Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Is possible to implement Failover Handling Integration (BYOI)

Is possible to implement own BYOI Integration with failover handling between multiple engine without load-balancing group because we concerned about the sequence of "Run on" engines must be run on primary engine first and secondary after primary is failover. we tried to implement python based BYOI with "demisto.executeCommand(..., using=primary)...

B.Kulnin by L0 Member
  • 1776 Views
  • 0 replies
  • 0 Likes

Xsoar-web-server to setup a web form submission

I am currently using a setup where a google form is hosted and a google apps script send the data over to XSOAR upon submission on google form.How about the integrated "Xsoar-web-server" Is there a way we could use this to eliminate google form and apps script. Cortex XSOAR

Retrieve screenshots from Notes section

Hi! We are trying to give more importance to XSOAR within our SOC processes. As part of the changes we are introducing, we want all alert documentation to be done from now on in the 'Notes' section of each XSOAR incident. The issue we are facing is that when we include screenshots as part of the evidence in the Notes, those images do not app...

adocasar by L1 Bithead
  • 1193 Views
  • 2 replies
  • 0 Likes

WHOIS Integration - Connection Refused Errors

Hi All, I am using hois integration to use "domain" command. I sometimes have array of strings for domains and sometimes single string and in most of cases whois return results to me but i got sometimes "Connection Refused" Issue. I already adjusted settigns in integrations , also enabled suppress option and also on task level i adjusted retry m...

Syedhkt by L2 Linker
  • 1530 Views
  • 1 replies
  • 0 Likes

How to Handle High-Volume Email Events in XSOAR Without Overloading the System

Hello guys, I am currently working on Use Case for my organization to handle email threats that bypass our Trend Micro Email Security (TMS) gateway. Context My organization uses Trend Micro Email Security as the email gateway. Some phishing, spam, and malware emails still bypass TMS filtering and reach user inboxes. These emails are logged...

DT Query, special characters in key:value pair

I'm trying to create a "dt" filter for use with the GenericPolling playbook. (https://xsoar.pan.dev/docs/playbooks/generic-polling)The key I need to check for the existence of is MsGraph.Alert.Evidence.[1].@odata\.type (XSOAR automatically adds the "\" before ".type" as the period is part of the key name when copying the context path of the key)...

cmcneil_0-1726072639505.png
cmcneil_1-1726073507105.png
cmcneil by L2 Linker
  • 2390 Views
  • 3 replies
  • 0 Likes

setPlaybook + Post-Processing

Hi everyone, I have a Post-Processing script that uses the setPlaybook command to switch the incident to a playbook called test1. The problem is that when I close the incident, the script doesn’t run just once - it keeps setting the same playbook repeatedly, and as a result the test1 playbook is triggered about 10 times in a row. Here’s my cod...

NivNet by L1 Bithead
  • 888 Views
  • 1 replies
  • 0 Likes

How do we join the Slack DFIR community?

Hi Everyone! I’m hoping you can aim me in the right direction. I’m trying to join the PAN DFIR slack community via this url:https://start.paloaltonetworks.com/join-our-slack-community But the register button doesn’t seem to work for me, despite multiple attempts on multiple browsers and devices on my end. The bottom of the demisto/xsoar co...

J.Pedlow by L1 Bithead
  • 2172 Views
  • 5 replies
  • 0 Likes

an issue with Forcepoint web Security with Cortex XSOAR Integration

Hello Dears, I have an issue with Forcepoint web Security with Cortex XSOAR Integration. kindly find the logs:2024-03-26 10:36:37.6939 error Unable to do Http req to url : https:// :15873/api/web/v1/categories/start [error 'Post "https://10.200.30.242:15873/api/web/v1/categories/start": tls: server selected unsupported protocol...

fp web_Copy.png
ALabeb by L0 Member
  • 3721 Views
  • 5 replies
  • 0 Likes

Resolved! Azure Active Directory users - Incorrect padding

I am trying to connect an Azure AD (EntraID) to Cortex XSOAR so that I can use the user-disable playbooks. However, each time I try to authenticate i get the below error Error in Microsoft authorization: Incorrect padding Please check authentication related parameters. Traceback (most recent call last): File "<MicrosoftApiModule>", line 1...

XSOAR EWS 2022 Integration

As you know, the current EWS integration is limited to Exchange 2019. Could you please confirm if there are any plans to extend support for Exchange 2022? Additionally, are there any recommended workaround solutions for implementing inbox monitoring with Exchange 2022 in the meantime?

[Cortex XSOAR] Integration TIM to SIEM Elastic

Hello Team, I have a case that must integrate indicator from TIM Cortex XSOAR to SIEM 3rd Party like Elastic. Is there any documentation about how to integrate indicator from TIM for Elastic? Because when I search in documentation from Cortex XSOAR there is a playbook to integrate indicator TIM just for SIEM QRadar & Arcsight. Thank you

A.Faruq by L1 Bithead
  • 685 Views
  • 0 replies
  • 0 Likes

Resolved! Still waiting on XSOAR Community Edition + Cortex XDR lab access

Hello everyone, I signed up for the XSOAR Community Edition a few days ago and also showed interest in Cortex XDR for lab use. Haven’t received any emails or access yet — just got the usual “someone will be in touch” message. Is this still a thing for individuals who want to lab and learn? Just trying to get hands-on and mess around with it ...

  • 1304 Posts
  • 45 Subscriptions