Cortex XSOAR Discussions

A question from the Malware Pack v2 webinar: EDR alerts

How would you handle an EDR alert that involves more than one file? How does this playbook present this to the user?

Note: This question was asked as part of Cortex XSOAR Customer Success Webinar: Malware Investigation & Response V2

A question from the Malware Pack v2 webinar: Misclassification rate

How do you address the extremely high misclassification rate of both file detonation (any semi-sophisticated malware won't divulge any information in a sandbox) as well as the high misclassification by Virustotal (both FP and TP)?

Note: This questi

...

Resolved! Make a section in layout a static list?

Hi all!

I've been looking at trying to make a section in a layout a static list, but could not find any easy ways to do it.

Essentially what I am looking for is:

I have a layout, in which I have a section called X. Now what I want is that every time an

...

Resolved! XSOAR NSlookup and ThreatVault info

Hi everybody,

is there a way how to get following information in XSOAR?

- NSLOOKUP - I have an IP address and need to get name from internal DNS server

- Threat Vault info - I have an information from the firewall (threat name and threat ID) and

...

Resolved! integration indicator pull limits?

Hi there,

I've just started testing threat feed integration in XSOAR.

For some reason, the integration instance was only downloading 100 indicators on each pull whereas the source has thousands.

Is it because my AWS instance doesn't have a license?

...

Resolved! "Enable pagination" for table widgets on dashboards

Ticking the box in the widget 'Operations' tab and selecting how many rows to show per page doesn't appear to do anything. The table always says "Showing Total 279 results sorted by: Id" and there are no page navigation buttons anywhere. Has anyone

...

Resolved! Extract Indicators from context to Field

Hi,

I have one playbook where I'm using the Builtin ExtractIndicators Function to extract any indicator from one field, and it's working fine:

After this, I call more subplaybooks, and I want, from this subplaybooks, use this indicators for some act

...

fatal Error during ensure repo

Hi everyone,

I am facing a strange issue. I was trying to change the certificate like explained in this link https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/installation/post-installation-checklist/https-with-a-signed-cert

...

How to Export list of users who have access to xSOAR along with their last login

Hi All

How can i export the list of users along with their last login

In Seetings > User and Role > Users I am able to see the list of users

But i dont see an option to export this data

I want to export them to review each of them and get approva

...

Post-processing script to close XDR alerts from XSOAR in Mirroring Both Direction integration setting.

Hello,

We are using XDR with XSOAR mirroring both direction configuration. It's working. However, incidents created on XSOAR don't close all the alerts of XDR related to the incident. So a post-script should be done to force them to close. What comma

...

Error handling

Hi all, with this type of setting (see the img), if in the next task I check $ {lastCompletedTaskEntries} to verify if the previous task is in error, the result is positive even if the second retry task went well. How can I get ar

...

Resolved! Export playbooks, alerts list

Hi All,

I am new to xSOAR and wanted to know if there is a way to export the list of playbooks enabled in my environment

This is to check what playbooks we are using Vs what is available in marketplace

Thank you

aparna

Adding a list of IPs and Domains to Exclusion list from File in Json Format

Dears,

Kindly need to add a list of IPs and Domains to exclusion list from json format.

Kindly advise how to do that and what is the needed format?

Resolved! Add a comment on an indicator from playbook

Hello,

In many indicators' layout there is a comment section where users can add text comment.

Is there a way to automatically add comment from a playbook?

Looking at setIndicator, I didn't find the right field associated to the comment section

...

Resolved! Processing list

How to convert a list into int in xsoar automation.

Discussions

A question from the Malware Pack v2 webinar: EDR alerts

A question from the Malware Pack v2 webinar: Misclassification rate

Resolved! Make a section in layout a static list?

Resolved! XSOAR NSlookup and ThreatVault info

Resolved! integration indicator pull limits?

Resolved! "Enable pagination" for table widgets on dashboards

Resolved! Extract Indicators from context to Field

fatal Error during ensure repo

How to Export list of users who have access to xSOAR along with their last login

Post-processing script to close XDR alerts from XSOAR in Mirroring Both Direction integration setting.

Error handling

Resolved! Export playbooks, alerts list

Adding a list of IPs and Domains to Exclusion list from File in Json Format

Resolved! Add a comment on an indicator from playbook

Resolved! Processing list

Can XSOAR disk space vary automatically?

Assign incident to new owner

unable to push the content from dev to prod

JSON Sample Incident Generator

Rename table headers

Re: Dashboard Graph Display Incident Count Per Month

Dashboard Graph Display Incident Count Per Month

Re: Incident Parent-Child Relationship

Re: Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.

Re: Couldn't sort by date in bar graph widget in Dashboard

Unlock your full community experience!

Resolved! Make a section in layout a static list?

Resolved! XSOAR NSlookup and ThreatVault info

Resolved! integration indicator pull limits?

Resolved! "Enable pagination" for table widgets on dashboards

Resolved! Extract Indicators from context to Field

Resolved! Export playbooks, alerts list

Resolved! Add a comment on an indicator from playbook

Resolved! Processing list