Cortex XSOAR Discussions

Endpoint Antivirus Exclusion list

Dears,

Kindly need your support for the following:

• we need to install the below as security controls on our XSOAR server (RHEL8):

o McAfee Endpoint security (latest version) for Linux.

o Cyber Reason EDR.

• kindly provide what is the Antivirus exclus

...

Resolved! Linked incident offense close

Hi,

A pre-process rule tests some condition and "link-close" incident into a previous one, and this works great. But i need to close related offense in qradar as well as the xsoar itself, with a sole preprocess rule deployed incident is closed in xso

...

CIRCL hashlookup (hashlookup.circl.lu) 1.0.0 3167802 returns error when no results

When the integration is used on non-existent hash:

!file file=2795b688bb5918e092e0ee33cd25aa98

Then it end with error:

Reason

Failed to execute file command. Error: Error in API call [404] - NOT FOUND {"message": "Non existing MD5", "query": "2795b688bb5

...

accepting custom cert -failed

Have followed this kb however under instance, it is still unable to test successfully when unchecking the trust all certification options under the integrated instance.

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/d

...

Create a PDF file from context

Hi,

I am trying to create playbook where IOCs are extracted and enriched and then values are send as a PDF file via email.

I reached the part where the IOCs are parsed and enriched, but I am stuck at creating the PDF file.

Is it possible to create a PD

...

XSOAR Integration with Cisco IronPort Email API - Code Missed on Backend

Hi Team,

Can you please help here to integrate Cisco ESA(API V2) with XSOAR . I have tried with the following integration from marketspace "Cisco IronPort Email API (Community Contribution)" which is developed using API v2. But unfortunately It pop

...

Error in Splunk integration Splunkpy

Hello everyone,

While testing the integration of Splunk to XSOAR with Splunkpy, I'm getting this error:

Anyone know how to solve it?

Thanks for your support.

Resolved! Assigning an array of Values to a key/variable

Hey guys,

I'm working on separating internal and external IP(s) on a playbook and I want to use those values in a email body. So currently I'm using a temporary list to store IP(s) then call when needed in the same playbook with ${lists.templist}.

...

Communication Task Authentication failed

Hi,

I want users to authenticate in Cortex XSOAR before answering the form sent by mail like explained here https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-5/cortex-xsoar-admin/playbooks/playbook-tasks/communication-tasks/create-a-data-collec

...

Handling errors in a playbook

I'm looking to change the flow of my playbook not only if errors are encountered in my tasks, but dependant also on what those errors are. I found a tutorial on docs.paloaltonetworks.com that included this:

Step 3: For new tasks, in the Task Name f

...

Dbot Score for Virustotal IP check is always 1

Hey Guys,

I'm facing this issue that doesn't matter how malicious the IP is Dbotscore is being 1 for the VT IP automation,

Things I tried,

1. Setting a threshold in VT integration for 1.

2 . Setting the reliability to A+

2. Running the command

...

Resolved! SetGridField Issue

I'm testing the inbuilt playbook "Integrations and Incidents Health Check" , however it throws an error on the block which contains SetGridField, which is the error shown below.

I have few questions regarding the automation and troubleshooting,

1) W

...

Resolved! A question from the Phishing V3 webinar: Phishing Campaign Ticketing

Will a Phishing campaign ticket is opened automatically, If yes - when?

Note: This question was asked during our Customer Success Webinar: Phishing V3

Cortex XSOAR

Resolved! A question from the Phishing V3 webinar: URL & ML

Any action(decision-making) ideas by using the URL Phishing & Machine learning Model?

Note: This question was asked during our Customer Success Webinar: Phishing V3

Cortex XSOAR

Resolved! A question from the Phishing V3 webinar: URL Prediction

How does the URL prediction reach out to the potentially malicious URL without leaving artifacts that will be traced back to our environment?

Note: This question was asked during our Customer Success Webinar: Phishing V3

Cortex XSOAR

Discussions

Endpoint Antivirus Exclusion list

Resolved! Linked incident offense close

CIRCL hashlookup (hashlookup.circl.lu) 1.0.0 3167802 returns error when no results

accepting custom cert -failed

Create a PDF file from context

XSOAR Integration with Cisco IronPort Email API - Code Missed on Backend

Error in Splunk integration Splunkpy

Resolved! Assigning an array of Values to a key/variable

Communication Task Authentication failed

Handling errors in a playbook

Dbot Score for Virustotal IP check is always 1

Resolved! SetGridField Issue

Resolved! A question from the Phishing V3 webinar: Phishing Campaign Ticketing

Resolved! A question from the Phishing V3 webinar: URL & ML

Resolved! A question from the Phishing V3 webinar: URL Prediction

Can XSOAR disk space vary automatically?

Assign incident to new owner

unable to push the content from dev to prod

JSON Sample Incident Generator

Rename table headers

Re: Dashboard Graph Display Incident Count Per Month

Dashboard Graph Display Incident Count Per Month

Re: Incident Parent-Child Relationship

Re: Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.

Re: Couldn't sort by date in bar graph widget in Dashboard

Unlock your full community experience!

Resolved! Linked incident offense close

Resolved! Assigning an array of Values to a key/variable

Resolved! SetGridField Issue

Resolved! A question from the Phishing V3 webinar: Phishing Campaign Ticketing

Resolved! A question from the Phishing V3 webinar: URL & ML

Resolved! A question from the Phishing V3 webinar: URL Prediction