Cortex XSOAR Discussions

Adding user to Team members of an incident by python script

Hello,

There is the section "Team Members" with two fields "Owner" and "Participants".

I want to add some users to "Participants" but there isn't this field in the context data.

I found in the documentation https://docs.paloaltonetworks.com/cortex

...

Resolved! When does a Post-script exactly execute?

Hello,

When does a post-script execute? When the incident is completely closed?

Resolved! How to change a .xlsx file in context data or upload new from python script

Hi all,

Could you help me with the following problem?

I have an incident with .xlsx file that I handle by pandas and openpyxl. After the file will be handled, I need to save it to the context data to upload it to IRP by IRP integration and process

...

How to pass username and password to the web scraper automation in XSOAR

Hi,

The URL I wanted to web scrap requires authentication, can someone help me to pass username and password to the WebScraper OOTB automation in XOSAR.

Thanks.

Command "setList" issue introducing variables from context

Hello,

We're using command "demisto.executeCommand("setList",{"listName":listName,"listData":listContent})" in order to introduce data in a json list. Where the "listName" is a json list name and "listContent" is data extracted from the context.

Th

...

Resolved! SAML role configuration in XSOAR

Hi,

We are using SAML 2.0 integration for user authentication to XSOAR.

Can someone help to understand what value need to update on "SAML Roles Mapping" in XSOAR under Settings->User and Roles-> Roles.

Thanks,

Deepa

Resolved! Looking for a way to identify links between our parent and subplaybooks.

This relates to lifecycle management and removing old unused playbooks/subplaybooks.

We can use the XSOAR Metrics widget to see when a playbook last executed, however this isn't always a good indicator as we have playbooks for rare events which ha

...

Convert Multiple Files

Hello, I am trying to convert multiple files with different extensions using the 'ConvertFile' automation, so that it can be display on the layout. However, when there are different types of files in one incident, it keeps giving me an error. What wo

...

A question from the Malware Pack v2 webinar: Malware pack playbooks optimization

Kudos for all the work on developing these playbooks. Are they optimized so the incidents don't get flagged under System Diagnostics (exceptionally big incidents, exceptionally big context, etc)?

Note: This question was asked as part of Cortex XSOA

...

A question from the Malware Pack v2 webinar: EDR alerts

How would you handle an EDR alert that involves more than one file? How does this playbook present this to the user?

Note: This question was asked as part of Cortex XSOAR Customer Success Webinar: Malware Investigation & Response V2

A question from the Malware Pack v2 webinar: Misclassification rate

How do you address the extremely high misclassification rate of both file detonation (any semi-sophisticated malware won't divulge any information in a sandbox) as well as the high misclassification by Virustotal (both FP and TP)?

Note: This questi

...

Resolved! Make a section in layout a static list?

Hi all!

I've been looking at trying to make a section in a layout a static list, but could not find any easy ways to do it.

Essentially what I am looking for is:

I have a layout, in which I have a section called X. Now what I want is that every time an

...

Resolved! XSOAR NSlookup and ThreatVault info

Hi everybody,

is there a way how to get following information in XSOAR?

- NSLOOKUP - I have an IP address and need to get name from internal DNS server

- Threat Vault info - I have an information from the firewall (threat name and threat ID) and

...

Resolved! integration indicator pull limits?

Hi there,

I've just started testing threat feed integration in XSOAR.

For some reason, the integration instance was only downloading 100 indicators on each pull whereas the source has thousands.

Is it because my AWS instance doesn't have a license?

...

Resolved! "Enable pagination" for table widgets on dashboards

Ticking the box in the widget 'Operations' tab and selecting how many rows to show per page doesn't appear to do anything. The table always says "Showing Total 279 results sorted by: Id" and there are no page navigation buttons anywhere. Has anyone

...

Discussions

Adding user to Team members of an incident by python script

Resolved! When does a Post-script exactly execute?

Resolved! How to change a .xlsx file in context data or upload new from python script

How to pass username and password to the web scraper automation in XSOAR

Command "setList" issue introducing variables from context

Resolved! SAML role configuration in XSOAR

Resolved! Looking for a way to identify links between our parent and subplaybooks.

Convert Multiple Files

A question from the Malware Pack v2 webinar: Malware pack playbooks optimization

A question from the Malware Pack v2 webinar: EDR alerts

A question from the Malware Pack v2 webinar: Misclassification rate

Resolved! Make a section in layout a static list?

Resolved! XSOAR NSlookup and ThreatVault info

Resolved! integration indicator pull limits?

Resolved! "Enable pagination" for table widgets on dashboards

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

XSOAR IP Forwarding requirement

Unlock your full community experience!

Resolved! When does a Post-script exactly execute?

Resolved! How to change a .xlsx file in context data or upload new from python script

Resolved! SAML role configuration in XSOAR

Resolved! Looking for a way to identify links between our parent and subplaybooks.

Resolved! Make a section in layout a static list?

Resolved! XSOAR NSlookup and ThreatVault info

Resolved! integration indicator pull limits?

Resolved! "Enable pagination" for table widgets on dashboards