Cortex XSOAR Discussions

Problems with the Integration "QRadar v3" - Mirroring not working and qradar-reset-last-run command not working

Hi everyone,

Anybody having problems with the Integration 'QRadar v3'?

In particular, I found two things that are not working:

- First, Offenses created in QRadar are not being creating Incidents on Cortex XSOAR.

I configured the integration fo

...

Transformer to delete line breaks in a string

Hello,

Some data is introduced in XSOAR with line breaks. Example:

data1,

data2,

data3,

data4

This data is joined with "," to be introduced in a task. However, data is not parsed correctly and the line breaks are introduced, causing an incorrect

...

Obtain payloads bounded by time and IoCs of Cisco Firepower from XSOAR

Hello,

We'd like to use Cisco Firepower integration to obtain extra info for our playbooks. However, we can't find the proper command to get the payloads of an event.

XSOAR Incident Opened Time

Once a XSOAR incident is created, how can we find when a user actually clicked & opened incident for the first time?

Resolved! XSOAR Engine self signed certificate location

Hi,

Can someone help me to get XSOAR engine self-signed public certificate.

Thanks,

Is it possible to change the Section Header color?

Change the Section Header color in order to create visual alerts in the playbook.

Adding user to Team members of an incident by python script

Hello,

There is the section "Team Members" with two fields "Owner" and "Participants".

I want to add some users to "Participants" but there isn't this field in the context data.

I found in the documentation https://docs.paloaltonetworks.com/cortex

...

Resolved! When does a Post-script exactly execute?

Hello,

When does a post-script execute? When the incident is completely closed?

Resolved! How to change a .xlsx file in context data or upload new from python script

Hi all,

Could you help me with the following problem?

I have an incident with .xlsx file that I handle by pandas and openpyxl. After the file will be handled, I need to save it to the context data to upload it to IRP by IRP integration and process

...

How to pass username and password to the web scraper automation in XSOAR

Hi,

The URL I wanted to web scrap requires authentication, can someone help me to pass username and password to the WebScraper OOTB automation in XOSAR.

Thanks.

Command "setList" issue introducing variables from context

Hello,

We're using command "demisto.executeCommand("setList",{"listName":listName,"listData":listContent})" in order to introduce data in a json list. Where the "listName" is a json list name and "listContent" is data extracted from the context.

Th

...

Resolved! SAML role configuration in XSOAR

Hi,

We are using SAML 2.0 integration for user authentication to XSOAR.

Can someone help to understand what value need to update on "SAML Roles Mapping" in XSOAR under Settings->User and Roles-> Roles.

Thanks,

Deepa

Resolved! Looking for a way to identify links between our parent and subplaybooks.

This relates to lifecycle management and removing old unused playbooks/subplaybooks.

We can use the XSOAR Metrics widget to see when a playbook last executed, however this isn't always a good indicator as we have playbooks for rare events which ha

...

Convert Multiple Files

Hello, I am trying to convert multiple files with different extensions using the 'ConvertFile' automation, so that it can be display on the layout. However, when there are different types of files in one incident, it keeps giving me an error. What wo

...

A question from the Malware Pack v2 webinar: Malware pack playbooks optimization

Kudos for all the work on developing these playbooks. Are they optimized so the incidents don't get flagged under System Diagnostics (exceptionally big incidents, exceptionally big context, etc)?

Note: This question was asked as part of Cortex XSOA

...

Discussions

Problems with the Integration "QRadar v3" - Mirroring not working and qradar-reset-last-run command not working

Transformer to delete line breaks in a string

Obtain payloads bounded by time and IoCs of Cisco Firepower from XSOAR

XSOAR Incident Opened Time

Resolved! XSOAR Engine self signed certificate location

Is it possible to change the Section Header color?

Adding user to Team members of an incident by python script

Resolved! When does a Post-script exactly execute?

Resolved! How to change a .xlsx file in context data or upload new from python script

How to pass username and password to the web scraper automation in XSOAR

Command "setList" issue introducing variables from context

Resolved! SAML role configuration in XSOAR

Resolved! Looking for a way to identify links between our parent and subplaybooks.

Convert Multiple Files

A question from the Malware Pack v2 webinar: Malware pack playbooks optimization

Field Change Script To System Fields

How to Copy Incident Files from Linked Incidents

Can XSOAR disk space vary automatically?

Assign incident to new owner

unable to push the content from dev to prod

XSOAR Feature Request

ServiceNow Developer looking for ideas

Unlock your full community experience!

Resolved! XSOAR Engine self signed certificate location

Resolved! When does a Post-script exactly execute?

Resolved! How to change a .xlsx file in context data or upload new from python script

Resolved! SAML role configuration in XSOAR

Resolved! Looking for a way to identify links between our parent and subplaybooks.