This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Help ML models

Hello, I need some help to understand how ML models work in XSOAR. In the documentation, I can only see models related to emails. I'd like to create a model just with the close reason, False Positive or True Positive. I already trained the model, however, I don't know exactly which are the inputs of the training or the inputs to use the model.

Josep by L4 Transporter
  • 1618 Views
  • 1 replies
  • 0 Likes

Question Regarding Mirroring Integration In Cortex XSOAR

I've a couple of questions regarding mirroring in Cortex XSOAR which are listed below. 1. Is it possible to change the status of the XSOAR incident from Pending to Active in the get-remote-data command? I have checked couple of mirroring integration (e.g. ServiceNow v2, XSOAR Mirroring) and they are only closing the XSOAR incident once the remot...

Multiple Question realted to assign owner from playbook

Guys, I Have Phishing Playbook consists of two big parts: a- L1 Phishing playbook. b- L2 Phishing playbook. The flow starts from L1 doing the needed automation and tasks like (Extracting IOCs, Headers, Doing Enrichment, making Splunk searches, .... etc.) Then it will stop at the stopping point which ask the Analyst to categorize which type ...

Demisto.db Read only Error

Dears, I am facing an issue in one of the tenants as below once I am trying to press anything and as I check the directory I found that demisto is the owner and the permissions are drwxr. Appreciate any Support. "Write /var/lib/demisto/tenents/(tenant Name)/data/demisto.db: read-only file system "

mkhalil5 by L0 Member
  • 1458 Views
  • 1 replies
  • 0 Likes

How to run playbook on scheduled interval for all XSOAR Incidents?

Hello team, I've use-case where I need to fetch related events for a particular incident periodically. For that, I've prepared a playbook which will pull the events related to each XSOAR incident and link that data in Contex of a particular XSOAR incident. As this needs to be applied to all incidents of selected custom incident type and I want m...

SHadfa by L0 Member
  • 5135 Views
  • 4 replies
  • 0 Likes

Resolved! How to set a war room entry as evidence from a single automation

Hi everyone, The task looks simple with "markAsEvidence" but I have to run 2 tasks to get it done. Is there a way to send an entry to the war room and mark it as evidence from the same automation without having to run the automation twice. As it seems an automation can access only the initial state of the the incident that is when automation ...

EnesOzdemir_0-1673605185180.png
EnesOzdemir_1-1673605250812.png

closing multiple incidents with postprocessing scripts causes xsoar to hang

Hi all, I am working with Carbon Black EDR so I want incidents to be closed not only on xsoar but also on carbon black instance. To achieve that I implemented a post processing script. when an incident on xsoar is closed the script closes the alert on carbon black edr too . It works fine when working with a single incident. Things get complica...

EnesOzdemir_0-1665045390481.png

XSOAR License URI

Hello everyone,I want to access the XSOAR license date, but whatever I type in the 'uri' field does not return results (for demisto-api-get and internalHTTPRequest). How can I access it?I tried many uri like "!demisto-api-get uri=/license" but I could not access it.

Use TensorFlow models inside XSOAR automation

Hello, We'd like to create our own TensorFlow models to improve the system. The model will be trained and tested outside XSOAR, while the production model will be set inside an automation. The main problem here is whether XSOAR containers could have enough resources to make it work. The other option is to create a server to communicate via API w...

Josep by L4 Transporter
  • 1371 Views
  • 1 replies
  • 0 Likes

Resolved! Display flags in long XSOAR automation

Hello, A long automation with no time limit is created. However, when we execute it, there's no way to know if it's executing properly. We've tried: "demisto.results" and putting information in the context but it only appears when it's completely executed. How can we display flags to know the progress of an automation?

SanDev by L2 Linker
  • 3974 Views
  • 7 replies
  • 0 Likes

Resolved! MS 365 Defender Integration Error

Hi, I'm installing MS 365 Defender Addon using the guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender), and the "Self-Deployed Application - Client Credentials Flow" method. I have registered the app in Azure, and configured the addon with the App data (App Id, Secret, Tenant Id...) as in the guide. When I exec...

MTubia_0-1673396136905.png
MTubia by L1 Bithead
  • 5221 Views
  • 6 replies
  • 0 Likes

Resolved! XSOAR Multi tenant Cortex Data Lake Integration

Hi, I'm checking the manual on how to set up integration between XSOAR and CDL. https://xsoar.pan.dev/docs/reference/integrations/cortex-data-lake If it is a multi-tenant XSOAR environment, what HUB should I go to for set-up(Step1 and Step4)? For example, I have an XSOAR environment for which I owned the license. And I want to integrate it...

Resolved! xsoar initial admin login fails - websockets error and CSRF token match problem

I installed xsoar 6.6 according to the instructions and am using nginx as a front-end. I also configured nginx according to the instructions, but I am connecting to xsoar from nginx via http and port 8080 (as opposed to https/443 as used in the example nginx config).I created the otc.conf.json file with the initial admin user and restarted the ...

bchill by L1 Bithead
  • 4726 Views
  • 3 replies
  • 0 Likes
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks