Cortex XSOAR Discussions

URLscan.io's SOAR spot: Chatty security tools leaking private data!

Community, have you noticed that we may be accidentally exposing confidential information of the users we protect by submitting URLs for analysis to URLscan.io?

Credits to: FABIAN BRAUNLEIN

• Sensitive URLs to shared documents, password reset pages

Timeout in task not working

Hello,

Timeout configuration does not function in "ScheduleCommand" task using an automation. The timeout is set inside the task in Advanced Tab->"Execution timeout(seconds)" and inside the automation in Settings->Advanced->Timeout(seconds), but is n

How to uninstall deprecated integration in XSOAR

Hello,

I'm trying to uninstall the deprecated integration in XSOAR. However, when I search for them in the Marketplace, they don't appear. Any clue?

Filter out incidents having email communications associated with it

From all the incidents I have, I want to filter out the incidents having email communications associated with them.
There are several fields in the context and in the incident of the context that identifies an incident as email communications associat

Help ML models

Hello,

I need some help to understand how ML models work in XSOAR. In the documentation, I can only see models related to emails.

I'd like to create a model just with the close reason, False Positive or True Positive. I already trained the model, how

Question Regarding Mirroring Integration In Cortex XSOAR

I've a couple of questions regarding mirroring in Cortex XSOAR which are listed below.

1. Is it possible to change the status of the XSOAR incident from Pending to Active in the get-remote-data command? I have checked couple of mirroring integration

Urgently needed to download Cortex XSOAR 6.6 version . Can anybody share the link

I urgently need to download Cortex XSOAR 6.6 version. Can anybody share the link or steps to download Cortex XSOAR 6.6.0 (B3124193). I really appreciate any help you can provide.

Multiple Question realted to assign owner from playbook

Guys,

I Have Phishing Playbook consists of two big parts: 

a- L1 Phishing playbook.

b- L2 Phishing playbook.

The flow starts from L1 doing the needed automation and tasks like (Extracting IOCs, Headers, Doing Enrichment, making Splunk searches, .

Demisto.db Read only Error

Dears,

I am facing an issue in one of the tenants as below once I am trying to press anything and as I check the directory I found that demisto is the owner and the permissions are drwxr. Appreciate any Support.

"Write /var/lib/demisto/tenents/(t

closing multiple incidents with postprocessing scripts causes xsoar to hang

Hi all,

I am working with Carbon Black EDR so I want incidents to be closed not only on xsoar but also on carbon black instance. To achieve that I implemented a post processing script. when an incident on xsoar is closed the script closes the alert