This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Retrieve screenshots from Notes section

Hi! We are trying to give more importance to XSOAR within our SOC processes. As part of the changes we are introducing, we want all alert documentation to be done from now on in the 'Notes' section of each XSOAR incident. The issue we are facing is that when we include screenshots as part of the evidence in the Notes, those images do not app...

adocasar by L1 Bithead
  • 1153 Views
  • 2 replies
  • 0 Likes

WHOIS Integration - Connection Refused Errors

Hi All, I am using hois integration to use "domain" command. I sometimes have array of strings for domains and sometimes single string and in most of cases whois return results to me but i got sometimes "Connection Refused" Issue. I already adjusted settigns in integrations , also enabled suppress option and also on task level i adjusted retry m...

Syedhkt by L2 Linker
  • 1462 Views
  • 1 replies
  • 0 Likes

How to Handle High-Volume Email Events in XSOAR Without Overloading the System

Hello guys, I am currently working on Use Case for my organization to handle email threats that bypass our Trend Micro Email Security (TMS) gateway. Context My organization uses Trend Micro Email Security as the email gateway. Some phishing, spam, and malware emails still bypass TMS filtering and reach user inboxes. These emails are logged...

DT Query, special characters in key:value pair

I'm trying to create a "dt" filter for use with the GenericPolling playbook. (https://xsoar.pan.dev/docs/playbooks/generic-polling)The key I need to check for the existence of is MsGraph.Alert.Evidence.[1].@odata\.type (XSOAR automatically adds the "\" before ".type" as the period is part of the key name when copying the context path of the key)...

cmcneil_0-1726072639505.png
cmcneil_1-1726073507105.png
cmcneil by L2 Linker
  • 2325 Views
  • 3 replies
  • 0 Likes

setPlaybook + Post-Processing

Hi everyone, I have a Post-Processing script that uses the setPlaybook command to switch the incident to a playbook called test1. The problem is that when I close the incident, the script doesn’t run just once - it keeps setting the same playbook repeatedly, and as a result the test1 playbook is triggered about 10 times in a row. Here’s my cod...

NivNet by L1 Bithead
  • 853 Views
  • 1 replies
  • 0 Likes

How do we join the Slack DFIR community?

Hi Everyone! I’m hoping you can aim me in the right direction. I’m trying to join the PAN DFIR slack community via this url:https://start.paloaltonetworks.com/join-our-slack-community But the register button doesn’t seem to work for me, despite multiple attempts on multiple browsers and devices on my end. The bottom of the demisto/xsoar co...

J.Pedlow by L1 Bithead
  • 2110 Views
  • 5 replies
  • 0 Likes

an issue with Forcepoint web Security with Cortex XSOAR Integration

Hello Dears, I have an issue with Forcepoint web Security with Cortex XSOAR Integration. kindly find the logs:2024-03-26 10:36:37.6939 error Unable to do Http req to url : https:// :15873/api/web/v1/categories/start [error 'Post "https://10.200.30.242:15873/api/web/v1/categories/start": tls: server selected unsupported protocol...

fp web_Copy.png
ALabeb by L0 Member
  • 3646 Views
  • 5 replies
  • 0 Likes

Resolved! Azure Active Directory users - Incorrect padding

I am trying to connect an Azure AD (EntraID) to Cortex XSOAR so that I can use the user-disable playbooks. However, each time I try to authenticate i get the below error Error in Microsoft authorization: Incorrect padding Please check authentication related parameters. Traceback (most recent call last): File "<MicrosoftApiModule>", line 1...

XSOAR EWS 2022 Integration

As you know, the current EWS integration is limited to Exchange 2019. Could you please confirm if there are any plans to extend support for Exchange 2022? Additionally, are there any recommended workaround solutions for implementing inbox monitoring with Exchange 2022 in the meantime?

[Cortex XSOAR] Integration TIM to SIEM Elastic

Hello Team, I have a case that must integrate indicator from TIM Cortex XSOAR to SIEM 3rd Party like Elastic. Is there any documentation about how to integrate indicator from TIM for Elastic? Because when I search in documentation from Cortex XSOAR there is a playbook to integrate indicator TIM just for SIEM QRadar & Arcsight. Thank you

A.Faruq by L1 Bithead
  • 669 Views
  • 0 replies
  • 0 Likes

Resolved! Still waiting on XSOAR Community Edition + Cortex XDR lab access

Hello everyone, I signed up for the XSOAR Community Edition a few days ago and also showed interest in Cortex XDR for lab use. Haven’t received any emails or access yet — just got the usual “someone will be in touch” message. Is this still a thing for individuals who want to lab and learn? Just trying to get hands-on and mess around with it ...

XSOAR - Execute Commands in Transformer

Hello I was doing a transformer automation and I wanted to execute a command inside it and it works perfectly when I run it on the playground, however when I use it as a transformer it gives me the error Missing invoking entry (7) does anyone know how to execute commands in transformer automations? Is it possible? I'm just trying to execute a co...

Update XSOAR Incident via API - version issues

I am trying to update XSOAR Incidents via API, but am having issues with the Optimistic lock and incident versions etc. I can create incidents via API call and can also get the information from incidents via API. When I create a new incident in our Dev env, the version for the incident is typically showing as "-1" I have some incidents that sho...

kbratt by L1 Bithead
  • 861 Views
  • 0 replies
  • 0 Likes
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks