Cortex XSOAR Discussions

Resolved! Running XQL Query to XDR from an Automation Script : Receiving 500 Bad Synatax from valid query

Hello all,

I am attempting to run an XQL query from an automation script. The query is valid and can be run manually and this works well both on XSOAR and on the Query Editor section on XDR. Essentially we refer to the query under a variable and the

...

Send file via email to end user

Hi community,
is there a way to add pdf as an attachement to email and send it to a specifi user using EWS instance or any other plugin ?
thanks in advance.

Resolved! How to sync XSOAR to another XSOAR?

How to sync XSOAR to another XSOAR? I've been researching this but I couldn't find a good source or I overlooked it.

Enable and disable integration instance from playbook/automation

Hello,

We'd like to create a flux where an integration instance is enabled, then the function related to that instance is used, and finally the integration instance is disabled. How can this be done? No functions have been found.

Enable instance->U

...

Propagation labels problem

Hi everybody, I am really having a hard time syncing content with tenants because propagation labels aren't working properly for me. To give you an example, I create an xsoarcommunity tenant and set the propagation label to carbon_test so that I can'

...

Resolved! File upload from XSOAR war room to Sentinel watchlist

Hi,

Newbie to Xsoar and working on an automation when a csv file is uploaded to war room, it should upload the csv to Azure Sentinel watchlist. From what I understand, I can do this by grabbing the file entry id of the latest file uploaded and th

...

Access denied for Cortex XSOAR Customer success Webinar: Case management.

Getting above message while trying to view content from below mentioned url.

LIVEcommunity - Access Denied - LIVEcommunity (paloaltonetworks.com)

'Failed to parse JSON object from response' while integrating Microsoft Defender for Cloud Apps with XSOAR

Hi,

I encountered the error 'Failed to parse json object from response: b'\r\n\r\n<!-- Copyright (C) Microsoft Corporation. All rights reserved.' when trying to integrate 'Microsoft Defender for Cloud Apps' using client credentials authentication meth

...

Export indicators with custom indicator fields

Our detection engineering team wants to upload a list of IOCs to XSOAR and get the VirusTotal scores of them as a csv file.

Through an automation I am extracting and enriching all the indicators and running

!ExportIndicatorsToCSV query="investigati

...

Resolved! Error with Set Command context

Hi all the community,
i face a problem when using set Command, you find bellow the error:

===ERROR

DBot
February 15, 2023 12:09 PM
Scripts returned an error
#2: add Test key to context
Command:

!Set key="test" value="abc" stringify="false" extend-context="

...

Resolved! Widget to display Active Logged in XSOAR user (SOC Analyst)

Does anyone have a script or know a way to display the currently signed-in XSOAR users?

Basically, i'd like a dashboard widget with active users signed-in....

Let me know your thoughts -

Thanks again,

Boyd

Resolved! XSOAR Community edition trial only 30 days

Hello,

I'm trying to deploy XSOAR at home just to try out some ideas. However, a 30 day trial is not enough time to attempt it.

Is there a way to acquire a limited version of XSOAR but with no time restriction?

Attentively,

Josep

Parse email attaachement using EWS V2 Extension

Hi all,
actually i am configuring an abuse email box that will receive all email that are suspected to be a phishing email,
actually when we send the suspected email as en EML attachement to the abuse email box that is alredy configured via EWS instanc

...

extend-context of multiple columns at once

Hi all.
I'm struggling a lot to solve a particular issue.
I am performing a Log analytics query which returns 4 columns (named AuthenticationRequirement, ResultType, ExternalUser and TrustedNetwork). The result could result in multiple rows with these

...

Resolved! Search custom fields in report query

Hi,

I think subject is clear enough that what i want to  , for some reason i want to query on some custom fields in report query page. As below pictures presents "domain" is the custom field that i need to query but no way to call it in report que

...

Discussions

Resolved! Running XQL Query to XDR from an Automation Script : Receiving 500 Bad Synatax from valid query

Send file via email to end user

Resolved! How to sync XSOAR to another XSOAR?

Enable and disable integration instance from playbook/automation

Propagation labels problem

Resolved! File upload from XSOAR war room to Sentinel watchlist

Access denied for Cortex XSOAR Customer success Webinar: Case management.

'Failed to parse JSON object from response' while integrating Microsoft Defender for Cloud Apps with XSOAR

Export indicators with custom indicator fields

Resolved! Error with Set Command context

Resolved! Widget to display Active Logged in XSOAR user (SOC Analyst)

Resolved! XSOAR Community edition trial only 30 days

Parse email attaachement using EWS V2 Extension

extend-context of multiple columns at once

Resolved! Search custom fields in report query

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

Re: Cortex XSOAR intergration with Terraform Cloud?

Splunk integration - Mirroring not working

Unlock your full community experience!

Resolved! Running XQL Query to XDR from an Automation Script : Receiving 500 Bad Synatax from valid query

Resolved! How to sync XSOAR to another XSOAR?

Resolved! File upload from XSOAR war room to Sentinel watchlist

Resolved! Error with Set Command context

Resolved! Widget to display Active Logged in XSOAR user (SOC Analyst)

Resolved! XSOAR Community edition trial only 30 days

Resolved! Search custom fields in report query