I urgently need to download Cortex XSOAR 6.6 version. Can anybody share the link or steps to download Cortex XSOAR 6.6.0 (B3124193). I really appreciate any help you can provide.
Guys, I Have Phishing Playbook consists of two big parts: a- L1 Phishing playbook. b- L2 Phishing playbook. The flow starts from L1 doing the needed automation and tasks like (Extracting IOCs, Headers, Doing Enrichment, making Splunk searches, .... etc.) Then it will stop at the stopping point which ask the Analyst to categorize which type ...
Dears, I am facing an issue in one of the tenants as below once I am trying to press anything and as I check the directory I found that demisto is the owner and the permissions are drwxr. Appreciate any Support. "Write /var/lib/demisto/tenents/(tenant Name)/data/demisto.db: read-only file system "
Hello team, I've use-case where I need to fetch related events for a particular incident periodically. For that, I've prepared a playbook which will pull the events related to each XSOAR incident and link that data in Contex of a particular XSOAR incident. As this needs to be applied to all incidents of selected custom incident type and I want m...
Hi, What's the drawback of enabling 'trust any certificate' in integration? Thanks
Hi everyone, The task looks simple with "markAsEvidence" but I have to run 2 tasks to get it done. Is there a way to send an entry to the war room and mark it as evidence from the same automation without having to run the automation twice. As it seems an automation can access only the initial state of the the incident that is when automation ...
Hi all, I am working with Carbon Black EDR so I want incidents to be closed not only on xsoar but also on carbon black instance. To achieve that I implemented a post processing script. when an incident on xsoar is closed the script closes the alert on carbon black edr too . It works fine when working with a single incident. Things get complica...
Hello everyone,I want to access the XSOAR license date, but whatever I type in the 'uri' field does not return results (for demisto-api-get and internalHTTPRequest). How can I access it?I tried many uri like "!demisto-api-get uri=/license" but I could not access it.
Hello, We'd like to create our own TensorFlow models to improve the system. The model will be trained and tested outside XSOAR, while the production model will be set inside an automation. The main problem here is whether XSOAR containers could have enough resources to make it work. The other option is to create a server to communicate via API w...
Hello, A long automation with no time limit is created. However, when we execute it, there's no way to know if it's executing properly. We've tried: "demisto.results" and putting information in the context but it only appears when it's completely executed. How can we display flags to know the progress of an automation?
Hi, I'm installing MS 365 Defender Addon using the guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender), and the "Self-Deployed Application - Client Credentials Flow" method. I have registered the app in Azure, and configured the addon with the App data (App Id, Secret, Tenant Id...) as in the guide. When I exec...
Hi, I'm checking the manual on how to set up integration between XSOAR and CDL. https://xsoar.pan.dev/docs/reference/integrations/cortex-data-lake If it is a multi-tenant XSOAR environment, what HUB should I go to for set-up(Step1 and Step4)? For example, I have an XSOAR environment for which I owned the license. And I want to integrate it...
I installed xsoar 6.6 according to the instructions and am using nginx as a front-end. I also configured nginx according to the instructions, but I am connecting to xsoar from nginx via http and port 8080 (as opposed to https/443 as used in the example nginx config).I created the otc.conf.json file with the initial admin user and restarted the ...
Hello, Data key received from API calls don't always have the same format in the context. Example: Sometimes it could be: data.[0].results.username data.results.[0].username data.[0].results.[0].username data.results.username The API call is the one creating these formats in the context. There's no possibility to change the call. How can the inp...
Hello, I'm using !SearchIncidentsV2 query=`name: "This is a test"`, just to find the incidents with name "This is a test". However, when the command is executed, it shows not only those incidents but also incidents with longer names, for example: "This is a test (russ)". How can the command limit to the strict words?
