Cortex XSOAR Discussions

Cortex XDR Incident

Hello everyone, we started dealing with Cortex XDR and after getting the furst Incident, I am kinda lost. I am not even sure whats the issue, there is a lot of "information" on the management console. For example, the Incident, under "Key Assets & Ar

...

If a pre-process rule fails how can it been seen if the incident hasn't been created?

Hello,

If a pre-process rule fails how can it been seen if the incident hasn't been created?

Could be that the the incident is created anyway?

Just to set in context:

A pre-process is created to introduce the playbook procedure documentation in the

...

Send Report to Slack

Hi,

I want to send the report created from Dashboard&Report section via slack. Is this possible? I only saw mail configuration.

How to count the playbook

We have a question for how to count the playbook?

We have a function with 3 product and 3 version.
How to count/quantify the playbook? Is 3 product X 3 vesrions =9 playbook?

For the playbook should different versions/bands be in the different playboo

...

Resolved! Subplaybook execution count

Hi!

Is there a way to count how many times was the specific subplaybook executed across mutliple/all incidents? How to ensure the number includes loops in subplaybooks?

The reason I need this number is to better understand ROI of the platform.

Th

...

Problems with the Integration "QRadar v3" - Mirroring not working and qradar-reset-last-run command not working

Hi everyone,

Anybody having problems with the Integration 'QRadar v3'?

In particular, I found two things that are not working:

- First, Offenses created in QRadar are not being creating Incidents on Cortex XSOAR.

I configured the integration fo

...

Transformer to delete line breaks in a string

Hello,

Some data is introduced in XSOAR with line breaks. Example:

data1,

data2,

data3,

data4

This data is joined with "," to be introduced in a task. However, data is not parsed correctly and the line breaks are introduced, causing an incorrect

...

Obtain payloads bounded by time and IoCs of Cisco Firepower from XSOAR

Hello,

We'd like to use Cisco Firepower integration to obtain extra info for our playbooks. However, we can't find the proper command to get the payloads of an event.

XSOAR Incident Opened Time

Once a XSOAR incident is created, how can we find when a user actually clicked & opened incident for the first time?

Resolved! XSOAR Engine self signed certificate location

Hi,

Can someone help me to get XSOAR engine self-signed public certificate.

Thanks,

Is it possible to change the Section Header color?

Change the Section Header color in order to create visual alerts in the playbook.

Adding user to Team members of an incident by python script

Hello,

There is the section "Team Members" with two fields "Owner" and "Participants".

I want to add some users to "Participants" but there isn't this field in the context data.

I found in the documentation https://docs.paloaltonetworks.com/cortex

...

Resolved! When does a Post-script exactly execute?

Hello,

When does a post-script execute? When the incident is completely closed?

Resolved! How to change a .xlsx file in context data or upload new from python script

Hi all,

Could you help me with the following problem?

I have an incident with .xlsx file that I handle by pandas and openpyxl. After the file will be handled, I need to save it to the context data to upload it to IRP by IRP integration and process

...

How to pass username and password to the web scraper automation in XSOAR

Hi,

The URL I wanted to web scrap requires authentication, can someone help me to pass username and password to the WebScraper OOTB automation in XOSAR.

Thanks.

Cortex XSOAR Discussions

Discussions

Cortex XDR Incident

If a pre-process rule fails how can it been seen if the incident hasn't been created?

Send Report to Slack

How to count the playbook

Resolved! Subplaybook execution count

Problems with the Integration "QRadar v3" - Mirroring not working and qradar-reset-last-run command not working

Transformer to delete line breaks in a string

Obtain payloads bounded by time and IoCs of Cisco Firepower from XSOAR

XSOAR Incident Opened Time

Resolved! XSOAR Engine self signed certificate location

Is it possible to change the Section Header color?

Adding user to Team members of an incident by python script

Resolved! When does a Post-script exactly execute?

Resolved! How to change a .xlsx file in context data or upload new from python script

How to pass username and password to the web scraper automation in XSOAR

XSOAR 8 + Export Data to On-premise for Retention Compliance

How to include the initial Email as attachment OR how to reply on the same Email sent

Missing button scripts from content packs

Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

Default Field Mapping in QRadar Content Pack 2.5.7 on XSOAR 6.12

Re: Missing button scripts from content packs

Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Re: How to include the initial Email as attachment OR how to reply on the same Email sent

Automating SLA in XSOAR with Reminders and Reset on Updates

Re: How to include the initial Email as attachment OR how to reply on the same Email sent

Unlock your full community experience!

Cortex XSOAR Discussions

Resolved! Subplaybook execution count

Resolved! XSOAR Engine self signed certificate location

Resolved! When does a Post-script exactly execute?

Resolved! How to change a .xlsx file in context data or upload new from python script