Cortex XSOAR Discussions

Stopping "Docker service is down" notifications

Hi, XSOAR is giving us warnings everyday at 1pm. We are receiving the email below
```
System Diagnostics found 1 issue(s) and 0 warning(s). Issues: Docker service is down Warnings: None Review warnings and issues in the System Diagnostics page. View it

...

Resolved! SLA best practices

Hi,

I want to set sla times per severity type but it seems xsoar bind sla's to incident type, so i think i need to start each sla per severity in playbook by testing severity it is nearly clear for me. But i am confused what type of SLA should i crea

...

Resolved! Different response page server

Hi,

In a multitenant deployment i want to place the response page somewhere else from the "Host-tenant" machine lets say customer environment. And configure "External Host Name" to this new server which is accessible from customer local area.

Reg

...

Resolved! Print Command "The command does not exist or it is disabled"

Hello All, I am having issues with the "Print" command on the XSOAR. I am dealing with the current up to date version (6.5.0) and this is a persistent error that appears every few days. The following error is received and in no way has the command be

...

Playbook construction

I would like to ask the community if perhaps someone has created a playbook that takes in Snort/Suricata alert data. I am looking a creating a automated block process that will compare an IDS alert with a Threat notification from the PAN. If the src_

...

Resolved! javascript return context key from variable

Hi!

I have modified a simple Javascript automation, however i can't seem to put an input value as a context key. In the below sample i declare var Key = args.parent; and in the return statement i try to use this variable as context entry.

In reality,

...

Question from Playbook Optimization webinar: Playbook Mata-Data command

Tried the getInvPlaybookMetaData on a couplf of our incidents "Command: !getInvPlaybookMetaData incidentId="104541" minSize="10" (Builtin) No data returned" Can you advise?

** Note: this is a question from our Customer Success Webinar: Playbook op

...

Question from Playbook Optimization webinar: Load time

Are these load times expected? I've noticed our load times are pretty rough after some recent updates.

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR

Question from Playbook Optimization webinar: Global context

what you did in order to make context globally?

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR

Question from Playbook Optimization webinar: Incident history

How can I configure or create a job that gets rid of incidents that are X days old? For example, I don't need to keep incident history for more than 2 days, I want to save space removing them.

** Note: this is a question from our Customer Success W

...

Question from Playbook Optimization webinar: Sub-Playbook outputs

using outputs of subplaybook requires creating custom fields. Or can this be done differently?

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR

Question from Playbook Optimization webinar: Outputs & Sub-Playbooks

What does happen if are there 2 outputs with the same name in a playbook containing more subplaybooks?

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR

Question from Playbook Optimization webinar: Playbook best practices

any best practices for playbook?

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR

Question from Playbook Optimization webinar: Sub-Playbook context keys

How can you access subplaybook context keys? I does not work sometimes to reach the subplaybook-xxx.

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR

Question from Playbook Optimization webinar: Sub-Playbook quiet mode

Let's say we fix a sub playbook to run in quiet mode cos it's larger than 150KB. Will this affect the main playbook if it is dependent on the subplaybook output. Also will it fix all the older incidents that have already run ?

** Note: this is a qu

...

Discussions

Stopping "Docker service is down" notifications

Resolved! SLA best practices

Resolved! Different response page server

Resolved! Print Command "The command does not exist or it is disabled"

Playbook construction

Resolved! javascript return context key from variable

Question from Playbook Optimization webinar: Playbook Mata-Data command

Question from Playbook Optimization webinar: Load time

Question from Playbook Optimization webinar: Global context

Question from Playbook Optimization webinar: Incident history

Question from Playbook Optimization webinar: Sub-Playbook outputs

Question from Playbook Optimization webinar: Outputs & Sub-Playbooks

Question from Playbook Optimization webinar: Playbook best practices

Question from Playbook Optimization webinar: Sub-Playbook context keys

Question from Playbook Optimization webinar: Sub-Playbook quiet mode

XSAOR with HA using Open search Upgrade

EWS O365 Instance - Not allowed to access Non IPM folder. (85)

Json data in table does not display in PDF reports

Question from Playbook Optimization webinar: Delete context script

Engine For Hosting Web Forms For Data Collection Tasks

Re: XSAOR with HA using Open search Upgrade

Re: Palo Alto Cortex XSOAR - Community Edition

Re: Palo Alto Cortex XSOAR - Community Edition

Re: GoQR.me QR Code Reader misbehaving

Re: EWS O365 Instance - Not allowed to access Non IPM folder. (85)

Unlock your full community experience!

Resolved! SLA best practices

Resolved! Different response page server

Resolved! Print Command "The command does not exist or it is disabled"

Resolved! javascript return context key from variable