This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

XSOAR Lead Wanted

We are looking for a Cortex XSOAR lead to join our growing team! What better place to look for the right talent than in the Live Community!! DM for more information if you have the skillset, are motivated to succeed, and want to join a winning organization!

Resolved! Yara Rules error

Hi, Trying to use yarascan automation from yara pack on marketplace, always receiving "HasMatch: false" Here it goes the printscreen with the command and the contextdata showing the entryid The content has that rule Could you help? Regards, Fábio

FabioFerreira_0-1679411632399.png
FabioFerreira_1-1679411743582.png

SetGridField

How can I map keys (query, network.cidr, network.country) to a table? I'm trying with below command, is not working for CIDR & Country. !SetGridField context_path="Whois.IP" grid_id="whoisipinfo" overwrite="true" columns="IP Address,CIDR,Country" keys="query, network.cidr, network.country"Whois.IP{"asn_registry": "apnic","entities": ["IRT-AP...

How to realign taskIds number

Hello, While I'm creating a playbook, the taskids don't follow the proper order due to the changes made. How can these tasks be realigned to follow an ascending order? Thanks, Josep

Josep by L4 Transporter
  • 1313 Views
  • 1 replies
  • 0 Likes

Resolved! SAML Role Mapping in XSOAR

Hi, We are using SAML integration for XSOAR user authentication and azure AD as an IDP. I'm bit confused in SAML role mapping in XSOAR. for eg. in Azure AD we have only one group and users are mapped to it. but in XSOAR we want to give analyst permission for few users and admin permission for few users. Will that be possible by creating 2 diff...

DP696 by L2 Linker
  • 2387 Views
  • 2 replies
  • 0 Likes

Formatting an Array of Values

Hey Everyone, In the context I have one key that holds multiple email values, I need to use them in my "SendEmailReply" automation. However when I call the key as a variable in To field, it comes as an array not single object. Is there any out of the box way to format values in arrays? My example JSON in context { "Email":["Abc@ehd.com", "NM...

Resolved! Email Classification with Subject

I'm currently using EWSv2 to listen to emails and have a classifier as well for fixed subjects. Is there a approach that I can use to take a part of an email subject to classify emails? As an example: Email Subject 1: Incident#1213131 Email Subject 2: Incident#3234234 Should be classified in "Incidents"

Resolved! Need a time limit for EmailAskUser task.

When automation EmailAskUser is used, a wait task is placed after it waiting if there's an answer. If there's no answer the automation will stay there forever, a time threshold is needed to continue the automation. How can be this time limit set?

Josep by L4 Transporter
  • 4988 Views
  • 8 replies
  • 0 Likes

Resolved! Add manual input to a query on a button?

Greetings all.I have this situation I am trying to resolve, but can't find a solution.I have a dynamic section in a layout, in which I want to add a button. When clicked, this button should run a query, but it should first ask for a user input, which needs to be a part of the query.Example:I want a button to run a Azure Log Analytics query.I mak...

Integrating splunk with XSOAR.

Hi, Can someone help me with the below queries? We are in process of integrating splunk with XSOAR.It’s a cloud service and can be accessed via SplunkCloud and SplunkEnterpriseSecuritySuite. It should be integrated via SplunkCloud or SplunkEnterpriseSecuritySuite?What changes/configuration is needed at Splunk end to enable the integration.Th...

DP696 by L2 Linker
  • 5107 Views
  • 1 replies
  • 0 Likes

Resolved! Impossible to submit Support Case & issue with download link

Dear Community,We're sorry to have to reach out via a public discussion thread for such an issue, but we are struggling to get support from Palo Alto.We would like to try Cortex XSOAR as a solution, and applied to get a trial account. We did receive the license, but never got the download link. We tried to open a support case, but the ticket c...

BVEF by L1 Bithead
  • 4227 Views
  • 6 replies
  • 1 Likes

Obtain list content from api

Hi!I want to get the content of a list from the API REST. The endpoint /lists returns all lists and their content. Is there a way to get only the content of a list? In addition, the content of the list brings the line breaks and spaces corresponding to the pretty print of the json. For example: I can't find the documentation with the api endpo...

rdevega_0-1678707954535.png
rdevega_1-1678708140520.png
rdevega by L1 Bithead
  • 1736 Views
  • 1 replies
  • 0 Likes

Resolved! Need help on extract indicators from Email body

Hello Team, I have developed a playbook which extract indicators like IP,URL,Domain and Hash from Email body.but in some cases extract indicators and other automation which are available in xsoar cannot extract domains.can anyone suggest me how to extract domains from Email body.

Priyash7 by L0 Member
  • 4845 Views
  • 3 replies
  • 0 Likes

Extracting urls from html text

when I extract indicators from body of an email (the body of the email is in html format). I don't get the URLs, only the domains inside the URLs are extracted but the URLs itself not extracted. what I understand in extracting domains, that it works to extract emails and URLs then extract domains from it. Kindly find the attachment to show y...

  • 1300 Posts
  • 45 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks