Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

How to count the playbook

We have a question for how to count the playbook? We have a function with 3 product and 3 version.How to count/quantify the playbook? Is 3 product X 3 vesrions =9 playbook?For the playbook should different versions/bands be in the different playbooks?

Resolved! Subplaybook execution count

Hi! Is there a way to count how many times was the specific subplaybook executed across mutliple/all incidents? How to ensure the number includes loops in subplaybooks? The reason I need this number is to better understand ROI of the platform. Thanks

Antanas by L2 Linker
  • 2227 Views
  • 1 replies
  • 0 Likes

Problems with the Integration "QRadar v3" - Mirroring not working and qradar-reset-last-run command not working

Hi everyone, Anybody having problems with the Integration 'QRadar v3'? In particular, I found two things that are not working: - First, Offenses created in QRadar are not being creating Incidents on Cortex XSOAR. I configured the integration for 'Mirror Offense', to create Incidents based on created Offenses on QRadar (screenshot attached)...

aguida79 by L1 Bithead
  • 9790 Views
  • 4 replies
  • 0 Likes

Transformer to delete line breaks in a string

Hello, Some data is introduced in XSOAR with line breaks. Example: data1, data2, data3, data4 This data is joined with "," to be introduced in a task. However, data is not parsed correctly and the line breaks are introduced, causing an incorrect output. How can this line breaks be removed?

Josep by L4 Transporter
  • 2990 Views
  • 2 replies
  • 0 Likes

Adding user to Team members of an incident by python script

Hello, There is the section "Team Members" with two fields "Owner" and "Participants". I want to add some users to "Participants" but there isn't this field in the context data. I found in the documentation https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-admin/incidents/incident-access-control-configuration that "Team m...

PachaOne_1-1666882573164.png
PachaOne by L1 Bithead
  • 2016 Views
  • 1 replies
  • 0 Likes

Resolved! How to change a .xlsx file in context data or upload new from python script

Hi all, Could you help me with the following problem? I have an incident with .xlsx file that I handle by pandas and openpyxl. After the file will be handled, I need to save it to the context data to upload it to IRP by IRP integration and process a ticket. but I have a problem: when I save the .xlxs file by the method .save from openpyxl t...

PachaOne by L1 Bithead
  • 2936 Views
  • 1 replies
  • 0 Likes

Command "setList" issue introducing variables from context

Hello, We're using command "demisto.executeCommand("setList",{"listName":listName,"listData":listContent})" in order to introduce data in a json list. Where the "listName" is a json list name and "listContent" is data extracted from the context. The issue: The values introduced in "listContent" are like this example, "IPs" is a context variabl...

Josep by L4 Transporter
  • 3127 Views
  • 4 replies
  • 0 Likes

Resolved! SAML role configuration in XSOAR

Hi, We are using SAML 2.0 integration for user authentication to XSOAR. Can someone help to understand what value need to update on "SAML Roles Mapping" in XSOAR under Settings->User and Roles-> Roles. Thanks, Deepa

DP696 by L2 Linker
  • 2178 Views
  • 1 replies
  • 0 Likes

Resolved! Looking for a way to identify links between our parent and subplaybooks.

This relates to lifecycle management and removing old unused playbooks/subplaybooks. We can use the XSOAR Metrics widget to see when a playbook last executed, however this isn't always a good indicator as we have playbooks for rare events which have never triggered but are still required. This isn't such an issue with our parent playbooks as ...

DHodd1 by L0 Member
  • 2042 Views
  • 1 replies
  • 0 Likes
  • 1305 Posts
  • 45 Subscriptions