Cortex XSOAR Discussions

Resolved! Search custom fields in report query

Hi,

I think subject is clear enough that what i want to  , for some reason i want to query on some custom fields in report query page. As below pictures presents "domain" is the custom field that i need to query but no way to call it in report que

...

I want to attach attachment in incident using playbook.

Hi Team, I have one use case I wanted to attach an attachment in an incident using the playbook. So I have one command which retrieves attachments of particular incidents. I have created one playbook which first retrieves the attachment of a particu

...

XSOAR Search queries

Hello Team,

Trying to remove tags from multiple cases at one go however failed due to incorrect syntax.

!lr-case-tags-remove case_id:"16563,16532,16626" tag_numbers=154
Should it be split into multiple lines to execute? could someone assist me wi

...

Automate download of playbooks backup

Hello,

Is there any way to automate this?

Thank you in advance

Notify user by Microsoft Teams from XSOAR

Hello,

I'd like to send direct messages using Microsoft Teams from XSOAR. No command was found inside Microsoft Teams integration to do it. Do you know how can create this feature?

Resolved! Creation of table from arrays

I am trying to create a table something like this:

I already have arrays (of names in this example) for each situation. So my HasX array would be like ["John", "Roger"] and my 'doesn't have X' array would be ["Steve"], and similar for Y with ["R

...

Resolved! not able to retrieve Extend Context Output

Hi Team,

I'm trying to get the output field which I want in "jira-issue-query" command. But I couldn't be able to get it.

Below are the default outputs for Jira Issue. Now I want only one particular Field as an output.

So I used Extend Context f

...

Cortex XSOAR Multi-Tenant Live Backup License File

Hi,

Does someone know how long the demisto requires to complete the sync license from the primary server to the backup server?

Please note you are posting a public message where community members and experts can provide assistance. Sharing private i...

integration mirroring vs post processing script mirroring

Our current setup mirrors incidents by post processing scripts. Bulk incident close makes too much noise in the system. It creates a container for each incident at the same time. It can overload the system from time to time. How does mirroring in the

...

Preprocess rule - link & run a script in the same rule

Hi,

Is there a way to configure pre-process rule to link and run preprocess script? I have to link incidents with few identical fields and set some fields values using script. I thought to make preprocess script which will do both, but I ran into a

...

How to modify edit fields form applied to multiple incident types for bulk editing

Hi All,

I'm attempting to add a custom field to the edit feature in XSOAR and cannot find any documentation when it comes to having that field show up in the edit form when editing multiple incidents regardless of type. When the edit layout is upda

...

Resolved! How to mirror XSOAR severity incident field with an integrations severity

What is the best path to change XSOARs incident severity to match the severity another tool is pulling in?

Ex. PhishER (KnowBe4) has it's own severity field called "PhishER" Severity, I want XSOAR's severity to mirror the incoming PhisihER severit

...

Resolved! How to add additional Input in "Jira-edit-Issue" task ?

Hi All,

"Jira-edit-Issue" task has some default Arguments as Inputs (eg: IssueID, priority,status, summary, description etc.,). Now I need to add new field as Inputs to edit jira issue from XSOAR.

Can anyone tell how to include/add new inputs i

...

Create a job to check if an instance pull has failed

Hello,

Sometimes on instance fails pulling the data, however the instance has connection. It's just an error feeding the instance.

How can a job be created to check is a pull has failed?

Put alerts of the same type in just a single one daily.

Hello,

I receive many alerts of the same type each day creating an incident for each.

I would like to put together all them in an incident and avoid creating incidents individually. So it will be solved just once.

Discussions

Resolved! Search custom fields in report query

I want to attach attachment in incident using playbook.

XSOAR Search queries

Automate download of playbooks backup

Notify user by Microsoft Teams from XSOAR

Resolved! Creation of table from arrays

Resolved! not able to retrieve Extend Context Output

Cortex XSOAR Multi-Tenant Live Backup License File

integration mirroring vs post processing script mirroring

Preprocess rule - link & run a script in the same rule

How to modify edit fields form applied to multiple incident types for bulk editing

Resolved! How to mirror XSOAR severity incident field with an integrations severity

Resolved! How to add additional Input in "Jira-edit-Issue" task ?

Create a job to check if an instance pull has failed

Put alerts of the same type in just a single one daily.

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

Re: Cortex XSOAR intergration with Terraform Cloud?

Splunk integration - Mirroring not working

Unlock your full community experience!

Resolved! Search custom fields in report query

Resolved! Creation of table from arrays

Resolved! not able to retrieve Extend Context Output

Resolved! How to mirror XSOAR severity incident field with an integrations severity

Resolved! How to add additional Input in "Jira-edit-Issue" task ?