Is anyone else missing scripts when adding a button to layout? Not seeing any scripts from the installed content packs. They still work via CLI.
Cortex XSOAR
Hi everyone,
I'm encountering an issue with an automation script in XSOAR that uses openpyxl to insert an image into an Excel file. Even though the Excel file I'm uploading is valid (I’ve tested it by downloading it and opening it in Excel—it opens
...
Hello,
There is a place where I need to use generic polling but I can't solve this error.
My script is as follows. where could be the problem here?
def check_runid(client: UC4Client, args: Dict[str, Any]):
runid: str = args.get('run_id')
url = f"...
I have two xsoar tenant one is dev and other is prod. on prod i have main tenant and tms tenant. i pushed content from dev to repo and from main on prod side get the content from git. i saw push is fine and commit is succesful when push from dev side
...
Creating tickets with summary that contains special characters into Archer (Dev & Prod) through XSOAR playbook & API calls is replacing special characters either by Unicode (\u003) or completely being wiped out of text field.
A bug was identified b
...
Hi guys,
Currently working on a Brand Abuse response playbook and when trying to take a screenshot for retrieving evidences it returns an empty, white png.
My config of the instance is as follows:
I tried, both Rasterize modes, Headless CLI and Web
...
Hi Team,
The standard XSOAR customer, wants to know how the incident retention policy works on V8 cloud instance.
Data retention policy:
1. Is the default retention period is 6 months (180 days)?
Yes , the default retention period is 6 months (18
...
Dear All,
I am facing really annoying issue. I have setup integration(mapper,type) and playbook hit very well on incident but the problem is the playbook showing running and running for all incidents and not run. I try to pause and resume but it also
...
Is there a way to check all scheduled entries regardless of the incident you're in? I've been using ShowScheduledEntries in the playground to test an automation (let's call it X), but after a week, when using the ShowScheduledEntries command it retur
...
Hi,
I am using CSV Feed integration and a delta triggered Job, that is triggering whenever there is a new item (IP indicator) in CSV feed. The playbook under job is adding only new and modified indicators which have "tag":"pending_ip".
Now, I underst
I have a cloud instance of XSOAR, with set of technologies in cloud and on prem as well, my initial thought is to have an engine for each group, that means two engines, and separate the technologies accordingly, any thought on that and what is challe
...
We've recently use the Extrahop integration to create tickets in XSOAR for our analysts to keep track of Extrahop tickets without having to go into Extrahop's console. However, we're trying to stop it from fetching "Hidden" or tuned detections I'm tu
...
Hello LiveComm,
is there a way to remove an entry from an XSOAR incident ? This is needed for general entries and not just files as files can be deleted with Core API. An example of this can be a comment by an analyst or any textual entry. Perhaps th
...
Hi everyone,
I have been searching for documentation related to the system’s performance limits, but most of the available information seems to focus on cloud deployments. I am specifically looking for service limit details for an on-premises deploym
...
Can someone, anyone, post a properly formatted (working) !es-eql-query command run in XSOAR. I am apparently too dumb to get it working. For context, here's the ES|QL query I'm trying to make work.
FROM logs-* | WHERE winlog.event_data.LogonProcessN
