integration mirroring vs post processing script mirroring

Our current setup mirrors incidents by post processing scripts. Bulk incident close makes too much noise in the system. It creates a container for each incident at the same time. It can overload the system from time to time. How does mirroring in the

Preprocess rule - link & run a script in the same rule

Hi,

Is there a way to configure pre-process rule to link and run preprocess script? I have to link incidents with few identical fields and set some fields values using script. I thought to make preprocess script which will do both, but I ran into a

How to modify edit fields form applied to multiple incident types for bulk editing

Hi All,

I'm attempting to add a custom field to the edit feature in XSOAR and cannot find any documentation when it comes to having that field show up in the edit form when editing multiple incidents regardless of type. When the edit layout is upda

Create a job to check if an instance pull has failed

Hello,

Sometimes on instance fails pulling the data, however the instance has connection. It's just an error feeding the instance.

How can a job be created to check is a pull has failed?

Put alerts of the same type in just a single one daily.

Hello, 

I receive many alerts of the same type each day creating an incident for each. 

I would like to put together all them in an incident and avoid creating incidents individually. So it will be solved just once.  

Docker Hardening

Hello,

I followed this docker hardening documentation to harden the docker containerzied environment for Cortex XSOAR solutin. 

I added the first server configuration key as this (docker.run.internal.asuser = true), and reset docker containers th

xSOAR Dashboard Widget - Table column Count for specific field

Hey!

I'm trying to get a widget on a dashboard that shows a field and how many times it has triggered next to it.

Example:

Name:              |     Alert Count:

----------------------------------------------

Department 1   |           4

Department 2

CiscoEmailSecurity (Beta) integration works on vesion 14.2.0?

Hello,

Now we are using CiscoEmailSecurity (Beta) integration for version 13.8.1, and is going to be updated to 14.2.0. How could we know if it's compatible?

Thanks

[DemistoClassApiModule] Why CustomFields in demisto.incident()

Why is there a separate dictionary returned from demisto.incident? Does it matter whether a field is custom or builtin

demisto.incident()['CustomFields']['myfield']


I am asking this because I am thinking about implementing a custom function in CommonU

I found the issue cannot save filter in the Playground War Room

Hi All,

In the new version of XSOAR server 6.10 GA cannot save the filter in the Playground War Room.

The save bottom cannot click.

Everyone found this same issue or not?

BR

Sakkarin Pichetskul

How to find incidents with a particular key present in context ?

whenever there is an email thread involved in the incident,  a field in the context is created as EmailThreads: [{email1 values}, {email 2 values}]

I want to find all the incidents which have this email thread involved.

Multi Tenant Automation

Hi,

Is there a way to run XSOAR automations across all tenants without having to place (push) the automation into all the tenants? 

If I wanted to write a script to pull all incidents across all tenants, how would I do that?

Thank you.

[Multi-Tenant] How to sync jobs to tenants

Hi everyone, I want to create a job to run everyday at 12pm to check if any license in the tenants expires in a week. The main account doesn't have the jobs tab. so I can't simply sync the job to all the tenants. What are my options?