd like to have some visual information ab

Threat Intelligence - Sitelook Symantec and McAfee

Dears, we want to enrich our indicators from McAfee sitelook and Symantec Sitelook, suppose that we have a scipt that get the results?? how can we create the custom threat intelligence feeds in xsoar ??

wildfire-get-sample (WildFire-v2) Permission Denied

Hello

I'd like to use wildfire-get-sample (WildFire-v2)

In the instances settings there is only one entry: API.

That API I get from https://eu.wildfire.paloaltonetworks.com/wildfire/account

In the instances I do a Test an it returned as "Success"

Not show tasks with errors in the layout when "stop on errors" is set to "no" inside the task.

The incident layout shows the tasks with "Waiting for user"(orange) and "Task with errors"(red). That's important so it can be checked, however some tasks are set with "stop on errors" to "no", because the playbook can be solved without those tasks.

Automation Output In Indicator or Incident Layout

Dear all,

We have an issue about visulazating the outputs of indicator enrichment via using virus total ( vt-passive-dns-data).

To be more specific I am going to share our indicator layout and what we are expecting. As its given in the first scre

Best way to manage a time based IP blocklist in XSOAR

Hi All,

I have been trying to find the best way to manage a list of IP addresses. This is the idea I am trying to achieve.

1) I identify an IP address that is malicious and block it on the PaloAlto firewall in a static object group.

2) I keep tra

Query in Lucene syntax don't get the created data time

Hello, 

I'm trying to use the automation "SearchIncidentsV2" to get the incidents with two conditions: the name and a range of time. 

To achieve this, first I created a simple Query to get only the incidentes with a name.   name: "name of playbook" 

Reload QRadar incident information

Is there a form to reload the QRadar inicial values for the incident in case it didn't extract them?

Once QRadar set his values in incident context there's no way to reload them in case of error.