This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Looking for 2FA/MFA/OTP Solution to Support Authentication for Cortex XSOAR v8 (On-Prem)

Hi everyone, I'm currently exploring ways to enhance the security of our Cortex XSOAR v8 environment (deployed on-premise) by implementing an OTP / 2FA / MFA authentication mechanism for the login process. Here are the key requirements: The solution must be on-premise, allowing full control over the authentication process. It should ideally ...

Duxgbk by L1 Bithead
  • 429 Views
  • 0 replies
  • 0 Likes

Export Playbook and Import

Hi, Iam trying to figure out how to perform the following: Export a playbook, overwrite some of its tasks (send-mail Exchange) and upload the playbook back to XSOAR. I found in Docu an API for playbook import as yaml but no export API. If Anyone could point me to any direction here, thank you very much! XSOAR Version is 6.12.0

Resolved! Pre Processing Rules Logs

Dear Experts, I have configured Cortex XSOAR to ingest cases/alerts, but for certain conditions, I want to prevent these from becoming incidents or triggering playbooks. I’ve created a script to drop alerts that meet specific criteria. However, I need to maintain a record of which alerts were dropped and, if possible, send notifications about th...

Syedhkt by L2 Linker
  • 2177 Views
  • 2 replies
  • 0 Likes

Problem 1 in 1,000,000? I hope not

hello community! I hope you are doing well. I'm here to ask a question that PAN support didn't know how to deal with and maybe some of you have already gone through the same thing. It was Saturday morning and xsoar and its functions were completely frozen, absolutely nothing was running. As XSOAR administrator, this had already happened so I res...

XSAOR - 503 Service Temporarily Unavailable Issue

Hello, I'm currently implementing Cortex XSOAR On-Prem 8.8. I'm fairly new to this product. I have deployed the VM and cluster configuration completed successfully. I was able access GUI and do the basic configurations. After I updated the version to 8.8.x, I'm getting "503 Service Temporarily Unavailable" How can I fix this issue ?

Integration of SIEM Instances with Load Balancer IPs

Can we integrate two instances of the SIEM, given that both IP addresses belong to the same SIEM but are associated with load balancer IPs? However, if we integrate both instances, there is a slight chance of data duplication. What would be the best approach to integrate with the load balancer IPs while avoiding any duplication? Cortex XSOAR

whois integration issue

Hi Everyone, I am enriching domain with domain command of whois but i got issue if any one of domain has no data at their server side for example [Domain1,Domain2] whois will return error if any one of domain data is missing. I just want if no data for one domain just skip it and return ,me remaining Cortex XSOAR #whois #integrations

Syedhkt by L2 Linker
  • 517 Views
  • 0 replies
  • 0 Likes

proofpoint-tr-get-list (Gets items for the specified list)

Hello, In proofpoint threat response integration there is a command : proofpoint-tr-get-list (Gets items for the specified list). I need some guidance on what this command do and what list ID needs to provide to get contents? proofpoint-tr-get-list (Gets items for the specified list) Any guidance would be appreciated. Thank you,

Divyesh by L0 Member
  • 390 Views
  • 0 replies
  • 0 Likes

Resolved! XSOAR CMDB - SQL issue

Hi everyone,I'm trying to use Cortex XDR and Cortex XSOAR to build a basic CMDBIn my XSOAR playbook, I run an XDR XQL query, then try to insert the results into an SQL database using the sql-command automation. The command looks like this:INSERT INTO Devices ( [hostname], [serial_number], [model], [MAC ADD], [IP Address], [Vendor], [Profile], ...

tlmarques by L4 Transporter
  • 1531 Views
  • 1 replies
  • 0 Likes

Question about the execution of the Set Assignee Task

In my playbook, I have a task that runs the Set Assignee Task script, sending an email as a parameter. During the flow execution, this task remains in the waiting status, displaying the message: waiting for user input to continue this task. I would like to understand why this task is not executed automatically.

Problem with Cisco WSA Proxy integration

Hello Team, I have a problem with Cisco WSA Proxy integration. I'm trying to connect XSOAR with Cisco WSA Proxy through Cisco WSA v2 integration. The user for this API has full administrator rights, authentication is successful, and I get a response for a GET request - !cisco-wsa-url-categories-list successfully. When I'm trying to execute ...

YuliyanD by L0 Member
  • 1371 Views
  • 2 replies
  • 0 Likes
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks