This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Extract Domains from Phishing Attached Email

Hi Team, I hope all are doing well; how can I extract the domains from the phishing attached files? I extracted the email using " ParseEmailFilesV2 "; exported all the email parameters such as HTML and others successfully; however, once I tried to convert HTML XML output to JSON using "ConvertXmlToJson" automation, it did not work as expecte...

bzahran by L0 Member
  • 3195 Views
  • 3 replies
  • 0 Likes

Resolved! xSOAR - Incident Search Syntax that doenst include incidents which triggered in the last 15 minutes

Hey all! I'm running a report daily which shows incidents that are still active. The idea is that we'll catch incidents that might have fallen through the cracks somehow. It works well for the most part, but it shows incidents that analysts are still working on in that moment. Is there a way to only show results beyond 15 or 30 minutes? ...

High number of process in XSOAR Engine Server

Hi, What are the engine processes corresponding to engine shell installation on RHEL with Podman? Are the number of processes on the engine server expected to rise due to each integration made on it? What are the considerations for keeping the engine processes low i.e under 500 in a multi engine server? Thanks.

DP696 by L2 Linker
  • 1551 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR Sessions and Submissions option

Hi, I came across this documentation regarding XSOAR https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-threat-intel-management-guide/unit42-intel/unit42-sessions-and-submissions The Sessions & Submissions tab enables you to use your sessions and submissions data for investigation and analysis. Sessions and submission...

Resolved! Insert logo when mail is sent from XSOAR

Hello, A playbook is creating an email with data to deliver in html, however we can't find the way to introduce the logo of the company inside it. What path should we add to the tag "<img src="*****"> to obtain the logo in our local folders?

Josep by L4 Transporter
  • 3381 Views
  • 2 replies
  • 0 Likes

Resolved! Defining Multiple Engines for Communication Tasks

It is of my understanding that you can set server configurations on the XSOAR Server and on a single engine to provide the links and responses through the engine that acts as a proxy. In a single server deployment with multiple engines can you manage this dynamically ? Essentially, can you have two engines with this configuration (Bind Address a...

Retry "ScheduleCommand" when it fails

Hello team, We're deploying a programmed automation which sometimes fails due to an external error. We'd like to retry in case the command fails. The command used is "ScheduleCommand". How can this "retry" be created? Thanks.

Josep by L4 Transporter
  • 2468 Views
  • 4 replies
  • 0 Likes

Find playbooks and subplaybooks not being used

Hello, Our XSOAR complexity has increased during the years, this means more playbooks and subplaybooks deployed. However, some of them are not used anymore, many reasons about it. How can these unnecessary playbooks and subplaybooks detected and erased? Thanks

Josep by L4 Transporter
  • 1777 Views
  • 2 replies
  • 0 Likes

XSOAR ON AZURE MARKETPLACE

Hello All, Has anyone deployed XSOAR using Azure Marketplace? I was able to deploy one for testing, but I couldn't logon to the GUI, I believe there should be a default admin password created when the VM was created just as documented when using Google Cloud Marketplace, but I cannot login. Thank You!

ORufai by L0 Member
  • 1881 Views
  • 2 replies
  • 0 Likes

Resolved! Read Email Body

I am trying to write a playbook that will read the email body and understand what the email is related to base on keywords or patterns. Is there a script or integration that could do that? My best idea is to use Machine Learning for it, but I am not sure it will work. Thank you

axespera by L1 Bithead
  • 2952 Views
  • 2 replies
  • 0 Likes

Resolved! How to prevent incidents from creating from every alerts in Integration

Hi All, I configured an MSSP integration which polls the same for alerts created on that platform and creates an incident out of them if present. The thing is I want to create an incident for one type of alert (it has a keyword category). For the other alerts, I do not wish to create an incident on the XSOAR platform. How can I do the same or dr...

  • 1301 Posts
  • 45 Subscriptions
Top Liked Posts
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks