Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

MS Graph Integration Issues

Late Yesterday something happened to all of my Ms Graph integrations. They now all return a Error in authentication. Try checking the credentials you entered. (85).. I have tried to recreate the application and key but same thing. 

Are there logs/or s

...

Resolved! Fetch RSA NetWitness incidents

Hello Guys,

I'm trying to fetch RSA incidents, using RSA NetWitness v11.1 integration, but the error "get_token failed with status: 401
(85)" appears, when I try to make the connection between the systems.
Has anyone managed to integrate the two platfor

...

New Dashboard Option Missing

Hi

 

I am currently experiencing an issue with an XSOAR instance on version 6.1 the option to create a new dashboard is not on the Dashboards Tab in the home screen, I wonder does anybody have any idea what may have happened ?

Pre-process rule doesn't work

Hello all,

 

We want to create a pre-process rule to drop all Phishing incident without [Phish Alert] inside the email subject.

 

We're creating the following rule

 

type equals Phishing AND emailto equals test@test.ts AND emailsubject contains [Phish Aler...

test.PNG

Avoid empty returns

Hello All

 

In my Playbook I run into an issue with empty returns.

My Playbook requests Cherwell with several hosts in an array: ["server-A","server-B"]

In Cherwell, "server-B" does not exist, so I do see that in the "Result Tab" of the Task, but the Out

...

Resolved! Wildfire Reports missing URL

Hello all

 

I did some PDF-Requests to Wildfire and getting Info back as xml.

 

One of those reports are marked as "Malicious" but I do not see, what/why it is Malicious.
So I've investigated and did a curl extract of the sha265 Wildfire Request.

 

And look

...

Resolved! Adding endpoint list to an AD group

Hi,

 

I am currently building a new PlayBook and in one part of that PlayBook, I am trying to add computers, in an XSoar List, to a specific AD group.

 

- I Created a List that contains 2 endpoints separated with a comma ","

- My Playbook is using the Act

...

  • 932 Posts
  • 30 Subscriptions