Cortex XSOAR Discussions

integration mirroring vs post processing script mirroring

Our current setup mirrors incidents by post processing scripts. Bulk incident close makes too much noise in the system. It creates a container for each incident at the same time. It can overload the system from time to time. How does mirroring in the integration work? Does it mirror incidents one by one without creating a container for each?

Preprocess rule - link & run a script in the same rule

Hi, Is there a way to configure pre-process rule to link and run preprocess script? I have to link incidents with few identical fields and set some fields values using script. I thought to make preprocess script which will do both, but I ran into a problem. As I see during preprocess the incident doesn't have ID assigned yet, so I can't use co...

How to modify edit fields form applied to multiple incident types for bulk editing

Hi All, I'm attempting to add a custom field to the edit feature in XSOAR and cannot find any documentation when it comes to having that field show up in the edit form when editing multiple incidents regardless of type. When the edit layout is updated for any incident type, it is only used when editing a single incident of that incident type. ...

Resolved! How to mirror XSOAR severity incident field with an integrations severity

What is the best path to change XSOARs incident severity to match the severity another tool is pulling in? Ex. PhishER (KnowBe4) has it's own severity field called "PhishER" Severity, I want XSOAR's severity to mirror the incoming PhisihER severity

Resolved! How to add additional Input in "Jira-edit-Issue" task ?

Hi All, "Jira-edit-Issue" task has some default Arguments as Inputs (eg: IssueID, priority,status, summary, description etc.,). Now I need to add new field as Inputs to edit jira issue from XSOAR. Can anyone tell how to include/add new inputs in task ? Thanks, Keerthi

Create a job to check if an instance pull has failed

Hello, Sometimes on instance fails pulling the data, however the instance has connection. It's just an error feeding the instance. How can a job be created to check is a pull has failed?

Put alerts of the same type in just a single one daily.

Hello, I receive many alerts of the same type each day creating an incident for each. I would like to put together all them in an incident and avoid creating incidents individually. So it will be solved just once.

Docker Hardening

Hello, I followed this docker hardening documentation to harden the docker containerzied environment for Cortex XSOAR solutin. I added the first server configuration key as this (docker.run.internal.asuser = true), and reset docker containers then issue this command (!py script="import os;print(os.getuid())") to validate if docker currently...

xSOAR Dashboard Widget - Table column Count for specific field

Hey! I'm trying to get a widget on a dashboard that shows a field and how many times it has triggered next to it.Example: Name: | Alert Count: ---------------------------------------------- Department 1 | 4 Department 2 | 2Department 3 | 6I know the horizontal bar allows you to group by a sp...

CiscoEmailSecurity (Beta) integration works on vesion 14.2.0?

Hello, Now we are using CiscoEmailSecurity (Beta) integration for version 13.8.1, and is going to be updated to 14.2.0. How could we know if it's compatible? Thanks

[DemistoClassApiModule] Why CustomFields in demisto.incident()

Why is there a separate dictionary returned from demisto.incident? Does it matter whether a field is custom or builtin demisto.incident()['CustomFields']['myfield']I am asking this because I am thinking about implementing a custom function in CommonUserPython to grab field values without worrying about if the field is custom or built-in. Would t...

Discussions

integration mirroring vs post processing script mirroring

Preprocess rule - link & run a script in the same rule

How to modify edit fields form applied to multiple incident types for bulk editing

Resolved! How to mirror XSOAR severity incident field with an integrations severity

Resolved! How to add additional Input in "Jira-edit-Issue" task ?

Create a job to check if an instance pull has failed

Put alerts of the same type in just a single one daily.

Docker Hardening

xSOAR Dashboard Widget - Table column Count for specific field

CiscoEmailSecurity (Beta) integration works on vesion 14.2.0?

[DemistoClassApiModule] Why CustomFields in demisto.incident()

I found the issue cannot save filter in the Playground War Room

How to find incidents with a particular key present in context ?

Multi Tenant Automation

[Multi-Tenant] How to sync jobs to tenants

XSOAR Dev to Prod - Builtin content repository

Still waiting on XSOAR Community Edition + Cortex XDR lab access

Result empty after using json2html script

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Re: Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Re: Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Re: Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Re: Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

Re: Incident Parent-Child Relationship

Unlock your full community experience!

Resolved! How to mirror XSOAR severity incident field with an integrations severity

Resolved! How to add additional Input in "Jira-edit-Issue" task ?