Cortex XSOAR Discussions

Find playbooks and subplaybooks not being used

Hello,

Our XSOAR complexity has increased during the years, this means more playbooks and subplaybooks deployed.

However, some of them are not used anymore, many reasons about it.

How can these unnecessary playbooks and subplaybooks detected and

...

Resolved! Meaning execute automation with "Run on a separate container"

Hello colleagues,

When executing an automation, there's an option called "Run on a separate container". We'd like to know which are the main differences about using it.

XSOAR ON AZURE MARKETPLACE

Hello All,

Has anyone deployed XSOAR using Azure Marketplace?

I was able to deploy one for testing, but I couldn't logon to the GUI, I believe there should be a default admin password created when the VM was created just as documented when using

...

I am trying to write a playbook that will read the email body and understand what the email is related to base on keywords or patterns. Is there a script or integration that could do that? My best idea is to use Machine Learning for it, but I am not

...

Resolved! How to prevent incidents from creating from every alerts in Integration

Hi All,

I configured an MSSP integration which polls the same for alerts created on that platform and creates an incident out of them if present.

The thing is I want to create an incident for one type of alert (it has a keyword category). For the oth

...

Setting an incident field and getting the new value of it

Hi everyone,

I noticed that automations cannot set a new value and fetch it from the same incident field . Why is that?

demisto.executeCommand('setIncident', {'details': 'mycustomvalue'})
return_results(demisto.get(demisto.incident(), 'details'))

...

How to avoid "...NOTE, too much data to present, content was truncated."

Hello again,

I'm using a task to obtain IPs from a source and put them inside the context. However, the variable is truncated and it shows: "NOTE, too much data to present, content was truncated."

How can this be avoid? and use the whole context va

...

Resolved! Resetting Qradar integration and keep mapped alerts.

Hello colleagues,

I'm using Qradar integration with all the alerts mapped and parameters configured. In order to solve a "fetch events" puntual problem is recommended to reset the integration with empty parameters and the use again the already workin

...

community license for cortex XSOAR for mac

Hi all,

Do we community license available for cortex XSOAR to be used on mac?

Thanks

Resolved! Pre-process Rule Assistance

We are trying to create a pre-process rule to link and close the incident when certain field values are identical but still incidents are getting created for identical values. Please find the attached snip.

Please note you are posting a public message...

Resolved! Playbook Creates Incidents from Table.

I'm trying to create incidents from a Cortex XSOAR SIEM integration. The integration allows me to list alerts and I'm trying to create an incident for each one. When I run the playbook, the list alerts command returned multiple entries, but the creat

...

Resolved! Check dormant instance in multitenant.

Hi,

I need a job or another mechanism to detect if last incident creation time is older than 1 hour or a given time period to detect if there is an incident pull problem in SOAR or a siem centric problem.

Regards.

Resolved! DEVO integration into XSOAR

Hi

we need to integrate DEVO with XSOAR, in order to manage all alerts and be abe to query DEVO. First step is to get all alerts, so we have installed the "Devo v2 (Partner Contribution)" addon into XSOAR and followed the instructions, from https://x

...

Open zip file in automation

Hello,

I'm downloading a zip file via API with this request:

response = doHttpRequest(url=zip, method='GET', headers=headers)

it's supposed that my "response" variable now it's the zip file, however when I try to open, I can't, it's like it doesn't e

...

Script failed to run: Timeout Error: Docker code script failed due to timeout, consider changing timeout value for this automation, (2604) (2603)

We have a playbook task that sends a query to run on Splunk using the SplunkPy but it keeps failing and returning the following error
#22: Splunk Search Query

Command:
!splunk-search query="index= test blah blah" earliest_time="1666679348" latest_ti

...

Discussions

Find playbooks and subplaybooks not being used

Resolved! Meaning execute automation with "Run on a separate container"

XSOAR ON AZURE MARKETPLACE

Resolved! Read Email Body

Resolved! How to prevent incidents from creating from every alerts in Integration

Setting an incident field and getting the new value of it

How to avoid "...NOTE, too much data to present, content was truncated."

Resolved! Resetting Qradar integration and keep mapped alerts.

community license for cortex XSOAR for mac

Resolved! Pre-process Rule Assistance

Resolved! Playbook Creates Incidents from Table.

Resolved! Check dormant instance in multitenant.

Resolved! DEVO integration into XSOAR

Open zip file in automation

Script failed to run: Timeout Error: Docker code script failed due to timeout, consider changing timeout value for this automation, (2604) (2603)

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

8.9 On-Prem Update Fails to Update

Re: Azure Active Directory users - Incorrect padding

Re: Pre Processing Rules Logs

Re: Pre Processing Rules Logs

Azure Active Directory users - Incorrect padding

Re: No communication method found for form

Unlock your full community experience!

Resolved! Meaning execute automation with "Run on a separate container"

Resolved! Read Email Body

Resolved! How to prevent incidents from creating from every alerts in Integration

Resolved! Resetting Qradar integration and keep mapped alerts.

Resolved! Pre-process Rule Assistance

Resolved! Playbook Creates Incidents from Table.

Resolved! Check dormant instance in multitenant.

Resolved! DEVO integration into XSOAR