This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

'Failed to parse JSON object from response' while integrating Microsoft Defender for Cloud Apps with XSOAR

Hi,I encountered the error 'Failed to parse json object from response: b'\r\n\r\n<!-- Copyright (C) Microsoft Corporation. All rights reserved.' when trying to integrate 'Microsoft Defender for Cloud Apps' using client credentials authentication method with XSOAR. Can someone help me to fix the issue. Since its an OOTB integration I believe t...

DP696 by L2 Linker
  • 4093 Views
  • 3 replies
  • 1 Likes

Export indicators with custom indicator fields

Our detection engineering team wants to upload a list of IOCs to XSOAR and get the VirusTotal scores of them as a csv file. Through an automation I am extracting and enriching all the indicators and running !ExportIndicatorsToCSV query="investigationIDs:47" columns="id,indicator_type,value,vtscore" VT Score is a custom indicator field. It ho...

Resolved! Error with Set Command context

Hi all the community,i face a problem when using set Command, you find bellow the error: ===ERROR DBotFebruary 15, 2023 12:09 PMScripts returned an error#2: add Test key to contextCommand:!Set key="test" value="abc" stringify="false" extend-context="incident"ReasonError from Scripts is : Script failed to run: open /usr/local/demisto/res/_script_...

play book set error.PNG

Resolved! XSOAR Community edition trial only 30 days

Hello, I'm trying to deploy XSOAR at home just to try out some ideas. However, a 30 day trial is not enough time to attempt it. Is there a way to acquire a limited version of XSOAR but with no time restriction? Attentively, Josep

Josep by L4 Transporter
  • 4428 Views
  • 2 replies
  • 0 Likes

Parse email attaachement using EWS V2 Extension

Hi all,actually i am configuring an abuse email box that will receive all email that are suspected to be a phishing email,actually when we send the suspected email as en EML attachement to the abuse email box that is alredy configured via EWS instance, we cannot find the orginial message parsed via mapping editor,we only find the attachement fil...

extend-context of multiple columns at once

Hi all.I'm struggling a lot to solve a particular issue.I am performing a Log analytics query which returns 4 columns (named AuthenticationRequirement, ResultType, ExternalUser and TrustedNetwork). The result could result in multiple rows with these 4 columns.I want to map each of these columns to a separate key, but I don't find a suitable way ...

EspenAbildgaard_0-1664871502807.png
EspenAbildgaard_0-1664872920815.png
EspenAbildgaard_0-1664872384980.png

Resolved! Search custom fields in report query

Hi, I think subject is clear enough that what i want to 🙂 , for some reason i want to query on some custom fields in report query page. As below pictures presents "domain" is the custom field that i need to query but no way to call it in report query page. Changing mapper and map to a searchable filed is a workaround but i need to query exa...

MKececioglu_0-1658219660817.png
MKececioglu_1-1658219709934.png

I want to attach attachment in incident using playbook.

Hi Team, I have one use case I wanted to attach an attachment in an incident using the playbook. So I have one command which retrieves attachments of particular incidents. I have created one playbook which first retrieves the attachment of a particular incident and then in the second task I'm using setIncident command to update incidents with a...

shreyash_412_1-1675055542282.png

XSOAR Search queries

Hello Team, Trying to remove tags from multiple cases at one go however failed due to incorrect syntax. !lr-case-tags-remove case_id:"16563,16532,16626" tag_numbers=154 Should it be split into multiple lines to execute? could someone assist me with the best way to achieve this requirement. Regards Parans

Parans by L0 Member
  • 1678 Views
  • 1 replies
  • 0 Likes

Resolved! Creation of table from arrays

I am trying to create a table something like this: I already have arrays (of names in this example) for each situation. So my HasX array would be like ["John", "Roger"] and my 'doesn't have X' array would be ["Steve"], and similar for Y with ["Roger", "Steve"] and ["John"] for the two properties. I feel like I have all the information to ...

JMaton1_1-1665053040919.png
JMaton1 by L1 Bithead
  • 3425 Views
  • 2 replies
  • 0 Likes

Resolved! not able to retrieve Extend Context Output

Hi Team, I'm trying to get the output field which I want in "jira-issue-query" command. But I couldn't be able to get it. Below are the default outputs for Jira Issue. Now I want only one particular Field as an output. So I used Extend Context field to get the desired output (in this case, I want only the "ID" field as an ouput) But, I'm no...

Keerthigav_0-1675825392522.png
Keerthigav_1-1675825630484.png

Cortex XSOAR Multi-Tenant Live Backup License File

Hi, Does someone know how long the demisto requires to complete the sync license from the primary server to the backup server? Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.

image.png
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks