Cortex XSOAR Discussions

Resolved! SearchIncidentsV2 doesn't obtain only incidents with the exact name.

Hello,

I'm using !SearchIncidentsV2 query=`name: "This is a test"`, just to find the incidents with name "This is a test". However, when the command is executed, it shows not only those incidents but also incidents with longer names, for example: "Th

...

XSOAR XDR Query Context Data Delay

Hi everybody,

could you please help me with following issue?

When I use XQL query to XDR dataset (!xdr-xql-generic-query) it returns correct data to the War room but before are this data moved to Context data it takes almost 5 minutes (No matter how

...

XSOAR Proofpoint TAP and TRAP Email Ingestion

Palo Alto XSOAR is not able to ingest Proofpoint's TAP (Targeted Attack Protection) or TRAP (Threat Response Auto-Pull) emails. Because of the automation that is being done with TAP and TRAP, these emails do not go through XSOAR for "phishing" analys

...

Resolved! A question from XSOAR 8 Overview Webinar: XSOAR deployment

Can we deploy XSOAR to azure or AWS?

Note: This question was asked as part of Cortex XSOAR 8 Overview Webinar

Resolved! A question from XSOAR 8 Overview Webinar: Dev to Prod

How will Dev-to-Prod will work in XSOAR 8.0?

Note: This question was asked as part of Cortex XSOAR 8 Overview Webinar

Resolved! A question from XSOAR 8 Overview Webinar: Git repos

Will it still be possible to use your own git repos?

Note: This question was asked as part of Cortex XSOAR 8 Overview Webinar

Resolved! Problem with setIncident command

I am working on a new automation which gets triggered dynamically from layout where in I need to check a custom attribute has changed in my remote machine, then update it on the xsoar incident. The custom attribute is a list/array. This is what I am

...

Update automation script docker image version automatically

I have an automation script which updates all the non custom docker images versions to the latest version of it.

It works well and updates all the non custom docker images to the latest version of it from docker images.

Now I have some automation sc

...

Microsoft Graph Mail Single User application approvation

I tried to activate the approval process using this link: https://oproxy.demisto.ninja/ms-graph-mail-listener
The process stops with this screen after entering the credentials.

So I can't acquire ID, Token, and Key.
What could have gone wrong?

IronPort integration with XSOAR, receiving to mails

Hi, I wondered if it's possible to check URLs from mails via integration with XSOAR and then send a response with verdict to those address which was recipient for this mail under investigation?

Maybe you can advice some features for realization or s

...

Test sample in the playbook

Hi,

Is it possible to influence the sample data that is shown in playbook edit mode, when using Test to validate the data in any task? I find that in some playbooks it can give me to select the latest incident of that type, but on others - it only

...

Appending Incident field from a script

Dears,

I am blocking urls on a security control then save the value of URL in incident field name (blocked urls) using setIncident command,

But every time I block new url the incident field is not appending the new url to the old url. It replace

...

Resolved! Invoke a automation method from other automation

Hi,

Can someone help me to call a method of one automation from a other automation script. Can't copy past the code into other, because the code requires different docker image to run.

Thanks in advance 

Resolved! Task to find incidents with same SourceBrand

SearchIncidentsV2 don't show all the columns needed to find the incidents wanted. How can this columns be shown to search inside them?

Resolved! HTTPS with a Signed Certificate

Hi,

As per the below link, XSOAR on-perm services by default use self-signed certificates for secure HTTP connections. It would be great if you confirmed this would be applicable for the hosted service as well.

https://docs.paloaltonetworks.com/co

...

Discussions

Resolved! SearchIncidentsV2 doesn't obtain only incidents with the exact name.

XSOAR XDR Query Context Data Delay

XSOAR Proofpoint TAP and TRAP Email Ingestion

Resolved! A question from XSOAR 8 Overview Webinar: XSOAR deployment

Resolved! A question from XSOAR 8 Overview Webinar: Dev to Prod

Resolved! A question from XSOAR 8 Overview Webinar: Git repos

Resolved! Problem with setIncident command

Update automation script docker image version automatically

Microsoft Graph Mail Single User application approvation

IronPort integration with XSOAR, receiving to mails

Test sample in the playbook

Appending Incident field from a script

Resolved! Invoke a automation method from other automation

Resolved! Task to find incidents with same SourceBrand

Resolved! HTTPS with a Signed Certificate

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

Re: Cortex XSOAR intergration with Terraform Cloud?

Splunk integration - Mirroring not working

Unlock your full community experience!

Resolved! SearchIncidentsV2 doesn't obtain only incidents with the exact name.

Resolved! A question from XSOAR 8 Overview Webinar: XSOAR deployment

Resolved! A question from XSOAR 8 Overview Webinar: Dev to Prod

Resolved! A question from XSOAR 8 Overview Webinar: Git repos

Resolved! Problem with setIncident command

Resolved! Invoke a automation method from other automation

Resolved! Task to find incidents with same SourceBrand

Resolved! HTTPS with a Signed Certificate