This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

XSOAR Tenant RO access

Hi All, In an environment where one has a multi tenant setup, what is required from a licensing perspective in order to setup an account (pref read only) to be able to view both the master and any child tenants within. requirement for this account is to review current playbooks, subscriptions etc etc thanks in adv

Ants by L1 Bithead
  • 1180 Views
  • 1 replies
  • 0 Likes

Microsoft Sentinel Integration

I am having the following error while trying to create an instance of "Microsoft Sentinel Integration": Error (April 12, 2023 9:47 AM) Script failed to run: Error: [Traceback (most recent call last): File "<string>", line 1, in <module> NameError: name 'register_module_line' is not defined ] (2604) (2603)

MSSSOC by L0 Member
  • 2083 Views
  • 1 replies
  • 0 Likes

Get MFA authentication methods

Hello community! I was wondering if there's any integration that would allow me to get the defined authentication methods for a given user. The use case is to know if someone who has entered credentials in a phishing portal has MFA enabled or not and take actions in consequence. I have been looking in Microsoft Graph User integration but the...

adocasar by L1 Bithead
  • 1823 Views
  • 1 replies
  • 0 Likes

Not able to create a file in the artifacts folder using automation

I run a query in indicator tags:malicious, I am able to get expect result, Then I run the build in automation "GetIndicatorsByQuery" in playground, it shows there is a file created, however when I download the file the content is all [{}, {}, {} ] I tried use build in automation "SearchIndicator" and then "FileCreateAndUploadV2" to creat...

Avoid using too many containers

Hello, We're trying to avoid using too many containers. In order to reduce it, we have come up with two options for the automation: Use the exact same container for automations (If they use the same libraries) Or use the empty "Docker image name" option (if an external library is not used): Which of them will fit better? Thanks, Josep

Josep_1-1679989178081.png
Josep by L4 Transporter
  • 5090 Views
  • 6 replies
  • 0 Likes

Resolved! Incidents in error - how to rerun last task?

Hi! I often encounter errors in incidents due to temporary API integrations failure. I have some automated retries setup for each task which mitigate it somewhat. However if the failure lasts longer - incidents stop in error. I usually open each incident and click "Run automation now" on the failed task. Is there an automated way or command, t...

Antanas by L2 Linker
  • 4676 Views
  • 4 replies
  • 0 Likes

Multitenant and JOB

Hi everyone,I use a multi-tenant structure. As you know, JOBs are not distributed between tenants. I have more than twenty tenants. I want to create a structure that will send a notification in case any of them get an error in the integration (unable to pull the event). But since I can't distribute them (as JOBs), I'm having problems. It causes ...

Resolved! Context key reorganize

Hi! I want to be able to manipulate context keys by selecting the keys I want, and moving them to upper level. E.g.: Assuming I have the following in the context: I want to have a new context key with only Name and HairColor: GetFields transformer seems to have similar functionality, however I cannot tell it to get subkeys, e.g. Appear...

f1.JPG
f2.JPG
Antanas by L2 Linker
  • 3056 Views
  • 4 replies
  • 0 Likes

Mirroring Issue in Between SOAR host and a tennat

Hello everyone, We have a mirroring problem within 1 tenannt and 1 soar host/server. Both of them are in the same network/side. Some how we can search incidents from tennant to soar host, however while using mirroring integration in order to provide incident in a continous way they cannot be can not be fetched. To examplify: soar host/ser...

UmutAK by L1 Bithead
  • 1356 Views
  • 1 replies
  • 0 Likes

Resolved! Best Practice to Ignore or Exclude a list of Domains

I am looking for the "Best Practice" method to prevent emailed links from our Security Awareness tool being run through various sandboxes or detonations.I need to be able to create a list of domains/subdomains and then reference the list of domains so that any playbooks or incidents are automatically closed without analysis being performed on th...

cmcneil3 by L0 Member
  • 2947 Views
  • 1 replies
  • 0 Likes

Data Collection task customization send by email (email interface + the interface of the website opened from the generated url)

Hello.We are working on a data collection task sent by email and we would like to edit the interface of the sent email + the webpage that opens from the url generated in the email. I have found solutions for the interface of the sent email by setting two different server configuration keys.(messages.html.formats.externalFormSubmit + messages.htm...

Data Collection Fields

Hello all, Is there a way to add attachments to an email that is sent using the ask by email function under the data collection option? I am trying to link evidence to a case so the end user can view the evidence and then make decisions based off of it? I have tried editing the html to add links to the body, but that doesn't work unless they ha...

Resolved! CI/CD Process or Remote Repository UI on XSOAR

Hello, We are doubting whether to build a CI/CD Process or a Remote Repository UI on XSOAR. Looking to the table, CI/CD has more features. However, it doesn't allow you to work with Cortex XSOAR UI. This may mean that we will not be able to work with boxes, we will work directly with yaml and python. So is it possible to work this way? Or will...

Josep_0-1678715052853.png
Josep by L4 Transporter
  • 2555 Views
  • 2 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks