Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
what if the closed ticket will be re-opened from SerciveNow (snow)?
Note: This question was asked during the Cortex XSOAR Customer Success Webinar: Mirroring
Hi all,
I was trying to make a playbook where I had a set of hashes extracted from a text file and then search on CbAppControl.
After searching, it would return the filename of the hash and the computers where the hash was detected.
Right now the
...
Hi,
I'm looking to map specific playbook task results to respective sections in the layout. Saved filter queries are defined at very high level and are not helping me. How can this be done? Thanks in advance.
Hello,
XSOAR and XDR are used with mirroring, when an incident is closed from XSOAR it's closed in XDR too. However, the alerts in XDR are not. So an script is needed in XSOAR to close those XDR alerts. How is this is script done? where should be set
...
We publish guides/playbooks on a 3rd party site for our analyst to use when troubleshooting an incident.
that 3rd party site has an api.
I've successfully pulled the guide / page into the warroom and it displays and returns correctly using return_re
...
If I configure the integration in SOAR using an API key from Cisco Secure Cloud Analytics, I get an authorization error:
Executed: test-module
Instance Stealthwatch Cloud_instance_1d4e2580e-a33d-4ace-8877-59165345b343
Arguments {}
Start time 2022-07-2
I am having a little problem uninstalling the demisto server and the documentation isn't clear enough for me to follow(Uninstall Cortex XSOAR (paloaltonetworks.com) I tried the command specifed in the documentation and nothing happened which means th
...
Hello,
We're having some problems with some content packs compatibility in XSOAR, normally we update all them as soon as possible. However, sometimes they fail, so going back to the last version is needed. We'd like to have some visual information ab
...
Dears, we want to enrich our indicators from McAfee sitelook and Symantec Sitelook, suppose that we have a scipt that get the results?? how can we create the custom threat intelligence feeds in xsoar ??
Hello,
In the past few days our SentinelOne Integration has stopped working. I am seeing the following error;
[Failed to execute test-module command. Error: Error in API call [401] - UNAUTHORIZED {"errors": [{"code": 4010010, "detail": null, "title
...
Hello
I'd like to use wildfire-get-sample (WildFire-v2)
In the instances settings there is only one entry: API.
That API I get from https://eu.wildfire.paloaltonetworks.com/wildfire/account
In the instances I do a Test an it returned as "Success"
...
I created API key in setting and trying to get the dashboard/widget value (e.g. Playbook runs) from XSOAR but failed.
In the API guideline, there is no example of body parameters in "Get Dashboard Statistics" or "Get Widget Statistics", so I hav
...
The incident layout shows the tasks with "Waiting for user"(orange) and "Task with errors"(red). That's important so it can be checked, however some tasks are set with "stop on errors" to "no", because the playbook can be solved without those tasks.
...
Dear all,
We have an issue about visulazating the outputs of indicator enrichment via using virus total ( vt-passive-dns-data).
To be more specific I am going to share our indicator layout and what we are expecting. As its given in the first scre
...
Hi All,
I have been trying to find the best way to manage a list of IP addresses. This is the idea I am trying to achieve.
1) I identify an IP address that is malicious and block it on the PaloAlto firewall in a static object group.
2) I keep tra
...| User | Likes Count |
|---|---|
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
