Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

SAML configuration error with Azure AD

Hi,

I am getting following error while trying to login to XSOAR through SSO. I have setup the SAML app on XSOAR with all the attributes provided by AD team.

 

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured f

...

Stopped on waiting

Trying to learn how to use this thing.  I've got a very simple playbook set up that uses the Slack integration to send a simple yes/no prompt to a user.  Within the Playground, I'm able to successfully send simple messages via slack, so the connectio

...

Secrets

How is everyone else doing secrets?

It seems odd to me that everything that might use an API key needs to be an integration instead of an automation.
You can't seem to easily hide plain-text apikeys from an automation at all.

 

For example:

I have a Conta

...

MrDuck by L1 Bithead
  • 2716 Views
  • 3 replies
  • 0 Likes

Cherwell Fetch Incident fails

Hello

 

We use Demisto Version 6.2.0, Build 1271082

 

If I configure a Cherwell Instance to fetch incident but It fails with the following Error:

Spoiler
Error Occurred
Failed to get samples from instance
Error detailsScript failed to run: Error: [Traceback
...

Get Qualys credentials in python script

Hi -

The built in Qualys commands from an instance don't quite do what I want to do so I have a python script that uses the api to grab the last report from a map scan, filter it for systems that have specific ports open, and then upload the ip addres

...

sforslev by L0 Member
  • 2573 Views
  • 3 replies
  • 0 Likes

Resolved! Fetched several incidents without mapping

Hello,

I recently fetched several incidents using an integration without any classification/mapping configured. I have since configured it correctly, is there any way to re-fetch or re-ingest these incidents so they get mapped and processed correctly?

jtorvald by L1 Bithead
  • 2378 Views
  • 2 replies
  • 0 Likes

Cortex XSOAR Context Issue

 

Hi Everyone, 

I have Cortex XSOAR with SplunkPY running and fetching incidents. I am using Splunk classifier and Splunk incoming mapper by default. 

Drill down is being enriched successfully and i can see it parsed at both classifier & mapper stages -

...

2021-09-30_181850.png
2021-09-30_182723.png
Rawabdeh by L1 Bithead
  • 5106 Views
  • 9 replies
  • 0 Likes

demisto-py - Specify Playbook

Hello All,

 

I have a python script using demisto-py that creates tickets based on an input Word document.

 

However, specifying the playbook isn't working.  

 

When I call demisto_client.demisto_api.CreateIncidentRequest() with the "playbookid" field is p

...

twjolson by L0 Member
  • 2317 Views
  • 2 replies
  • 0 Likes

Read-Only role assignment issue

I have deployed a number of other roles using SAML successfully. Now when it comes to assigning the Read-only role this has become a challenge. Unlike the other previously configured roles that also included not only the SAML mapping but also the Shi

...

jpadro by L0 Member
  • 1691 Views
  • 1 replies
  • 0 Likes
  • 932 Posts
  • 30 Subscriptions