Once a XSOAR incident is created, how can we find when a user actually clicked & opened incident for the first time?
Hi, Can someone help me to get XSOAR engine self-signed public certificate. Thanks,
Change the Section Header color in order to create visual alerts in the playbook.
Hello, There is the section "Team Members" with two fields "Owner" and "Participants". I want to add some users to "Participants" but there isn't this field in the context data. I found in the documentation https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-admin/incidents/incident-access-control-configuration that "Team m...
Hello, When does a post-script execute? When the incident is completely closed?
Hi all, Could you help me with the following problem? I have an incident with .xlsx file that I handle by pandas and openpyxl. After the file will be handled, I need to save it to the context data to upload it to IRP by IRP integration and process a ticket. but I have a problem: when I save the .xlxs file by the method .save from openpyxl t...
Hi, The URL I wanted to web scrap requires authentication, can someone help me to pass username and password to the WebScraper OOTB automation in XOSAR. Thanks.
Hello, We're using command "demisto.executeCommand("setList",{"listName":listName,"listData":listContent})" in order to introduce data in a json list. Where the "listName" is a json list name and "listContent" is data extracted from the context. The issue: The values introduced in "listContent" are like this example, "IPs" is a context variabl...
Hi, We are using SAML 2.0 integration for user authentication to XSOAR. Can someone help to understand what value need to update on "SAML Roles Mapping" in XSOAR under Settings->User and Roles-> Roles. Thanks, Deepa
This relates to lifecycle management and removing old unused playbooks/subplaybooks. We can use the XSOAR Metrics widget to see when a playbook last executed, however this isn't always a good indicator as we have playbooks for rare events which have never triggered but are still required. This isn't such an issue with our parent playbooks as ...
Hello, I am trying to convert multiple files with different extensions using the 'ConvertFile' automation, so that it can be display on the layout. However, when there are different types of files in one incident, it keeps giving me an error. What would be the best way to list all files and convert them by EntryID? Here what I currently have con...
Kudos for all the work on developing these playbooks. Are they optimized so the incidents don't get flagged under System Diagnostics (exceptionally big incidents, exceptionally big context, etc)? Note: This question was asked as part of Cortex XSOAR Customer Success Webinar: Malware Investigation & Response V2
How would you handle an EDR alert that involves more than one file? How does this playbook present this to the user? Note: This question was asked as part of Cortex XSOAR Customer Success Webinar: Malware Investigation & Response V2
How do you address the extremely high misclassification rate of both file detonation (any semi-sophisticated malware won't divulge any information in a sandbox) as well as the high misclassification by Virustotal (both FP and TP)? Note: This question was asked as part of Cortex XSOAR Customer Success Webinar: Malware Investigation & Respon...
Hi all!I've been looking at trying to make a section in a layout a static list, but could not find any easy ways to do it.Essentially what I am looking for is:I have a layout, in which I have a section called X. Now what I want is that every time an incident is created, the section field X is populated with the contents of a list called Y. The c...
