This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Blueliv API integration error

We are testing XSOAR and integrations. We have some problems when we try to fetch incidents in BlueLiv integration. This is the complete error: Error: Script failed to run: Error: [Traceback (most recent call last): File "<string>", line 502, in <module> File "<string>", line 466, in main File "<string>",...

socser by L0 Member
  • 1982 Views
  • 2 replies
  • 0 Likes

Extract Indicator in XSOAR

Hi all,I want to manually extract the 'IOC alarm' coming from XDR. But the incoming IP addresses come in 2 ways as 'action_local_ip' and 'action_remote_ip'. If I extract according to action_local_ip or action_remote_ip, some IOCs get an error (wrong IP). How can I solve this? Which one should I classify it according to? Cortex XSOAR Cortex XDR

Issue with certificates - Encountering SSL handshake failure error

Hi,Created own self-signed certificate, and replaced with the certificate and key in the designated path '/usr/local/demisto/d1.cert.pem & /usr/local/demisto/d1.key.pem' (on XSOAR engine) and given the required permission and ownership to the files. For one of the endpoint that we are looking to integrate with XSOAR is tighten with 2-way SSL...

DP696 by L2 Linker
  • 3498 Views
  • 2 replies
  • 0 Likes

Resolved! Incident fetch reset timestamp

Hi I have a doubt regarding incident fetch -if we reset the timestamp in any integration in xsoar and set the first fetch as 24 hours. Will it fetch only the new incidents or will it fetch incidents from past 24 hours (note - this is for integration that was already working fine )

SMAX Integration Error

Hi Everyone, We have integrated SMAX as the ticketing solution on XSOAR for one of the clients. After configuring, it is giving an unexpected error. I don't think its a network issue or issue with the credentials. Some assistance on the error would be really helpful. Please find the error message below (also present in the screenshot attache...

Dwai by L0 Member
  • 2305 Views
  • 1 replies
  • 0 Likes

Resolved! McAfee Mvision Integration Missing Image

Hello, I am attempting to use the integration provided by EDR-Integrations by Martin Ohl. When performing the test I receive the error "Error response from daemon: pull access denied for mohlcyber/dxl, repository does not exist or may require 'docker login': denied:". After trying to manually pull this image through the CLI of the XSOAR Server ...

Run a command on all tenants from master

hi everyone, I need some help with microsoft graph integrations with multi tenancy I configured an instance of Microsoft Graph Mail Single User integration in the master and want to sync to all the tenants. Simply syncing won't work because the integration has to run at least once to be initialized before the oproxy token expires. msgraph-ma...

Resolved! XSOAR Mirroring - Move all cases from one tenant to another (with all related information)

Hello, We're looking to move all our cases from one tenant to another one.Looking at the XSOAR Mirroring integration to move all cases. We would like to retrieve all content inside every case.The default settings of the integration (below) doesn't mirror all entries. How can we include all entries in the mirroring?Entry Categories = notes,chat...

Apply transformers directly on variables

Hello, I'm creating Json lists introducing data in them. I'm using "addToList" automation. The data introduced example: listData: {"key1":{ "subkey1: ${dataInput1}, "subkey2: ${dataInput2}, "subkey3: ${dataInput3}, "subkey4: ${dataInput4} } Is there a way to transform the variables directly in the input listData with no need to create a set fo...

Josep by L4 Transporter
  • 1763 Views
  • 1 replies
  • 0 Likes

Even though get-remote-data command executes successfully, the entries returned in the GetRemoteDataResponse object is not being added to the incident

When the get-remote-data is being called, I am getting below errors when returning entries to the GetRemoteDataResonse. The command is executes successfully, but I do not get entries in the XSOAR incident which I have passed to the GetRemoteDataResponse. Even the incident is not getting closed though I have returned an entry with "dbotIncidentCl...

HarshPanchal_0-1674821669351.png
HarshPanchal_2-1674821769217.png

Panoroma IP Blocking Issue

I wanted to block ips via using xsoar, on Pan-os panorama. We have integrated xsoar and panoroma but non of the automations provide us a blocking on panorama. In addition to that I tried to give inputs to Block IP Generic v3 playbook(which is provided by palo alto). Our aim is blocking IP **WITHOUT** using edl or static list, which corresponds D...

UmutAK by L1 Bithead
  • 1480 Views
  • 1 replies
  • 0 Likes

closing duplicated tickets in XSOAR & Splunk automatically

Hello, i am trying to close duplicated tickets on XSOAR and Splunk automatically using pre processing rules (for closing on XSOAR) and post processing rule (for closing on Splunk) which i wrote a script for However i cannot test the post processing scripts because the pre processing script closes the tickets and i cannot reopen them or access ...

Getting this error when enabling malwarebytes #xsoar integration

Executed: test-moduleInstance Malwarebytes_OP360bae6c541-5338-433c-8e65-0698f6d1e955Arguments {}Start time 2022-10-21T16:15:27.798846102-04:00 2022-10-21T16:15:28.151429016-04:00 info: (Malwarebytes_OP360bae6c541-5338-433c-8e65-0698f6d1e955_Malwarebytes_test-module) debug-mode started.#### http client print found: False.#### Env environ({'PATH':...

Search IOCs on VirusTotal Faster

We are running a playbook to search a list of IOCs on VirusTotal, the list is received by an attachment on incident creation. The playbook then exports the VirusTotal scores into the war room as a csv file. All this is achieved by manual indicator creation an enrichment. The enrichment process however takes more than an hour for only 4000 IOCs. ...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks