- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Hi All,
I want to know is there any built in configuration/settings/playbook or any module that helps to handle playbook error(error handling). Error/On Continue Task level error handling is not enough so i want if there is any integration issue or c
...
Hello, I'm trying to install our extra-small single server on-prem 8.9 XSOAR and ran into some confusion with the documentation. I didn't see a way to report the issue elsewhere so I thought it might be helpful here.
https://docs-cortex.paloaltonetwor
Do sub-playbooks self loop on arrays or just lists?
I can get a sub-playbook to loop “for each input” of a list, but not an array of the same data.
Thx
Hello everyone, I would like to ask how to get the user.name
value from this context data.
I tried using the syntax ${incident.labels.user.name}
, but it didn’t work.
Here's the context structure:
{
incident: {
...
labels: {
user.name:
...
Hey,
We are offline users
We updated from 6.12 -> 6.14, Then after the update, the docker images changed, and it's causing a lot of ": Script failed to run: failed to pull docker Image "demisto/python 3:3.11.10.113941"
Now, to fix it I need to chan
...
Is there a script or command line call that can be used to download an entry from the War Room?
I have a script assigned to a button that generates a report and the report download is then entered into a War Room entry when executed/generated.
I
...
I have MS Sentinel subscription that generate alert. I used "Microsoft Sentinel" to fetch the alert, now I want to run some KQL base on the alert information, what integration I should use? is that "Azure Log Analytics"
Hi everyone,
How can I fetch Next-Gen SIEM alerts from CrowdStrike into XSOAR? I have already set up my Falcon integration, and I can fetch categories like endpoint detection.
As seen in the image, there is a query section available to fetch differen
...
Tried to remove a value of a field to "empty"
For example "setIncident fieldname=None and !setIncident fieldname=""
But that doesn't work, does anyone how how to remove the value?
Hi Team,
The customer has did the DR to DC failover but DR backup server has " Make this the production server" tab enabled blue.
The client pointing that the option show be disabled. If it is enabled, any person can make backup server as production
...
Hello Team,
I want to populate a custom script output in playbook to Dashboards and Reports.
This playbook is triggered on incident and took same data from incident modify it and also uses some third-party custom app data to enrich.
I want to p
...
Hello,
I would like to enable email notifications for every new incident.
I've configured an O365 EWS instance successfully, and set server.notification.using.send-mail
to use its instance name.
For now, I just want all notifications to be sent t
...
I see the classify, map and playbook logic in XSOAR and I see that a playbook can ask/pull/poll for info *from* and external tool, which might be done through an integration. But is there a way for an external tool to aynchronously *send/push* an *a
...
I'm trying to perform whois queries on an array that contains the list of IPs.
My understanding is that I can pass the array to the Inputs of the "ip (whois)" script.
However, since there are over 1000 IPs, submitting them all at once results in an e
...