This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Block IP using Panorama Integration

Hi, I have integrated Panorama with XSOAR, instance is successfully created. Now I have to block IP using this integration. I want to block ips just using panorama xsoar integration by using Static Address GroupCan anyone please assist how to go forward with this??

Himangi by L2 Linker
  • 2326 Views
  • 1 replies
  • 0 Likes

Resolved! Exclude character while using variable.

incident.labels.source_address_ids:["1.2.3.4'] for above json value when i am parsing/using variable in title field getting error ( i.e. expecting ',' ) is there any way while calling variable we can ignore/exclude characters ( [ and " ) tried multiple option in war room but no luck.

IAwadiya by L1 Bithead
  • 1926 Views
  • 2 replies
  • 0 Likes

Resolved! Setting a pre-processing rule

Hi all, In a list field, I want to go through all indexes one by one and if there is *malware* in all indexes(malware execution, malware alert, malware), I want to drop it. However, I could not edit this in the "Conditions for Incoming Incident" field. For example, how can I do it, considering that we have "tag" field?"tag Contains malware" like...

Attaching a CSV File to the Mail Attachment

I want to attach the CSV file in the Playbook as an attachment to the e-mail and send it. I use Msgraph. If I send it without attachments, the mail is sent. But when I add an attachment, the mail is not sent. I'm using the following command. I tried it in the CLI and Playbook, it didn't work in both. !send-mail subject=TRY body=TRY attach_ids=...

Resolved! delay in a playbook

Hello everyone, What is the best option to add a delay in a playbook, for example I have 2 automated tasks and want task 2 to start after task 1 finishes by 1 hour. I thought of creating a one-line automation that has time.sleep(amount) and adding this automation between the 2 tasks. but not sure how safe is this especially for long times. ...

Close Incidents from Preprocess Rule "Script"

Dears, Hope you are doing well. We need to close the Incidents on xsoar from preprocess script, How can we close it using a script in preprocess rule? I dont need other options like: link and close or drop or close. Because there are some mandatory actions need to be done. the good thing that all what is written in the script is done, except...

How to know if a zip file is encrypted in XSOAR

Hello, We'd like to know if a zip file is encrypted inside a playbook or a automation. The way in which XSOAR works with these files does not allow the use of python libraries. Is there a way through the File context value to know if the file is encrypted?

Josep by L4 Transporter
  • 4328 Views
  • 7 replies
  • 0 Likes

Resolved! Include Linked incidents table in email notification

Dear Community members, hope you are all doing well ! I'm wondering if there is an option to include linked incident table (can be added to the incident layout) in email template. I'm using Mail sender (New) : https://xsoar.pan.dev/docs/reference/integrations/mail-sender-new for sending email and I'm feeding it my custom html template. if...

Could use some help with Azure SSO for community edition Cortex XSOAR

Hello, I have tried many settings and can't seem to quite figure out what text is to be entered into the setup section within Xsoar for the Azure SAML SSO setup. I keep getting this error: " {"id":"errSAMLLogin","status":400,"title":"Failed to login via SAML","detail":"Failed to login via SAML","error":"","encrypted":false,"multires":null} " I ...

DriveYourAceOff_0-1651006685822.png

How to Find and update existing incidents through Integration

Hi, We are providing partner integration for our product and this is the requirement. My product # generates/creates 'Cases' which are pulled inCortex XSOAR as incidents using fetchIncidents call. It might be possible that sometimes a 'Case' in our product gets updated and gets pulled in XSOAR again. The custom attribute used here is caseId ...

sudhesub by L1 Bithead
  • 3987 Views
  • 4 replies
  • 0 Likes

Resolved! Script-based Widget

I want to design a widget. This widget will appear on the dashboard. But I want this widget to work only once a day. How can I do this? Cortex XSOAR

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks