Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Rasterize PDF format queries

Hi,

 

I created a PDF report using rasterize with HTML body content. The XSOAR variables I put contains URLs and Email addresses.

My first challenge i faced was the variables when replaced with the acutal values (URLs and emails), they are clickable.

...

XSOAR Engine Storage Requirements

Hi,

 

As per the below link its mentioned minimum storage requirement for XSOAR engine is 100 GB. And for drive partition it is recommended to allocate 50 GB for /var and 50 GB for /home is XSOAR engine is getting installed on RHEL 8.x. In this case

...

DP696 by L2 Linker
  • 1638 Views
  • 1 replies
  • 0 Likes

Cortex XSOAR tool integrations methods

Hi,

 

As per below link the integrations can be executed REST API, webhooks, and other techniques. So I'd like to know about what are the other methods available in XSOAR platform.

 

https://xsoar.pan.dev/docs/concepts/concepts#:~:text=Product%20inte

...

DP696 by L2 Linker
  • 3176 Views
  • 3 replies
  • 0 Likes

Resolved! OS Requirement for Cortex XSOAR engine deployment

Hi,

 

In one of the XSOAR documentation its mentioned "For all Linux deployments except RHEL 7.x (for example Ubuntu, CentOS, etc.). Automatically installs Docker, downloads Docker images, enables remote engine upgrade, and allows installation of mul

...

DP696 by L2 Linker
  • 2881 Views
  • 2 replies
  • 0 Likes

Resolved! Body email

Hi,

 

In a playbook I'm using the automation 'send e-mail (EWSO365)'.

 

In the body of the email I'm adding a list that the playbook has generated as following:

 

Get
inputs.BreachData
Override input
Where
No filters applied
Transformers
JsonT
...

SteveB by L0 Member
  • 2687 Views
  • 2 replies
  • 0 Likes

Endpoint Antivirus Exclusion list

Dears,

 

Kindly need your support for the following:

• we need to install the below as security controls on our XSOAR server (RHEL8):

o McAfee Endpoint security (latest version) for Linux.

o Cyber Reason EDR.

kindly provide what is the Antivirus exclus

...

Resolved! Linked incident offense close

Hi,

 

A pre-process rule tests some condition and "link-close" incident into a previous one, and this works great. But i need to close related offense in qradar as well as the xsoar itself, with a sole preprocess rule deployed incident is closed in xso

...

accepting custom cert -failed

Have followed this kb however under instance, it is still unable to test successfully when unchecking the trust all certification options under the integrated instance.

 

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/d

...

Aneo_0-1657771048980.png

Create a PDF file from context

Hi,

I am trying to create playbook where IOCs are extracted and enriched and then values are send as a PDF file via email.

I reached the part where the IOCs are parsed and enriched, but I am stuck at creating the PDF file.

 

Is it possible to create a PD

...

  • 1118 Posts
  • 34 Subscriptions
Top Solution Authors
Top Liked Authors