Cortex XSOAR Discussions

Resolved! Problems with SentinelOne V2 Integration - 401

Hello,

In the past few days our SentinelOne Integration has stopped working. I am seeing the following error;

[Failed to execute test-module command. Error: Error in API call [401] - UNAUTHORIZED {"errors": [{"code": 4010010, "detail": null, "title

...

wildfire-get-sample (WildFire-v2) Permission Denied

Hello

I'd like to use wildfire-get-sample (WildFire-v2)

In the instances settings there is only one entry: API.

That API I get from https://eu.wildfire.paloaltonetworks.com/wildfire/account

In the instances I do a Test an it returned as "Success"

...

Resolved! Get Dashboard/Widget value from Cortex XSOAR

I created API key in setting and trying to get the dashboard/widget value (e.g. Playbook runs) from XSOAR but failed.

In the API guideline, there is no example of body parameters in "Get Dashboard Statistics" or "Get Widget Statistics", so I hav

...

Not show tasks with errors in the layout when "stop on errors" is set to "no" inside the task.

The incident layout shows the tasks with "Waiting for user"(orange) and "Task with errors"(red). That's important so it can be checked, however some tasks are set with "stop on errors" to "no", because the playbook can be solved without those tasks.

...

Automation Output In Indicator or Incident Layout

Dear all,

We have an issue about visulazating the outputs of indicator enrichment via using virus total ( vt-passive-dns-data).

To be more specific I am going to share our indicator layout and what we are expecting. As its given in the first scre

...

Best way to manage a time based IP blocklist in XSOAR

Hi All,

I have been trying to find the best way to manage a list of IP addresses. This is the idea I am trying to achieve.

1) I identify an IP address that is malicious and block it on the PaloAlto firewall in a static object group.

2) I keep tra

...

Query in Lucene syntax don't get the created data time

Hello,

I'm trying to use the automation "SearchIncidentsV2" to get the incidents with two conditions: the name and a range of time.

To achieve this, first I created a simple Query to get only the incidentes with a name. name: "name of playbook"

...

Resolved! Search incidents by context value

Hello,

There are incidents with a context value "content : exception"

Which query command on "Search in incidents" could find all incidents with this context value?

Reload QRadar incident information

Is there a form to reload the QRadar inicial values for the incident in case it didn't extract them?

Once QRadar set his values in incident context there's no way to reload them in case of error.

Managing Self-signed Certificates

As per the below link it's been mention that by default XSOAR uses self signed certificates for secure HTTP connection.

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-5/cortex-xsoar-admin/installation/post-installation-checklist/https-with-a

...

Resolved! Editing details in xsoar integration

Hi ,

just want to know if we change the password or any details in a XSOAR integration that fetches incidents do we have to change the “ first fetch time stamp” to fetch new incidents alone ? Or will it just pull new incidents after the password cha

...

Failed to start Demisto Server Service

Hello Everyone,

We recently ran our of disk space on our XSOAR device. I was able to clear out 30GB of old updates/files, ect. I rebooted the server after deleting the files and the Demisto service will not start. When running systemctl status demis

...

Resolved! Search in incidents only task with errors

Hello,

Is there a form to search in "Search in incidents" at "incidents" section for tasks with errors?

Thanks

Problem with white spaces in command input

When I try to put a filepath that has white spaces as an input in the command "cs-falcon-rtr-remove-file", I receive the following error:

CrowdStrike Falcon The command was failed with the errors: {'d5716ded5d214d61a23884dd9ef64078': 'Max args is 1

...

Resolved! Find if there's a incident with a name inside a playbook using !SearchIncidentsV2

"!SearchIncidentsV2 name:" is not working as expected. Doesn't find any entry.

Example command introduced:

!SearchIncidentsV2 name:"Example of incident name"

Answer:

Incidents found

No entries

Cortex XSOAR Discussions

Discussions

Resolved! Problems with SentinelOne V2 Integration - 401

wildfire-get-sample (WildFire-v2) Permission Denied

Resolved! Get Dashboard/Widget value from Cortex XSOAR

Not show tasks with errors in the layout when "stop on errors" is set to "no" inside the task.

Automation Output In Indicator or Incident Layout

Best way to manage a time based IP blocklist in XSOAR

Query in Lucene syntax don't get the created data time

Resolved! Search incidents by context value

Reload QRadar incident information

Managing Self-signed Certificates

Resolved! Editing details in xsoar integration

Failed to start Demisto Server Service

Resolved! Search in incidents only task with errors

Problem with white spaces in command input

Resolved! Find if there's a incident with a name inside a playbook using !SearchIncidentsV2

Missing button scripts from content packs

Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

Default Field Mapping in QRadar Content Pack 2.5.7 on XSOAR 6.12

Field Change Script To System Fields

How to Copy Incident Files from Linked Incidents

Re: Missing button scripts from content packs

Re: Editing custom content via XSOAR UI and local PC

Is there a way to obtain Cortex XSOAR community edition

Re: Extracting fields from Context/JSON in Playbook

Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Unlock your full community experience!

Cortex XSOAR Discussions

Resolved! Problems with SentinelOne V2 Integration - 401

Resolved! Get Dashboard/Widget value from Cortex XSOAR

Resolved! Search incidents by context value

Resolved! Editing details in xsoar integration

Resolved! Search in incidents only task with errors

Resolved! Find if there's a incident with a name inside a playbook using !SearchIncidentsV2