This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

How to Handle High-Volume Email Events in XSOAR Without Overloading the System

Hello guys, I am currently working on Use Case for my organization to handle email threats that bypass our Trend Micro Email Security (TMS) gateway. Context My organization uses Trend Micro Email Security as the email gateway. Some phishing, spam, and malware emails still bypass TMS filtering and reach user inboxes. These emails are logged...

DT Query, special characters in key:value pair

I'm trying to create a "dt" filter for use with the GenericPolling playbook. (https://xsoar.pan.dev/docs/playbooks/generic-polling)The key I need to check for the existence of is MsGraph.Alert.Evidence.[1].@odata\.type (XSOAR automatically adds the "\" before ".type" as the period is part of the key name when copying the context path of the key)...

cmcneil_0-1726072639505.png
cmcneil_1-1726073507105.png
cmcneil by L2 Linker
  • 2215 Views
  • 3 replies
  • 0 Likes

setPlaybook + Post-Processing

Hi everyone, I have a Post-Processing script that uses the setPlaybook command to switch the incident to a playbook called test1. The problem is that when I close the incident, the script doesn’t run just once - it keeps setting the same playbook repeatedly, and as a result the test1 playbook is triggered about 10 times in a row. Here’s my cod...

NivNet by L1 Bithead
  • 809 Views
  • 1 replies
  • 0 Likes

How do we join the Slack DFIR community?

Hi Everyone! I’m hoping you can aim me in the right direction. I’m trying to join the PAN DFIR slack community via this url:https://start.paloaltonetworks.com/join-our-slack-community But the register button doesn’t seem to work for me, despite multiple attempts on multiple browsers and devices on my end. The bottom of the demisto/xsoar co...

J.Pedlow by L1 Bithead
  • 2028 Views
  • 5 replies
  • 0 Likes

an issue with Forcepoint web Security with Cortex XSOAR Integration

Hello Dears, I have an issue with Forcepoint web Security with Cortex XSOAR Integration. kindly find the logs:2024-03-26 10:36:37.6939 error Unable to do Http req to url : https:// :15873/api/web/v1/categories/start [error 'Post "https://10.200.30.242:15873/api/web/v1/categories/start": tls: server selected unsupported protocol...

fp web_Copy.png
ALabeb by L0 Member
  • 3556 Views
  • 5 replies
  • 0 Likes

Resolved! Azure Active Directory users - Incorrect padding

I am trying to connect an Azure AD (EntraID) to Cortex XSOAR so that I can use the user-disable playbooks. However, each time I try to authenticate i get the below error Error in Microsoft authorization: Incorrect padding Please check authentication related parameters. Traceback (most recent call last): File "<MicrosoftApiModule>", line 1...

XSOAR EWS 2022 Integration

As you know, the current EWS integration is limited to Exchange 2019. Could you please confirm if there are any plans to extend support for Exchange 2022? Additionally, are there any recommended workaround solutions for implementing inbox monitoring with Exchange 2022 in the meantime?

[Cortex XSOAR] Integration TIM to SIEM Elastic

Hello Team, I have a case that must integrate indicator from TIM Cortex XSOAR to SIEM 3rd Party like Elastic. Is there any documentation about how to integrate indicator from TIM for Elastic? Because when I search in documentation from Cortex XSOAR there is a playbook to integrate indicator TIM just for SIEM QRadar & Arcsight. Thank you

A.Faruq by L1 Bithead
  • 632 Views
  • 0 replies
  • 0 Likes

Resolved! Still waiting on XSOAR Community Edition + Cortex XDR lab access

Hello everyone, I signed up for the XSOAR Community Edition a few days ago and also showed interest in Cortex XDR for lab use. Haven’t received any emails or access yet — just got the usual “someone will be in touch” message. Is this still a thing for individuals who want to lab and learn? Just trying to get hands-on and mess around with it ...

XSOAR - Execute Commands in Transformer

Hello I was doing a transformer automation and I wanted to execute a command inside it and it works perfectly when I run it on the playground, however when I use it as a transformer it gives me the error Missing invoking entry (7) does anyone know how to execute commands in transformer automations? Is it possible? I'm just trying to execute a co...

Update XSOAR Incident via API - version issues

I am trying to update XSOAR Incidents via API, but am having issues with the Optimistic lock and incident versions etc. I can create incidents via API call and can also get the information from incidents via API. When I create a new incident in our Dev env, the version for the incident is typically showing as "-1" I have some incidents that sho...

kbratt by L1 Bithead
  • 826 Views
  • 0 replies
  • 0 Likes

Looking for 2FA/MFA/OTP Solution to Support Authentication for Cortex XSOAR v8 (On-Prem)

Hi everyone, I'm currently exploring ways to enhance the security of our Cortex XSOAR v8 environment (deployed on-premise) by implementing an OTP / 2FA / MFA authentication mechanism for the login process. Here are the key requirements: The solution must be on-premise, allowing full control over the authentication process. It should ideally ...

Duxgbk by L1 Bithead
  • 416 Views
  • 0 replies
  • 0 Likes

Export Playbook and Import

Hi, Iam trying to figure out how to perform the following: Export a playbook, overwrite some of its tasks (send-mail Exchange) and upload the playbook back to XSOAR. I found in Docu an API for playbook import as yaml but no export API. If Anyone could point me to any direction here, thank you very much! XSOAR Version is 6.12.0

  • 1300 Posts
  • 45 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks