Question from "A developer's guide to XSOAR 6.2" webinar: Limits for lists
What are the limits for lists, number of lists and size of lists?
Discussions
Resolved! Polling job for search results, not just search completion
I'd like to take the generic polling concept and make it a little more specific, but I'm coming up short. I'm doing a QRadar search (although I suspect Splunk or anything else would be very similar.) The QRadarFullSearch playbook will poll and wait
...SAML configuration error with Azure AD
Hi,
I am getting following error while trying to login to XSOAR through SSO. I have setup the SAML app on XSOAR with all the attributes provided by AD team.
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured f
...Send Email to Spesific Mailbox with Incident Details and Analyst Comments
Hi All,
We wanna send an email notification, and that email content will be incident details and results of the analyst's analysis.
I checked marketplace and GitHub demisto repo but I didn't find development as I mentioned.
Our html email body schema
...Resolved! Is there a built-in command to disable an integration, or turn off "fetches incidents"?
I'm working on a failsafe automation to shut down an integration if it fetches more than a certain threshold of events in a time period. Is it possible to disable an integration, or turn off the "fetches incidents" parameter, with a command? Or throu
...Stopped on waiting
Trying to learn how to use this thing. I've got a very simple playbook set up that uses the Slack integration to send a simple yes/no prompt to a user. Within the Playground, I'm able to successfully send simple messages via slack, so the connectio
...Resolved! create table show incident close reason group by incident type
I am new to XSOAR and I am trying to create table show incident close reason group by incident type looks like below
Ture positiveFalse positiveDuplicateincident type 11211incident type 22433incident type 341622
I cant find any widget can do this so
...Demisto Siem integration
Hi,
I want to add Demsito to our soc and integrate it with Qradar.
i saw that Demisto supports this integration, but i didn't find documentation on such operatation.
Thanks!!
Secrets
How is everyone else doing secrets?
It seems odd to me that everything that might use an API key needs to be an integration instead of an automation.
You can't seem to easily hide plain-text apikeys from an automation at all.
For example:
I have a Conta
...Cherwell Fetch Incident fails
Hello
We use Demisto Version 6.2.0, Build 1271082
If I configure a Cherwell Instance to fetch incident but It fails with the following Error:
Spoiler
...
Error Occurred
Failed to get samples from instance
Error detailsScript failed to run:
Error: [Traceback
Get Qualys credentials in python script
Hi -
The built in Qualys commands from an instance don't quite do what I want to do so I have a python script that uses the api to grab the last report from a map scan, filter it for systems that have specific ports open, and then upload the ip addres
...Resolved! Fetched several incidents without mapping
Hello,
I recently fetched several incidents using an integration without any classification/mapping configured. I have since configured it correctly, is there any way to re-fetch or re-ingest these incidents so they get mapped and processed correctly?
Resolved! XSOAR And Vulnerability Scanner Integration
Hello,
Is there any document or KB available ?? describing steps as to how to Integrate XSOAR with Any Vulnerability Scanners and start fetching information and reports from scanners to XSOAR ??
Thanks
Argha
Cortex XSOAR Context Issue
Hi Everyone,
I have Cortex XSOAR with SplunkPY running and fetching incidents. I am using Splunk classifier and Splunk incoming mapper by default.
Drill down is being enriched successfully and i can see it parsed at both classifier & mapper stages -
...
demisto-py - Specify Playbook
Hello All,
I have a python script using demisto-py that creates tickets based on an input Word document.
However, specifying the playbook isn't working.
When I call demisto_client.demisto_api.CreateIncidentRequest() with the "playbookid" field is p
...
- SanDev on: Netskope API v2 error in XSOAR
- gyldz on: Auto Incidnet closure
-
TomYoung
on:
Issue with talos integration
- BHalifa on: Disable/Enable Integration via API/Playbook/Automation
- Ajay1007 on: Is it possible to convert from Single server to Multi-tenant?
- rtsedaka on: XSOAR Prisma VM Alerts & DLP Playbooks: 3rd party integrations
- MBeauchamp2 on: Getting data from multiple incident contexts?
- RKunhabdulla on: Installation of cortex SOAR offline
- gyldz on: Multiple Instances fetching VS. One instance and then claasify and post a new incident
- MBeauchamp2 on: Why is the severity became "unknown"?
Copyright 2007 - 2023 - Palo Alto Networks