This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Recurrent data input problems in tasks

Hello, Data key received from API calls don't always have the same format in the context. Example: Sometimes it could be: data.[0].results.username data.results.[0].username data.[0].results.[0].username data.results.username The API call is the one creating these formats in the context. There's no possibility to change the call. How can the inp...

Josep by L4 Transporter
  • 2019 Views
  • 2 replies
  • 0 Likes

Resolved! SearchIncidentsV2 doesn't obtain only incidents with the exact name.

Hello, I'm using !SearchIncidentsV2 query=`name: "This is a test"`, just to find the incidents with name "This is a test". However, when the command is executed, it shows not only those incidents but also incidents with longer names, for example: "This is a test (russ)". How can the command limit to the strict words?

Josep by L4 Transporter
  • 2377 Views
  • 2 replies
  • 0 Likes

XSOAR XDR Query Context Data Delay

Hi everybody, could you please help me with following issue? When I use XQL query to XDR dataset (!xdr-xql-generic-query) it returns correct data to the War room but before are this data moved to Context data it takes almost 5 minutes (No matter how many data has been returned from XDR. This interval is always the same). It looks like some kind ...

XSOAR Proofpoint TAP and TRAP Email Ingestion

Palo Alto XSOAR is not able to ingest Proofpoint's TAP (Targeted Attack Protection) or TRAP (Threat Response Auto-Pull) emails. Because of the automation that is being done with TAP and TRAP, these emails do not go through XSOAR for "phishing" analysis. Our "Phishing" emails go right to XSOAR once a user reports it as phishing with the outlook e...

Resolved! Problem with setIncident command

I am working on a new automation which gets triggered dynamically from layout where in I need to check a custom attribute has changed in my remote machine, then update it on the xsoar incident. The custom attribute is a list/array. This is what I am doing in the automation...if len(oldAnomalies) != len(jsonResponse): # Update the new ...

sudhesub by L1 Bithead
  • 3546 Views
  • 2 replies
  • 0 Likes

Update automation script docker image version automatically

I have an automation script which updates all the non custom docker images versions to the latest version of it. It works well and updates all the non custom docker images to the latest version of it from docker images. Now I have some automation scripts using a particular image version. Since the docker image is updated to the latest version o...

IronPort integration with XSOAR, receiving to mails

Hi, I wondered if it's possible to check URLs from mails via integration with XSOAR and then send a response with verdict to those address which was recipient for this mail under investigation? Maybe you can advice some features for realization or something with analogous functional? Will be tanksful for any answer!

asernova by L0 Member
  • 2052 Views
  • 1 replies
  • 0 Likes

Test sample in the playbook

Hi, Is it possible to influence the sample data that is shown in playbook edit mode, when using Test to validate the data in any task? I find that in some playbooks it can give me to select the latest incident of that type, but on others - it only allows the incident data that was created e.g. 6 months ago at best for that incident type. Even ...

Antanas by L2 Linker
  • 1663 Views
  • 1 replies
  • 0 Likes

Appending Incident field from a script

Dears, I am blocking urls on a security control then save the value of URL in incident field name (blocked urls) using setIncident command, But every time I block new url the incident field is not appending the new url to the old url. It replace the old value with the new value. Kindly need your suggestion for how to append the value in i...

  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks