This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! "Enable pagination" for table widgets on dashboards

Ticking the box in the widget 'Operations' tab and selecting how many rows to show per page doesn't appear to do anything. The table always says "Showing Total 279 results sorted by: Id" and there are no page navigation buttons anywhere. Has anyone else used this feature successfully? Tried Chrome and Edge in case it was a browser issue, with...

Resolved! Extract Indicators from context to Field

Hi, I have one playbook where I'm using the Builtin ExtractIndicators Function to extract any indicator from one field, and it's working fine: After this, I call more subplaybooks, and I want, from this subplaybooks, use this indicators for some action, for example send an email or create a ticket in a ticketing system. How can I access to this...

MTubia_0-1669885597443.png
MTubia by L1 Bithead
  • 4099 Views
  • 3 replies
  • 0 Likes

fatal Error during ensure repo

Hi everyone,I am facing a strange issue. I was trying to change the certificate like explained in this link https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/installation/post-installation-checklist/https-with-a-signed-certificate/create-a-private-key-and-certificate-signing-request-csr.html.But after I did the restart...

arn_stoz by L0 Member
  • 6536 Views
  • 7 replies
  • 0 Likes

Post-processing script to close XDR alerts from XSOAR in Mirroring Both Direction integration setting.

Hello, We are using XDR with XSOAR mirroring both direction configuration. It's working. However, incidents created on XSOAR don't close all the alerts of XDR related to the incident. So a post-script should be done to force them to close. What commands in XSOAR could make them close? How do we choose those alerts related to the incident? Than...

Josep by L4 Transporter
  • 2749 Views
  • 3 replies
  • 0 Likes

Error handling

Hi all, with this type of setting (see the img), if in the next task I check $ {lastCompletedTaskEntries} to verify if the previous task is in error, the result is positive even if the second retry task went well. How can I get around this problem?

immagine.png

Resolved! Export playbooks, alerts list

Hi All, I am new to xSOAR and wanted to know if there is a way to export the list of playbooks enabled in my environment This is to check what playbooks we are using Vs what is available in marketplace Thank you aparna

aparnaas by L1 Bithead
  • 2228 Views
  • 1 replies
  • 0 Likes

Resolved! Add a comment on an indicator from playbook

Hello, In many indicators' layout there is a comment section where users can add text comment. Is there a way to automatically add comment from a playbook? Looking at setIndicator, I didn't find the right field associated to the comment section. Thank you for reading; Regards, Alexandre

customize widget from script

Hi Team, I have developed automation to get all the similar incident names with dictionary return results that have ID and incident name. Once I call the script from the widget, pie, table, or any of them, I get the following error; anyone can help !!

bzahran_0-1669213017794.png
bzahran by L0 Member
  • 2132 Views
  • 2 replies
  • 0 Likes

Extract Domains from Phishing Attached Email

Hi Team, I hope all are doing well; how can I extract the domains from the phishing attached files? I extracted the email using " ParseEmailFilesV2 "; exported all the email parameters such as HTML and others successfully; however, once I tried to convert HTML XML output to JSON using "ConvertXmlToJson" automation, it did not work as expecte...

bzahran by L0 Member
  • 3091 Views
  • 3 replies
  • 0 Likes

Resolved! xSOAR - Incident Search Syntax that doenst include incidents which triggered in the last 15 minutes

Hey all! I'm running a report daily which shows incidents that are still active. The idea is that we'll catch incidents that might have fallen through the cracks somehow. It works well for the most part, but it shows incidents that analysts are still working on in that moment. Is there a way to only show results beyond 15 or 30 minutes? ...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks