This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Cortex XSOAR Starter Edition vs Cortex TIM Edition - Funtionality Difference

Hi, I am looking for functionality differences between the two licenses of XSOAR i.e. Cortex XSOAR Starter Edition and Cortex TIM Edition. As per the Admin Guide, it seems the broad differences are in number of Automated Tasks and feeds...but nothing is specified in terms of functionality like Creation of Playbooks, Triggering of Playbooks vi...

VArora2 by L0 Member
  • 1624 Views
  • 1 replies
  • 0 Likes

Disable/Enable Integration Instance via API

Can anyone provide an example of the API request they're utilizing to disable or enable an instance for an Integration via the CORE API? Everything I've tried results in 400 error with this message:"id": "errOptimisticLock","status": 400,"title": "Optimistic lock error","detail": "Optimistic lock error","error": "DB Version '7' and Insert vers...

mikeahrendt_0-1687536527716.png

Get raw log with IBM Qradar integrations for Corex XSOAR

Hi all, we are bulding a playbook on our XSOAR integration that, after pulling an offense from a QRadar istance, send a mail related to it and enrich the message with some html code and other customizations. Our SOC asked us to include, in the mail sent by SOAR, the raw log of the event that generate the offese. So for example, if we have a succ...

lsepe434 by L0 Member
  • 2052 Views
  • 1 replies
  • 0 Likes

Threat intell feed integration with a python script.

I have been facing an issue with my script that downloads feeds from the provided URLs. The script was previously working fine without any changes, but recently I have been unable to download any feeds using the script. The issue has persisted for the past four days, and I have tried various troubleshooting steps to resolve it. Proxy Configur...

Resolved! QRadar integration error: Failed to execute qradar-searches command (EDITED).

Hi all, I have a problem with QRadar integration. Let me summarize my environment and basic configuration. Cortex XSoar version: 6.10.0QRadar integration version: IBM QRadar v3Mapper: QRadar - Generic Incoming MapperIncident type: Qradar GenericEvent an fields to return from the events query: QIDNAME(qid), LOGSOURCENAME(logsourceid), CATEGORYNAM...

lsepe434 by L0 Member
  • 4333 Views
  • 2 replies
  • 0 Likes

automation script to take password

I'm attempting to write an automation that takes a user password. Then sends an api call containing that password, but when I enable the mandatory sensitive options on the automation script. The API call I wrote no longer runs. Are there any examples of passing a password from the mandatory sensitive box to an automation script?

Sig_9 by L1 Bithead
  • 3115 Views
  • 2 replies
  • 1 Likes

Incident assignment in XSOAR

Hi, Anyone please help me to understand automatic incident assignment by DBot to analyst. what are the steps have to perform?how to define the shift in user roles? Thanks.

DP696 by L2 Linker
  • 1929 Views
  • 2 replies
  • 0 Likes

E-mail preview image

Is there any way to use a task to preview an email (from an msg or eml) and not just see the filtered results? I'm looking for a solution to display an email in xsoar as if I were to open it in outlook. For analysis it would be important to see the email in its entirety. Thanks in advance for your answers.

Multiple sync on the same incident

Dear LIVEcommunity users, Since version 6.0, Cortex XSOAR implements incident mirroring. Do you know if it is possible to enable two (or more) different syncs on the same incident (e.g. 2 Jira integrations, or 1 Jira and 1 ServiceNow) ? If yes : How does XSOAR manage the dedicated fields ("dbotMirror*" and "dbot*DirtyFields") ? When an incomi...

how to re-pull QRadar case

Our client leverages QRadar as their SIEM.will pull in all cases and then have a pre-processing rule that drops any case that does not have "MSSP" in the name.This works 99% of the time, but there are certain times when MSSP cases get dropped and we don't we don't know why yet.Is there a way to "re-pull" Qradar cases from QRadar if the integrati...

JoshBoyd by L2 Linker
  • 1853 Views
  • 2 replies
  • 0 Likes

Inquiry on how Javascript integration works with Cortex XSOAR

Hi Support, We have a special setup on our cortex xsoar which allows podman to use a Proxy A for pulling images from docker repositories (via http_proxy and http_proxy) and a Proxy B for python integration (Via python.extra.keys) to access internet. However with this setup, Javascript integrations are not working as by default it references ...

JoviTan by L0 Member
  • 1755 Views
  • 1 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks