Hi,
We are using SAML 2.0 integration for user authentication to XSOAR.
Can someone help to understand what value need to update on "SAML Roles Mapping" in XSOAR under Settings->User and Roles-> Roles.
Thanks,
Deepa
This relates to lifecycle management and removing old unused playbooks/subplaybooks.
We can use the XSOAR Metrics widget to see when a playbook last executed, however this isn't always a good indicator as we have playbooks for rare events which ha
...
Hello, I am trying to convert multiple files with different extensions using the 'ConvertFile' automation, so that it can be display on the layout. However, when there are different types of files in one incident, it keeps giving me an error. What wo
...
Kudos for all the work on developing these playbooks. Are they optimized so the incidents don't get flagged under System Diagnostics (exceptionally big incidents, exceptionally big context, etc)?
Note: This question was asked as part of Cortex XSOA
...
How would you handle an EDR alert that involves more than one file? How does this playbook present this to the user?
Note: This question was asked as part of Cortex XSOAR Customer Success Webinar: Malware Investigation & Response V2
How do you address the extremely high misclassification rate of both file detonation (any semi-sophisticated malware won't divulge any information in a sandbox) as well as the high misclassification by Virustotal (both FP and TP)?
Note: This questi
...
Hi all!
I've been looking at trying to make a section in a layout a static list, but could not find any easy ways to do it.
Essentially what I am looking for is:
I have a layout, in which I have a section called X. Now what I want is that every time an
Hi everybody,
is there a way how to get following information in XSOAR?
- NSLOOKUP - I have an IP address and need to get name from internal DNS server
- Threat Vault info - I have an information from the firewall (threat name and threat ID) and
...
Hi there,
I've just started testing threat feed integration in XSOAR.
For some reason, the integration instance was only downloading 100 indicators on each pull whereas the source has thousands.
Is it because my AWS instance doesn't have a license?
...
Ticking the box in the widget 'Operations' tab and selecting how many rows to show per page doesn't appear to do anything. The table always says "Showing Total 279 results sorted by: Id" and there are no page navigation buttons anywhere. Has anyone
...
Hi,
I have one playbook where I'm using the Builtin ExtractIndicators Function to extract any indicator from one field, and it's working fine:
After this, I call more subplaybooks, and I want, from this subplaybooks, use this indicators for some act
...
Hi everyone,
I am facing a strange issue. I was trying to change the certificate like explained in this link https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/installation/post-installation-checklist/https-with-a-signed-cert
...
Hi All
How can i export the list of users along with their last login
In Seetings > User and Role > Users I am able to see the list of users
But i dont see an option to export this data
I want to export them to review each of them and get approva
...
Hello,
We are using XDR with XSOAR mirroring both direction configuration. It's working. However, incidents created on XSOAR don't close all the alerts of XDR related to the incident. So a post-script should be done to force them to close. What comma
...
