This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Can run playbook in incident but not job

Currently creating a job to fetch and create an incident through an integration. The job works fine on the test server but doesn't work on production. Forcing the job to run doesn't output an error or even a record of the job attempting to run. But when I run the playbook in an incident, it works as intended.

Bucket not found

Our deploymentt is multi-tenant deployment. When i run "!Github-get-file-content" command, i get an error some tenants (Bucket not found) but other tenants it work. What is cause of this error? Cortex XSOAR

YilmazDincer_0-1683537421281.png

Resolved! Microsoft 365 defender advance hunting query

Hi, I'm trying to build an advance hunting query in Microsoft 365 defender integration, but still giving me error. !microsoft-365-defender-advanced-hunting limit=10 query="""AlertInfo | where alertId = fa85caf1c0-b9b9-bc29-f600-08db44a419b9""" Reason Failed to execute microsoft-365-defender-advanced-hunting command. Error: Error in API cal...

Error creating or updating RTIR ticket

I've been trying the #RTIR integration, to create a new ticket indicating a text content, and the execution seems to work but no ticket is created (without indicating text, it works perfectly Also try to create an empty ticket, and next update with the text, but here an error occurs, trying to apend a string with an byte variable. I found the ...

Pascual by L0 Member
  • 2077 Views
  • 3 replies
  • 0 Likes

Resolved! Problem with Slack Notifications

Email notifications are working fine and I want to see the same notification on Slack too. On mentions in the war room, slack should send a notification to users dm. Even though I have notifications enabled for SlackV3 I am not receiving anything on slack, email is working fine though. Am I doing anything wrong?

EnesOzdemir_1-1683280310326.png
EnesOzdemir_0-1683280130237.png

Resolved! indicator extract data

im working on a project with xsoar indicators, we want to add a extra field to the layout that describes what the analist have to look for when certain indicators are present, now that problem that im running into is im trying to make a dynamic section script to call the extra data from our api but i need the tags we have given the indicator, bu...

rune.man by L0 Member
  • 2570 Views
  • 2 replies
  • 0 Likes

Resolved! running polling commands from automations

opsgenie-get-request is a polling command but when it is being run from an automation it results in an error. From CLI or through playbook tasks, the output returns to the war room once it finishes. That's doesn't seem to be the case in automations. Item not found (8) error is thrown with polling commands (polling: True on .yml file). Looking cl...

XSOAR getIncidents command

Hi community, I've been making great use of custom scripts to extract reporting metrics that wouldn't have been possible with the built in widgets. But something I've noticed recently is that querying incidents seems to be causing huge spikes in CPU and memory usage. Most of my scripts are querying the previous months worth of incidents, whic...

Resolved! Docker Image [exit status 120]

I created an 'image' with the 'docker_image_create' command, containing the pymisp and pandas libraries. I'm having a problem now and I can't make sense of it, any ideas?Error from Scripts is : Script failed to run: Container exit with error. container name: [demistoserver_pyexec-xxxxxxxxxx-uploadmisplatest--xxxxx] error: [exit status 120] (2619...

Resolved! XSOAR Delete Messages using Graph API

I know EWS and O365 are current options for the Delete messages playbook however does anyone know it the Graph API is going to be added as an option? Due to certain restrictions I am being forced down the Graph API route for the preferred integration.

DennisO by L1 Bithead
  • 5728 Views
  • 7 replies
  • 0 Likes

How can I surely say that incident is changed from Pending state to Active state during outgoing mirroring?

When we change the incident from Active state to Close state, we get "closeReason", "closingUserId", and "closeNotes" in the delta of "UpdateRemoteSystemArgs". But when the incident is changed from Pending state to Active state, we do not get anything in delta, and due to which I am not able to determine whether something else has changed or the...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks