Dear Members , Hoe you are all doing well. What is the best option to set a timeout for a sub playbook task, so if that playbook run exceed x amount of time it continues to the next task in the playbook. Thanks.
I am running error trying to pull the alert_id from a Defender incident under the sub playbook MDE Malware-Incident Enrichment -> Get full alert details using automation: 'microsoft-atp-get-alert-by-id'. Error: Get full alert details: Missing argument alert_ids for script microsoft-atp-get-alert-by-id at Task Get full alert details -...
Hi, I know that we can mass rename active cases but what about mass renaming closed cases? I can rename closed cases one at a time manually but it is super tedious to do so as we have thousands of existing cases. Any suggestions? Thanks.
Hi, I am looking for functionality differences between the two licenses of XSOAR i.e. Cortex XSOAR Starter Edition and Cortex TIM Edition. As per the Admin Guide, it seems the broad differences are in number of Automated Tasks and feeds...but nothing is specified in terms of functionality like Creation of Playbooks, Triggering of Playbooks vi...
Can anyone provide an example of the API request they're utilizing to disable or enable an instance for an Integration via the CORE API? Everything I've tried results in 400 error with this message:"id": "errOptimisticLock","status": 400,"title": "Optimistic lock error","detail": "Optimistic lock error","error": "DB Version '7' and Insert vers...
Hello, We want to assign Requestor and Requested for the user while opening a ServiceNow Incident through XSOAR, however, while referring to the doc/integration, I didn't find any information on how to achieve that. Cortex XSOAR
Hi all, we are bulding a playbook on our XSOAR integration that, after pulling an offense from a QRadar istance, send a mail related to it and enrich the message with some html code and other customizations. Our SOC asked us to include, in the mail sent by SOAR, the raw log of the event that generate the offese. So for example, if we have a succ...
I have been facing an issue with my script that downloads feeds from the provided URLs. The script was previously working fine without any changes, but recently I have been unable to download any feeds using the script. The issue has persisted for the past four days, and I have tried various troubleshooting steps to resolve it. Proxy Configur...
Suddenly Azure Log Analytics integration in XSOAR started throwing the error for Key or Certificate Thumbprint and Private Key must be provided prior to that it was working fine. Does any facing same issue. How to solve this issue.
I'm curious if anyone has had any success leveraging XSOAR with Banner to automate onboarding.
Hi all, I have a problem with QRadar integration. Let me summarize my environment and basic configuration. Cortex XSoar version: 6.10.0QRadar integration version: IBM QRadar v3Mapper: QRadar - Generic Incoming MapperIncident type: Qradar GenericEvent an fields to return from the events query: QIDNAME(qid), LOGSOURCENAME(logsourceid), CATEGORYNAM...
I'm attempting to write an automation that takes a user password. Then sends an api call containing that password, but when I enable the mandatory sensitive options on the automation script. The API call I wrote no longer runs. Are there any examples of passing a password from the mandatory sensitive box to an automation script?
Hi, Anyone please help me to understand automatic incident assignment by DBot to analyst. what are the steps have to perform?how to define the shift in user roles? Thanks.
Is there any way to use a task to preview an email (from an msg or eml) and not just see the filtered results? I'm looking for a solution to display an email in xsoar as if I were to open it in outlook. For analysis it would be important to see the email in its entirety. Thanks in advance for your answers.
Dear LIVEcommunity users, Since version 6.0, Cortex XSOAR implements incident mirroring. Do you know if it is possible to enable two (or more) different syncs on the same incident (e.g. 2 Jira integrations, or 1 Jira and 1 ServiceNow) ? If yes : How does XSOAR manage the dedicated fields ("dbotMirror*" and "dbot*DirtyFields") ? When an incomi...
