This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

How to remove Integration "cache" completely

Hi,

 

We are facing an issue where the integration ran into an error trying to pull an investigation from Secureworks, where an asset was not found, and the integration kept giving the same error continuously and would not pull the next investigation

...

Resolved! SLA Total Duration field in incident table

I can query successfully tickets that have an SLA > than X seconds.

 

What I'm having trouble with is displaying a field in the incident table. 

For example:  If i pull back tickets that have an SLA.TotalDuration > 2 days, I want to see the tickets an

...

JoshBoyd_0-1672172248049.png
JoshBoyd_1-1672172316199.png
JoshBoyd by L2 Linker
  • 2176 Views
  • 1 replies
  • 0 Likes

Resolved! Replying to an Email using a Playbook

Hi All,

 

I need to automate customer follow ups using XSOAR. My requirements are as below.

 

  • Listen to emails and create incidents for each sent email - EWS V2 is being used for this
  • Once the initial mail is sent XSOAR will follow up with the custome
...

Podman - Docker - new Integration

Why does every time I install a new Integration like (Splunk) I get a warning ( unavailable docker image 'demisto/python3XXXXXX' ) Used by Integration (name of the integration)?

although I have opened the access and if I go to the console i can pull t

...

Cortex XDR Incident

Hello everyone, we started dealing with Cortex XDR and after getting the furst Incident, I am kinda lost. I am not even sure whats the issue, there is a lot of "information" on the management console. For example, the Incident, under "Key Assets & Ar

...

klerini by L0 Member
  • 1415 Views
  • 1 replies
  • 0 Likes

How to count the playbook

We have a question for how to count the playbook?

 

We have a function with 3 product and 3 version.
How to count/quantify the playbook? Is 3 product X 3 vesrions =9 playbook?

For the playbook should different versions/bands be in the different playboo

...

Resolved! Subplaybook execution count

Hi!

 

Is there a way to count how many times was the specific subplaybook executed across mutliple/all incidents? How to ensure the number includes loops in subplaybooks?

The reason I need this number is to better understand ROI of the platform.

 

Th

...

Antanas by L2 Linker
  • 1777 Views
  • 1 replies
  • 0 Likes

Transformer to delete line breaks in a string

Hello,

Some data is introduced in XSOAR with line breaks. Example:

 

data1,

data2,

data3,

data4

 

This data is joined with "," to be introduced in a task. However, data is not parsed correctly and the line breaks are introduced, causing an incorrect

...

Josep by L4 Transporter
  • 2414 Views
  • 2 replies
  • 0 Likes
  • 1255 Posts
  • 43 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks