This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Demisto.db Read only Error

Dears, I am facing an issue in one of the tenants as below once I am trying to press anything and as I check the directory I found that demisto is the owner and the permissions are drwxr. Appreciate any Support. "Write /var/lib/demisto/tenents/(tenant Name)/data/demisto.db: read-only file system "

mkhalil5 by L0 Member
  • 1417 Views
  • 1 replies
  • 0 Likes

How to run playbook on scheduled interval for all XSOAR Incidents?

Hello team, I've use-case where I need to fetch related events for a particular incident periodically. For that, I've prepared a playbook which will pull the events related to each XSOAR incident and link that data in Contex of a particular XSOAR incident. As this needs to be applied to all incidents of selected custom incident type and I want m...

SHadfa by L0 Member
  • 4914 Views
  • 4 replies
  • 0 Likes

Resolved! How to set a war room entry as evidence from a single automation

Hi everyone, The task looks simple with "markAsEvidence" but I have to run 2 tasks to get it done. Is there a way to send an entry to the war room and mark it as evidence from the same automation without having to run the automation twice. As it seems an automation can access only the initial state of the the incident that is when automation ...

EnesOzdemir_0-1673605185180.png
EnesOzdemir_1-1673605250812.png

closing multiple incidents with postprocessing scripts causes xsoar to hang

Hi all, I am working with Carbon Black EDR so I want incidents to be closed not only on xsoar but also on carbon black instance. To achieve that I implemented a post processing script. when an incident on xsoar is closed the script closes the alert on carbon black edr too . It works fine when working with a single incident. Things get complica...

EnesOzdemir_0-1665045390481.png

XSOAR License URI

Hello everyone,I want to access the XSOAR license date, but whatever I type in the 'uri' field does not return results (for demisto-api-get and internalHTTPRequest). How can I access it?I tried many uri like "!demisto-api-get uri=/license" but I could not access it.

Use TensorFlow models inside XSOAR automation

Hello, We'd like to create our own TensorFlow models to improve the system. The model will be trained and tested outside XSOAR, while the production model will be set inside an automation. The main problem here is whether XSOAR containers could have enough resources to make it work. The other option is to create a server to communicate via API w...

Josep by L4 Transporter
  • 1326 Views
  • 1 replies
  • 0 Likes

Resolved! Display flags in long XSOAR automation

Hello, A long automation with no time limit is created. However, when we execute it, there's no way to know if it's executing properly. We've tried: "demisto.results" and putting information in the context but it only appears when it's completely executed. How can we display flags to know the progress of an automation?

SanDev by L2 Linker
  • 3787 Views
  • 7 replies
  • 0 Likes

Resolved! MS 365 Defender Integration Error

Hi, I'm installing MS 365 Defender Addon using the guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender), and the "Self-Deployed Application - Client Credentials Flow" method. I have registered the app in Azure, and configured the addon with the App data (App Id, Secret, Tenant Id...) as in the guide. When I exec...

MTubia_0-1673396136905.png
MTubia by L1 Bithead
  • 4952 Views
  • 6 replies
  • 0 Likes

Resolved! XSOAR Multi tenant Cortex Data Lake Integration

Hi, I'm checking the manual on how to set up integration between XSOAR and CDL. https://xsoar.pan.dev/docs/reference/integrations/cortex-data-lake If it is a multi-tenant XSOAR environment, what HUB should I go to for set-up(Step1 and Step4)? For example, I have an XSOAR environment for which I owned the license. And I want to integrate it...

Resolved! xsoar initial admin login fails - websockets error and CSRF token match problem

I installed xsoar 6.6 according to the instructions and am using nginx as a front-end. I also configured nginx according to the instructions, but I am connecting to xsoar from nginx via http and port 8080 (as opposed to https/443 as used in the example nginx config).I created the otc.conf.json file with the initial admin user and restarted the ...

bchill by L1 Bithead
  • 4591 Views
  • 3 replies
  • 0 Likes

Recurrent data input problems in tasks

Hello, Data key received from API calls don't always have the same format in the context. Example: Sometimes it could be: data.[0].results.username data.results.[0].username data.[0].results.[0].username data.results.username The API call is the one creating these formats in the context. There's no possibility to change the call. How can the inp...

Josep by L4 Transporter
  • 1954 Views
  • 2 replies
  • 0 Likes

Resolved! SearchIncidentsV2 doesn't obtain only incidents with the exact name.

Hello, I'm using !SearchIncidentsV2 query=`name: "This is a test"`, just to find the incidents with name "This is a test". However, when the command is executed, it shows not only those incidents but also incidents with longer names, for example: "This is a test (russ)". How can the command limit to the strict words?

Josep by L4 Transporter
  • 2288 Views
  • 2 replies
  • 0 Likes

XSOAR XDR Query Context Data Delay

Hi everybody, could you please help me with following issue? When I use XQL query to XDR dataset (!xdr-xql-generic-query) it returns correct data to the War room but before are this data moved to Context data it takes almost 5 minutes (No matter how many data has been returned from XDR. This interval is always the same). It looks like some kind ...

XSOAR Proofpoint TAP and TRAP Email Ingestion

Palo Alto XSOAR is not able to ingest Proofpoint's TAP (Targeted Attack Protection) or TRAP (Threat Response Auto-Pull) emails. Because of the automation that is being done with TAP and TRAP, these emails do not go through XSOAR for "phishing" analysis. Our "Phishing" emails go right to XSOAR once a user reports it as phishing with the outlook e...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks