Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Error Handling In Playbooks/Integrations

Hi All,

I want to know is there any built in configuration/settings/playbook or any module that helps to handle playbook error(error handling). Error/On Continue Task level error handling is not enough so i want if there is any integration issue or c

...

Syedhkt by L2 Linker
  • 511 Views
  • 1 replies
  • 0 Likes

8.9 On-prem Install Documentation Confusion

Hello, I'm trying to install our extra-small single server on-prem 8.9 XSOAR and ran into some confusion with the documentation. I didn't see a way to report the issue elsewhere so I thought it might be helpful here.
https://docs-cortex.paloaltonetwor

...

sackett by L1 Bithead
  • 383 Views
  • 1 replies
  • 0 Likes

XSOAR - Transform Language

Hello everyone, I would like to ask how to get the user.name value from this context data.
I tried using the syntax ${incident.labels.user.name}, but it didn’t work.

Here's the context structure:

{ incident: { ... labels: { user.name: ...

G.Anshar by L1 Bithead
  • 599 Views
  • 2 replies
  • 0 Likes

Changing Multiple Docker Images at once

Hey,

We are offline users

We updated from 6.12 -> 6.14, Then after the update, the docker images changed, and it's causing a lot of ": Script failed to run: failed to pull docker Image "demisto/python 3:3.11.10.113941"

 

Now, to fix it I need to chan

...

NivNet by L1 Bithead
  • 444 Views
  • 2 replies
  • 0 Likes

Download from War Room

Is there a script or command line call that can be used to download an entry from the War Room?

 

I have a script assigned to a button that generates a report and the report download is then entered into a War Room entry when executed/generated.

 

I

...

BPalmer_0-1746569185023.png

Configure notification email on new incident

Hello,

 

I would like to enable email notifications for every new incident.

I've configured an O365 EWS instance successfully, and set server.notification.using.send-mail to use its instance name.

 

For now, I just want all notifications to be sent t

...

M.Nayet by L0 Member
  • 273 Views
  • 0 replies
  • 0 Likes

How do I send an alert to XSOAR?

I see the classify, map and playbook logic in XSOAR and I see that a playbook can ask/pull/poll for info *from* and external tool, which might be done through an integration.  But is there a way for an external tool to aynchronously *send/push* an *a

...

Obtaining Whois Information for a List of IPs

I'm trying to perform whois queries on an array that contains the list of IPs.

My understanding is that I can pass the array to the Inputs of the "ip (whois)" script.

However, since there are over 1000 IPs, submitting them all at once results in an e

...

R.Henmi by L0 Member
  • 471 Views
  • 1 replies
  • 0 Likes
  • 1247 Posts
  • 43 Subscriptions
Top Solution Authors
Top Liked Authors