This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

How to remove Integration "cache" completely

Hi, We are facing an issue where the integration ran into an error trying to pull an investigation from Secureworks, where an asset was not found, and the integration kept giving the same error continuously and would not pull the next investigation or further investigations after that. Below is the error the integration gives Error: Script...

Resolved! SLA Total Duration field in incident table

I can query successfully tickets that have an SLA > than X seconds. What I'm having trouble with is displaying a field in the incident table. For example: If i pull back tickets that have an SLA.TotalDuration > 2 days, I want to see the tickets and sort by the longest running SLA and see how much we went over by, but I can't do that bec...

JoshBoyd_0-1672172248049.png
JoshBoyd_1-1672172316199.png
JoshBoyd by L2 Linker
  • 2517 Views
  • 1 replies
  • 0 Likes

Resolved! Replying to an Email using a Playbook

Hi All, I need to automate customer follow ups using XSOAR. My requirements are as below. Listen to emails and create incidents for each sent email - EWS V2 is being used for this Once the initial mail is sent XSOAR will follow up with the customer sending replies to the initial email If customer replies, XSOAR will notify the analyst. I'm...

Resolved! Using Incident Variables Within Data Collection Web Form

Hello, I am attempting to use variables such as ${incident.name} within the Web Form in the section called "Short Description". After conducting tests I can see that It wont render any variables. They just appear as above. Now I can see that it supports Markdown, is there a way to display incident information in this section? The Use Case at han...

Podman - Docker - new Integration

Why does every time I install a new Integration like (Splunk) I get a warning ( unavailable docker image 'demisto/python3XXXXXX' ) Used by Integration (name of the integration)?although I have opened the access and if I go to the console i can pull this docker image and it will install without this warning.It should be done automatically right? ...

Cortex XDR Incident

Hello everyone, we started dealing with Cortex XDR and after getting the furst Incident, I am kinda lost. I am not even sure whats the issue, there is a lot of "information" on the management console. For example, the Incident, under "Key Assets & Artifacts" shows conhost.exe and powershell.exe with WF verdict, benign in this case, however, ...

klerini by L0 Member
  • 1634 Views
  • 1 replies
  • 0 Likes

How to count the playbook

We have a question for how to count the playbook? We have a function with 3 product and 3 version.How to count/quantify the playbook? Is 3 product X 3 vesrions =9 playbook?For the playbook should different versions/bands be in the different playbooks?

Resolved! Subplaybook execution count

Hi! Is there a way to count how many times was the specific subplaybook executed across mutliple/all incidents? How to ensure the number includes loops in subplaybooks? The reason I need this number is to better understand ROI of the platform. Thanks

Antanas by L2 Linker
  • 2103 Views
  • 1 replies
  • 0 Likes

Problems with the Integration "QRadar v3" - Mirroring not working and qradar-reset-last-run command not working

Hi everyone, Anybody having problems with the Integration 'QRadar v3'? In particular, I found two things that are not working: - First, Offenses created in QRadar are not being creating Incidents on Cortex XSOAR. I configured the integration for 'Mirror Offense', to create Incidents based on created Offenses on QRadar (screenshot attached)...

aguida79 by L1 Bithead
  • 9110 Views
  • 4 replies
  • 0 Likes

Transformer to delete line breaks in a string

Hello, Some data is introduced in XSOAR with line breaks. Example: data1, data2, data3, data4 This data is joined with "," to be introduced in a task. However, data is not parsed correctly and the line breaks are introduced, causing an incorrect output. How can this line breaks be removed?

Josep by L4 Transporter
  • 2825 Views
  • 2 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks