Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

automation script to take password

I'm attempting to write an automation that takes a user password. Then sends an api call containing that password, but when I enable the mandatory sensitive options on the automation script. The API call I wrote no longer runs. Are there any examples of passing a password from the mandatory sensitive box to an automation script?

Sig_9 by L1 Bithead
  • 3403 Views
  • 2 replies
  • 1 Likes

Incident assignment in XSOAR

Hi, Anyone please help me to understand automatic incident assignment by DBot to analyst. what are the steps have to perform?how to define the shift in user roles? Thanks.

DP696 by L2 Linker
  • 2020 Views
  • 2 replies
  • 0 Likes

E-mail preview image

Is there any way to use a task to preview an email (from an msg or eml) and not just see the filtered results? I'm looking for a solution to display an email in xsoar as if I were to open it in outlook. For analysis it would be important to see the email in its entirety. Thanks in advance for your answers.

Multiple sync on the same incident

Dear LIVEcommunity users, Since version 6.0, Cortex XSOAR implements incident mirroring. Do you know if it is possible to enable two (or more) different syncs on the same incident (e.g. 2 Jira integrations, or 1 Jira and 1 ServiceNow) ? If yes : How does XSOAR manage the dedicated fields ("dbotMirror*" and "dbot*DirtyFields") ? When an incomi...

how to re-pull QRadar case

Our client leverages QRadar as their SIEM.will pull in all cases and then have a pre-processing rule that drops any case that does not have "MSSP" in the name.This works 99% of the time, but there are certain times when MSSP cases get dropped and we don't we don't know why yet.Is there a way to "re-pull" Qradar cases from QRadar if the integrati...

JoshBoyd by L2 Linker
  • 1943 Views
  • 2 replies
  • 0 Likes

Inquiry on how Javascript integration works with Cortex XSOAR

Hi Support, We have a special setup on our cortex xsoar which allows podman to use a Proxy A for pulling images from docker repositories (via http_proxy and http_proxy) and a Proxy B for python integration (Via python.extra.keys) to access internet. However with this setup, Javascript integrations are not working as by default it references ...

JoviTan by L0 Member
  • 1820 Views
  • 1 replies
  • 0 Likes

Resolved! Block IP using Panorama Integration

Hi, I have integrated Panorama with XSOAR, instance is successfully created. Now I have to block IP using this integration. I want to block ips just using panorama xsoar integration by using Static Address GroupCan anyone please assist how to go forward with this??

Himangi by L2 Linker
  • 2413 Views
  • 1 replies
  • 0 Likes

Resolved! Exclude character while using variable.

incident.labels.source_address_ids:["1.2.3.4'] for above json value when i am parsing/using variable in title field getting error ( i.e. expecting ',' ) is there any way while calling variable we can ignore/exclude characters ( [ and " ) tried multiple option in war room but no luck.

IAwadiya by L1 Bithead
  • 2004 Views
  • 2 replies
  • 0 Likes

Resolved! Setting a pre-processing rule

Hi all, In a list field, I want to go through all indexes one by one and if there is *malware* in all indexes(malware execution, malware alert, malware), I want to drop it. However, I could not edit this in the "Conditions for Incoming Incident" field. For example, how can I do it, considering that we have "tag" field?"tag Contains malware" like...

Attaching a CSV File to the Mail Attachment

I want to attach the CSV file in the Playbook as an attachment to the e-mail and send it. I use Msgraph. If I send it without attachments, the mail is sent. But when I add an attachment, the mail is not sent. I'm using the following command. I tried it in the CLI and Playbook, it didn't work in both. !send-mail subject=TRY body=TRY attach_ids=...

Resolved! delay in a playbook

Hello everyone, What is the best option to add a delay in a playbook, for example I have 2 automated tasks and want task 2 to start after task 1 finishes by 1 hour. I thought of creating a one-line automation that has time.sleep(amount) and adding this automation between the 2 tasks. but not sure how safe is this especially for long times. ...

Close Incidents from Preprocess Rule "Script"

Dears, Hope you are doing well. We need to close the Incidents on xsoar from preprocess script, How can we close it using a script in preprocess rule? I dont need other options like: link and close or drop or close. Because there are some mandatory actions need to be done. the good thing that all what is written in the script is done, except...

How to know if a zip file is encrypted in XSOAR

Hello, We'd like to know if a zip file is encrypted inside a playbook or a automation. The way in which XSOAR works with these files does not allow the use of python libraries. Is there a way through the File context value to know if the file is encrypted?

Josep by L4 Transporter
  • 4879 Views
  • 7 replies
  • 0 Likes
  • 1305 Posts
  • 45 Subscriptions