Cortex XSOAR Discussions

Resolved! Is it possible to use nested variables in XSOAR?

Hi all,

A customer of ours is trying a curious thing and I am not sure if it is possible in general, so I guessed the best way would be to ask right away. Our customer created a XSOAR list, that contains a html string with context data variables in it

...

Resolved! XSOAR Qradar Ingestion

I am attempting to ingest Qradar into the XSOAR using the Integration. I need to pull custom fields from the SIEM and what I need to understand is as follows;

Is it preferable to pull these fields within an AQL Search at the playbook stage ?

Or is it

...

Finding suppressed incidents

Hello,

I need to make an HTTP request to get suppressed incidents from the main account. Is anyone has an idea how can a filter those incidents? Thanks!

Search in XSOAR for Timers (active incidents)

Hi all
I would like to search in Cortex XSOAR for running timers that exceed a certain time. I tried it but it didn't worked out.
It should work like this that I can search for an timer (in this case detectionsla the total duration) and afterwards it s

...

Bildschirmfoto 2022-02-19 um 12.27.02.png

Bildschirmfoto 2022-02-19 um 12.32.04.png

Resolved! Delete emails in Exchange 2013 Integration

Is it possible to automate deletion of phishing emails if the backend Exchange server is Exchange 2013? I noticed there is an integration for Exchange 2016 but I did not find one for Exchange 2013.

I need to open Support Case

Resolved! conditional check if Azure Entities command returns with "No entries."

Any thoughts on why this is failing; this always returns Entries Found regardless if there are entities or not.

You can see in the screenshot above there are 0 results, no entries.

When I run this script, you'll see the screenshot below.

------Scrip

...

Resolved! ReadPDFFile V2 gives error when reading PDF file

Hi everyone,

I was trying to make a playbook to extract indicators (Hash values, domains, IP addresses) from a PDF file. I tried to use the ReadPDFFile V2 utility, however it gives the below error on 2 of the PDF files I tried.

Command:

!ReadPDFFileV

...

setIncident for single select type

This command works:
demisto.executeCommand('setIncident', {'summary': "test"})`

Note: summary is a custom field of text.

This fails:

demisto.executeCommand('setIncident', {'sentinelclosereason': "JOSH"})

The only difference I can see is that sentinelclos

...

Resolved! XSOAR Trigger off reopen incident / close incident

Onboarding to a new company.
No post processing on incident type (azure sentinel).

When a ticket is closed on the close form, we have a custom "Azure Closure Reason" and "Classification Comment"; based on this we have a script(CloseSentinelCase) that t

...

server not starting after upgrade to 6.2 version

hi All,

I have changed my etc/demisto.conf file to move data folders(https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/manage-data/move-data-folders-to-another-location-on-the-server.html)

and after upgrading my app server

...

Minemeld Alternative

Hello ,

On of our customer is dependent on their partner for Minemeld EDL

The Partner is hosting the Minemeld server and now our customer is planning to build their own Minemeld

As Minemeld is no longer supported by PAN and is purely an open Source s

...

Resolved! How to check custom indicator types with !GetIndicatorDBotScore?

Hi everyone,

does anyone of you know how to check a custom indicator with !GetIndicatorDBotScore?

Due to the recent change in the URL indicator type's regex, we needed to create a new indicator type, that makes use of the old regex. Unfortunately this

...

Cortex Doubt Operations

Hello everyone;

Cortex:
The console reports 481 agents of which it gives with lost connection 110, in the licensing section it indicates 371 agents installed of the 500 licensed, so it seems that it does not take into account those of lost connection,

...

Missing docker images in air-gapped context

Hi everyone,

I'm facing a very strange issue. I've updated server version to 6.5 and loaded all images included in .tar file downloaded through personal link (27,2 GB) and testing integrations I used to take advantage when company didn't have antiviru

...

Discussions

Resolved! Is it possible to use nested variables in XSOAR?

Resolved! XSOAR Qradar Ingestion

Finding suppressed incidents

Search in XSOAR for Timers (active incidents)

Resolved! Delete emails in Exchange 2013 Integration

I need to open Support Case

Resolved! conditional check if Azure Entities command returns with "No entries."

Resolved! ReadPDFFile V2 gives error when reading PDF file

setIncident for single select type

Resolved! XSOAR Trigger off reopen incident / close incident

server not starting after upgrade to 6.2 version

Minemeld Alternative

Resolved! How to check custom indicator types with !GetIndicatorDBotScore?

Cortex Doubt Operations

Missing docker images in air-gapped context

EWS O365 Instance - Not allowed to access Non IPM folder. (85)

Json data in table does not display in PDF reports

Question from Playbook Optimization webinar: Delete context script

Engine For Hosting Web Forms For Data Collection Tasks

Custom Widget Xsoar

Re: XSAOR with HA using Open search Upgrade

Re: Palo Alto Cortex XSOAR - Community Edition

Re: EWS O365 Instance - Not allowed to access Non IPM folder. (85)

EWS O365 Instance - Not allowed to access Non IPM folder. (85)

Re: Select All in Data Collection multi select

Unlock your full community experience!

Resolved! Is it possible to use nested variables in XSOAR?

Resolved! XSOAR Qradar Ingestion

Resolved! Delete emails in Exchange 2013 Integration

Resolved! conditional check if Azure Entities command returns with "No entries."

Resolved! ReadPDFFile V2 gives error when reading PDF file

Resolved! XSOAR Trigger off reopen incident / close incident

Resolved! How to check custom indicator types with !GetIndicatorDBotScore?