Cortex XSOAR Discussions

Cortex XDR Crowdstrike Layouts

Hello, I have just onboarded the crowdstrike integration into Cortex XDR. I am looking to modify the incident layout of the incidents themselves and the option is not available. Instead, inside a Crowdstrike Incident I have to usually go to Crowdstri

...

Resolved! The "Disk Current Usage" widget from "Common Widgets" does not show the real value.

Hello,

The "Disk Current Usage" widget from "Common Widgets" does not show the real value. Is there any workaround to create our own widget to show the disk usage?

Getting error 404 issue does not exist in jira-create-issue

I have created a playbook and added a automation as jira-create-issue but every time I am getting error as 404 issue does not exist.

Please help what am I missing..

Resolved! Can run playbook in incident but not job

Currently creating a job to fetch and create an incident through an integration. The job works fine on the test server but doesn't work on production. Forcing the job to run doesn't output an error or even a record of the job attempting to run. But w

...

Position of pasting a task from another playbook

Hello,

When I'm pasting a task from another playbo0k, the task is pasted in a random place inside the playbook, not close to where I'm working.

Is there a way to choose exactly where to paste the task?

Bucket not found

Our deploymentt is multi-tenant deployment. When i run "!Github-get-file-content" command, i get an error some tenants (Bucket not found) but other tenants it work.

What is cause of this error?

Cortex XSOAR

Resolved! Microsoft 365 defender advance hunting query

Hi,

I'm trying to build an advance hunting query in Microsoft 365 defender integration, but still giving me error.

!microsoft-365-defender-advanced-hunting limit=10 query="""AlertInfo | where alertId = fa85caf1c0-b9b9-bc29-f600-08db44a419b9"""

...

Error creating or updating RTIR ticket

I've been trying the #RTIR integration, to create a new ticket indicating a text content, and the execution seems to work but no ticket is created (without indicating text, it works perfectly

Also try to create an empty ticket, and next update with t

...

Registered for community edition, haven't received download link.

Hello,

I registered for the XSOAR community edition a week ago and got a confirmation email. But haven't got anything else after that. Is there anything I need to do or how long should it take to get the instruction and download link?

Thanks.

Resolved! Problem with Slack Notifications

Email notifications are working fine and I want to see the same notification on Slack too. On mentions in the war room, slack should send a notification to users dm. Even though I have notifications enabled for SlackV3 I am not receiving anything on

...

Resolved! indicator extract data

im working on a project with xsoar indicators, we want to add a extra field to the layout that describes what the analist have to look for when certain indicators are present, now that problem that im running into is im trying to make a dynamic secti

...

Is there automation that delete old incident tikcet?

I have a job run every 5 mins and it will upload a file to AWS, after it runs it would create an incident which I don't want to keep, is there any out of box automation that can delete incident as well as the artifact the job created to save some spa

...

Resolved! running polling commands from automations

opsgenie-get-request is a polling command but when it is being run from an automation it results in an error. From CLI or through playbook tasks, the output returns to the war room once it finishes. That's doesn't seem to be the case in automations.

...

XSOAR getIncidents command

Hi community,

I've been making great use of custom scripts to extract reporting metrics that wouldn't have been possible with the built in widgets. But something I've noticed recently is that querying incidents seems to be causing huge spikes in C

...

Resolved! Docker Image [exit status 120]

I created an 'image' with the 'docker_image_create' command, containing the pymisp and pandas libraries. I'm having a problem now and I can't make sense of it, any ideas?

Error from Scripts is : Script failed to run: Container exit with error. contain

...

Discussions

Cortex XDR Crowdstrike Layouts

Resolved! The "Disk Current Usage" widget from "Common Widgets" does not show the real value.

Getting error 404 issue does not exist in jira-create-issue

Resolved! Can run playbook in incident but not job

Position of pasting a task from another playbook

Bucket not found

Resolved! Microsoft 365 defender advance hunting query

Error creating or updating RTIR ticket

Registered for community edition, haven't received download link.

Resolved! Problem with Slack Notifications

Resolved! indicator extract data

Is there automation that delete old incident tikcet?

Resolved! running polling commands from automations

XSOAR getIncidents command

Resolved! Docker Image [exit status 120]

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

Re: DT Query, special characters in key:value pair

Re: Do we have XQL query builder feature in XSOAR

Re: Couldn't sort by date in bar graph widget in Dashboard

Unlock your full community experience!

Resolved! The "Disk Current Usage" widget from "Common Widgets" does not show the real value.

Resolved! Can run playbook in incident but not job

Resolved! Microsoft 365 defender advance hunting query

Resolved! Problem with Slack Notifications

Resolved! indicator extract data

Resolved! running polling commands from automations

Resolved! Docker Image [exit status 120]