This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Make a section in layout a static list?

Hi all!I've been looking at trying to make a section in a layout a static list, but could not find any easy ways to do it.Essentially what I am looking for is:I have a layout, in which I have a section called X. Now what I want is that every time an incident is created, the section field X is populated with the contents of a list called Y. The c...

Resolved! XSOAR NSlookup and ThreatVault info

Hi everybody, is there a way how to get following information in XSOAR? - NSLOOKUP - I have an IP address and need to get name from internal DNS server - Threat Vault info - I have an information from the firewall (threat name and threat ID) and I need to get more info like CVE number, threat description etc. Thank you, Jan

Resolved! integration indicator pull limits?

Hi there, I've just started testing threat feed integration in XSOAR. For some reason, the integration instance was only downloading 100 indicators on each pull whereas the source has thousands. Is it because my AWS instance doesn't have a license? Is there a limit on how many indicators can be downloaded into XSoar? Thanks in advance!

boweic by L0 Member
  • 2139 Views
  • 1 replies
  • 0 Likes

Resolved! "Enable pagination" for table widgets on dashboards

Ticking the box in the widget 'Operations' tab and selecting how many rows to show per page doesn't appear to do anything. The table always says "Showing Total 279 results sorted by: Id" and there are no page navigation buttons anywhere. Has anyone else used this feature successfully? Tried Chrome and Edge in case it was a browser issue, with...

Resolved! Extract Indicators from context to Field

Hi, I have one playbook where I'm using the Builtin ExtractIndicators Function to extract any indicator from one field, and it's working fine: After this, I call more subplaybooks, and I want, from this subplaybooks, use this indicators for some action, for example send an email or create a ticket in a ticketing system. How can I access to this...

MTubia_0-1669885597443.png
MTubia by L1 Bithead
  • 4155 Views
  • 3 replies
  • 0 Likes

fatal Error during ensure repo

Hi everyone,I am facing a strange issue. I was trying to change the certificate like explained in this link https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/installation/post-installation-checklist/https-with-a-signed-certificate/create-a-private-key-and-certificate-signing-request-csr.html.But after I did the restart...

arn_stoz by L0 Member
  • 6622 Views
  • 7 replies
  • 0 Likes

Post-processing script to close XDR alerts from XSOAR in Mirroring Both Direction integration setting.

Hello, We are using XDR with XSOAR mirroring both direction configuration. It's working. However, incidents created on XSOAR don't close all the alerts of XDR related to the incident. So a post-script should be done to force them to close. What commands in XSOAR could make them close? How do we choose those alerts related to the incident? Than...

Josep by L4 Transporter
  • 2806 Views
  • 3 replies
  • 0 Likes

Error handling

Hi all, with this type of setting (see the img), if in the next task I check $ {lastCompletedTaskEntries} to verify if the previous task is in error, the result is positive even if the second retry task went well. How can I get around this problem?

immagine.png

Resolved! Export playbooks, alerts list

Hi All, I am new to xSOAR and wanted to know if there is a way to export the list of playbooks enabled in my environment This is to check what playbooks we are using Vs what is available in marketplace Thank you aparna

aparnaas by L1 Bithead
  • 2279 Views
  • 1 replies
  • 0 Likes

Resolved! Add a comment on an indicator from playbook

Hello, In many indicators' layout there is a comment section where users can add text comment. Is there a way to automatically add comment from a playbook? Looking at setIndicator, I didn't find the right field associated to the comment section. Thank you for reading; Regards, Alexandre

customize widget from script

Hi Team, I have developed automation to get all the similar incident names with dictionary return results that have ID and incident name. Once I call the script from the widget, pie, table, or any of them, I get the following error; anyone can help !!

bzahran_0-1669213017794.png
bzahran by L0 Member
  • 2171 Views
  • 2 replies
  • 0 Likes
  • 1301 Posts
  • 45 Subscriptions
Top Liked Posts
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks