Cortex XSOAR Discussions

Extract Domains from Phishing Attached Email

Hi Team,

I hope all are doing well; how can I extract the domains from the phishing attached files?

I extracted the email using " ParseEmailFilesV2 "; exported all the email parameters such as HTML and others successfully; however, once I tried t

...

Palo Alto EDL server integration with xsoar

What integration can be used to integrate Palo Alto on Prem EDL with xsoar to update the list

Resolved! xSOAR - Incident Search Syntax that doenst include incidents which triggered in the last 15 minutes

Hey all!

I'm running a report daily which shows incidents that are still active. The idea is that we'll catch incidents that might have fallen through the cracks somehow.

It works well for the most part, but it shows incidents that analysts are

...

High number of process in XSOAR Engine Server

Hi,

What are the engine processes corresponding to engine shell installation on RHEL with Podman?
Are the number of processes on the engine server expected to rise due to each integration made on it?
What are the considerations for keeping the eng

...

Resolved! XSOAR Sessions and Submissions option

Hi,

I came across this documentation regarding XSOAR

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-threat-intel-management-guide/unit42-intel/unit42-sessions-and-submissions

The Sessions & Submissions tab enables you to u

...

Resolved! Create pdf or word file from html body

Hello,

I'd tried to find a task inside XSOAR, however nothing was found. Some clue how to do it?

Adding result of new custom Integration as Threat indicators results

Dears,

I made a custom Integration that get the verdict of (URLs) like (Malicious - Benign). Now I have a question How to add the name and result of this integration like the prebuilt Integrations which are in the screenshots (virus total - urlscan

...

Resolved! Insert logo when mail is sent from XSOAR

Hello,

A playbook is creating an email with data to deliver in html, however we can't find the way to introduce the logo of the company inside it. What path should we add to the tag "<img src="*****"> to obtain the logo in our local folders?

Resolved! Defining Multiple Engines for Communication Tasks

It is of my understanding that you can set server configurations on the XSOAR Server and on a single engine to provide the links and responses through the engine that acts as a proxy. In a single server deployment with multiple engines can you manage

...

Retry "ScheduleCommand" when it fails

Hello team,

We're deploying a programmed automation which sometimes fails due to an external error. We'd like to retry in case the command fails. The command used is "ScheduleCommand". How can this "retry" be created?

Thanks.

Find playbooks and subplaybooks not being used

Hello,

Our XSOAR complexity has increased during the years, this means more playbooks and subplaybooks deployed.

However, some of them are not used anymore, many reasons about it.

How can these unnecessary playbooks and subplaybooks detected and

...

Resolved! Meaning execute automation with "Run on a separate container"

Hello colleagues,

When executing an automation, there's an option called "Run on a separate container". We'd like to know which are the main differences about using it.

XSOAR ON AZURE MARKETPLACE

Hello All,

Has anyone deployed XSOAR using Azure Marketplace?

I was able to deploy one for testing, but I couldn't logon to the GUI, I believe there should be a default admin password created when the VM was created just as documented when using

...

Resolved! Read Email Body

I am trying to write a playbook that will read the email body and understand what the email is related to base on keywords or patterns. Is there a script or integration that could do that? My best idea is to use Machine Learning for it, but I am not

...

Resolved! How to prevent incidents from creating from every alerts in Integration

Hi All,

I configured an MSSP integration which polls the same for alerts created on that platform and creates an incident out of them if present.

The thing is I want to create an incident for one type of alert (it has a keyword category). For the oth

...

Discussions

Extract Domains from Phishing Attached Email

Palo Alto EDL server integration with xsoar

Resolved! xSOAR - Incident Search Syntax that doenst include incidents which triggered in the last 15 minutes

High number of process in XSOAR Engine Server

Resolved! XSOAR Sessions and Submissions option

Resolved! Create pdf or word file from html body

Adding result of new custom Integration as Threat indicators results

Resolved! Insert logo when mail is sent from XSOAR

Resolved! Defining Multiple Engines for Communication Tasks

Retry "ScheduleCommand" when it fails

Find playbooks and subplaybooks not being used

Resolved! Meaning execute automation with "Run on a separate container"

XSOAR ON AZURE MARKETPLACE

Resolved! Read Email Body

Resolved! How to prevent incidents from creating from every alerts in Integration

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

Re: DT Query, special characters in key:value pair

Re: Do we have XQL query builder feature in XSOAR

Re: Couldn't sort by date in bar graph widget in Dashboard

Unlock your full community experience!

Resolved! xSOAR - Incident Search Syntax that doenst include incidents which triggered in the last 15 minutes

Resolved! XSOAR Sessions and Submissions option

Resolved! Create pdf or word file from html body

Resolved! Insert logo when mail is sent from XSOAR

Resolved! Defining Multiple Engines for Communication Tasks

Resolved! Meaning execute automation with "Run on a separate container"

Resolved! Read Email Body

Resolved! How to prevent incidents from creating from every alerts in Integration