Cortex XSOAR Discussions

High number of process in XSOAR Engine Server

Hi,

What are the engine processes corresponding to engine shell installation on RHEL with Podman?
Are the number of processes on the engine server expected to rise due to each integration made on it?
What are the considerations for keeping the eng

...

Resolved! XSOAR Sessions and Submissions option

Hi,

I came across this documentation regarding XSOAR

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-threat-intel-management-guide/unit42-intel/unit42-sessions-and-submissions

The Sessions & Submissions tab enables you to u

...

Resolved! Create pdf or word file from html body

Hello,

I'd tried to find a task inside XSOAR, however nothing was found. Some clue how to do it?

Adding result of new custom Integration as Threat indicators results

Dears,

I made a custom Integration that get the verdict of (URLs) like (Malicious - Benign). Now I have a question How to add the name and result of this integration like the prebuilt Integrations which are in the screenshots (virus total - urlscan

...

Resolved! Insert logo when mail is sent from XSOAR

Hello,

A playbook is creating an email with data to deliver in html, however we can't find the way to introduce the logo of the company inside it. What path should we add to the tag "<img src="*****"> to obtain the logo in our local folders?

Resolved! Defining Multiple Engines for Communication Tasks

It is of my understanding that you can set server configurations on the XSOAR Server and on a single engine to provide the links and responses through the engine that acts as a proxy. In a single server deployment with multiple engines can you manage

...

Retry "ScheduleCommand" when it fails

Hello team,

We're deploying a programmed automation which sometimes fails due to an external error. We'd like to retry in case the command fails. The command used is "ScheduleCommand". How can this "retry" be created?

Thanks.

Find playbooks and subplaybooks not being used

Hello,

Our XSOAR complexity has increased during the years, this means more playbooks and subplaybooks deployed.

However, some of them are not used anymore, many reasons about it.

How can these unnecessary playbooks and subplaybooks detected and

...

Resolved! Meaning execute automation with "Run on a separate container"

Hello colleagues,

When executing an automation, there's an option called "Run on a separate container". We'd like to know which are the main differences about using it.

XSOAR ON AZURE MARKETPLACE

Hello All,

Has anyone deployed XSOAR using Azure Marketplace?

I was able to deploy one for testing, but I couldn't logon to the GUI, I believe there should be a default admin password created when the VM was created just as documented when using

...

Resolved! Read Email Body

I am trying to write a playbook that will read the email body and understand what the email is related to base on keywords or patterns. Is there a script or integration that could do that? My best idea is to use Machine Learning for it, but I am not

...

Resolved! How to prevent incidents from creating from every alerts in Integration

Hi All,

I configured an MSSP integration which polls the same for alerts created on that platform and creates an incident out of them if present.

The thing is I want to create an incident for one type of alert (it has a keyword category). For the oth

...

Setting an incident field and getting the new value of it

Hi everyone,

I noticed that automations cannot set a new value and fetch it from the same incident field . Why is that?

demisto.executeCommand('setIncident', {'details': 'mycustomvalue'})
return_results(demisto.get(demisto.incident(), 'details'))

...

How to avoid "...NOTE, too much data to present, content was truncated."

Hello again,

I'm using a task to obtain IPs from a source and put them inside the context. However, the variable is truncated and it shows: "NOTE, too much data to present, content was truncated."

How can this be avoid? and use the whole context va

...

Resolved! Resetting Qradar integration and keep mapped alerts.

Hello colleagues,

I'm using Qradar integration with all the alerts mapped and parameters configured. In order to solve a "fetch events" puntual problem is recommended to reset the integration with empty parameters and the use again the already workin

...

Discussions

High number of process in XSOAR Engine Server

Resolved! XSOAR Sessions and Submissions option

Resolved! Create pdf or word file from html body

Adding result of new custom Integration as Threat indicators results

Resolved! Insert logo when mail is sent from XSOAR

Resolved! Defining Multiple Engines for Communication Tasks

Retry "ScheduleCommand" when it fails

Find playbooks and subplaybooks not being used

Resolved! Meaning execute automation with "Run on a separate container"

XSOAR ON AZURE MARKETPLACE

Resolved! Read Email Body

Resolved! How to prevent incidents from creating from every alerts in Integration

Setting an incident field and getting the new value of it

How to avoid "...NOTE, too much data to present, content was truncated."

Resolved! Resetting Qradar integration and keep mapped alerts.

Result empty after using json2html script

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

XSOAR IP Forwarding requirement

Re: War Room Table to Layout view

Unlock your full community experience!

Resolved! XSOAR Sessions and Submissions option

Resolved! Create pdf or word file from html body

Resolved! Insert logo when mail is sent from XSOAR

Resolved! Defining Multiple Engines for Communication Tasks

Resolved! Meaning execute automation with "Run on a separate container"

Resolved! Read Email Body

Resolved! How to prevent incidents from creating from every alerts in Integration

Resolved! Resetting Qradar integration and keep mapped alerts.