Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Creating an XSOAR Incident from Splunk

Hey team, We tried to push splunk alerts to XSOAR and we used the Splunk create XSOAR incident. Splunk logs show that it was successful, but we do not see any incidents in XSOAR. apparently 06-19-2023 16:33:01.558 +0000 INFO sendmodalert [373426 AlertNotifierWorker-0] - action=create_xsoar_incident - Alert action script completed in durati...

Get the output of demisto.results() inside an automation for "msgraph-download-file"

Hello, We'd like to use the command "msgraph-download-file" insde an automation, then use the FileID to import a csv and finally convert it to pandas. The problem we find is that the output of "msgraph-download-file" is completely different when it's is used inside an automation. How can we get this file inside an automation?

Josep by L4 Transporter
  • 4798 Views
  • 5 replies
  • 0 Likes

XSOAR Pre-process Rule for forwarded Phishing Campaign

I need to drop any email under pre-process rule in XSOAR for any forwarded phishing campaigns. These forwarded emails are being sent by the user to our shared mailbox and will then create an incident in XSOAR which became an added items to our false positive. I am thinking of making a list then getting it on the preprocess rule so if it sustai...

SAML connection error with PingID

Been fighting an integration issue for awhile now. Was hoping someone had seen this error before. Could not init SAML instance, IDPSSOURL: 'https://pid-dev.domain.com/site/SignOn.saml' is not available. I was told by the tech who working on PingID the url is valid.Any thoughts on how to troubleshoot this?

Resolved! XSOAR: MDE malware- Incident Enrichment

I am running error trying to pull the alert_id from a Defender incident under the sub playbook MDE Malware-Incident Enrichment -> Get full alert details using automation: 'microsoft-atp-get-alert-by-id'. Error: Get full alert details: Missing argument alert_ids for script microsoft-atp-get-alert-by-id at Task Get full alert details -...

Cortex XSOAR Starter Edition vs Cortex TIM Edition - Funtionality Difference

Hi, I am looking for functionality differences between the two licenses of XSOAR i.e. Cortex XSOAR Starter Edition and Cortex TIM Edition. As per the Admin Guide, it seems the broad differences are in number of Automated Tasks and feeds...but nothing is specified in terms of functionality like Creation of Playbooks, Triggering of Playbooks vi...

VArora2 by L0 Member
  • 1685 Views
  • 1 replies
  • 0 Likes

Disable/Enable Integration Instance via API

Can anyone provide an example of the API request they're utilizing to disable or enable an instance for an Integration via the CORE API? Everything I've tried results in 400 error with this message:"id": "errOptimisticLock","status": 400,"title": "Optimistic lock error","detail": "Optimistic lock error","error": "DB Version '7' and Insert vers...

mikeahrendt_0-1687536527716.png

Get raw log with IBM Qradar integrations for Corex XSOAR

Hi all, we are bulding a playbook on our XSOAR integration that, after pulling an offense from a QRadar istance, send a mail related to it and enrich the message with some html code and other customizations. Our SOC asked us to include, in the mail sent by SOAR, the raw log of the event that generate the offese. So for example, if we have a succ...

lsepe434 by L0 Member
  • 2157 Views
  • 1 replies
  • 0 Likes

Threat intell feed integration with a python script.

I have been facing an issue with my script that downloads feeds from the provided URLs. The script was previously working fine without any changes, but recently I have been unable to download any feeds using the script. The issue has persisted for the past four days, and I have tried various troubleshooting steps to resolve it. Proxy Configur...

Resolved! QRadar integration error: Failed to execute qradar-searches command (EDITED).

Hi all, I have a problem with QRadar integration. Let me summarize my environment and basic configuration. Cortex XSoar version: 6.10.0QRadar integration version: IBM QRadar v3Mapper: QRadar - Generic Incoming MapperIncident type: Qradar GenericEvent an fields to return from the events query: QIDNAME(qid), LOGSOURCENAME(logsourceid), CATEGORYNAM...

lsepe434 by L0 Member
  • 4540 Views
  • 2 replies
  • 0 Likes
  • 1305 Posts
  • 45 Subscriptions