Dears, we want to enrich our indicators from McAfee sitelook and Symantec Sitelook, suppose that we have a scipt that get the results?? how can we create the custom threat intelligence feeds in xsoar ??
Hello,
In the past few days our SentinelOne Integration has stopped working. I am seeing the following error;
[Failed to execute test-module command. Error: Error in API call [401] - UNAUTHORIZED {"errors": [{"code": 4010010, "detail": null, "title
...
Hello
I'd like to use wildfire-get-sample (WildFire-v2)
In the instances settings there is only one entry: API.
That API I get from https://eu.wildfire.paloaltonetworks.com/wildfire/account
In the instances I do a Test an it returned as "Success"
...
I created API key in setting and trying to get the dashboard/widget value (e.g. Playbook runs) from XSOAR but failed.
In the API guideline, there is no example of body parameters in "Get Dashboard Statistics" or "Get Widget Statistics", so I hav
...
The incident layout shows the tasks with "Waiting for user"(orange) and "Task with errors"(red). That's important so it can be checked, however some tasks are set with "stop on errors" to "no", because the playbook can be solved without those tasks.
...
Dear all,
We have an issue about visulazating the outputs of indicator enrichment via using virus total ( vt-passive-dns-data).
To be more specific I am going to share our indicator layout and what we are expecting. As its given in the first scre
...
Hi All,
I have been trying to find the best way to manage a list of IP addresses. This is the idea I am trying to achieve.
1) I identify an IP address that is malicious and block it on the PaloAlto firewall in a static object group.
2) I keep tra
...
Hello,
I'm trying to use the automation "SearchIncidentsV2" to get the incidents with two conditions: the name and a range of time.
To achieve this, first I created a simple Query to get only the incidentes with a name. name: "name of playbook"
...
Hello,
There are incidents with a context value "content : exception"
Which query command on "Search in incidents" could find all incidents with this context value?
Is there a form to reload the QRadar inicial values for the incident in case it didn't extract them?
Once QRadar set his values in incident context there's no way to reload them in case of error.
As per the below link it's been mention that by default XSOAR uses self signed certificates for secure HTTP connection.
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-5/cortex-xsoar-admin/installation/post-installation-checklist/https-with-a
...
Hi ,
just want to know if we change the password or any details in a XSOAR integration that fetches incidents do we have to change the “ first fetch time stamp” to fetch new incidents alone ? Or will it just pull new incidents after the password cha
...
Hello Everyone,
We recently ran our of disk space on our XSOAR device. I was able to clear out 30GB of old updates/files, ect. I rebooted the server after deleting the files and the Demisto service will not start. When running systemctl status demis
...
Hello,
Is there a form to search in "Search in incidents" at "incidents" section for tasks with errors?
Thanks
When I try to put a filepath that has white spaces as an input in the command "cs-falcon-rtr-remove-file", I receive the following error:
CrowdStrike Falcon The command was failed with the errors: {'d5716ded5d214d61a23884dd9ef64078': 'Max args is 1
...
