This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

High number of process in XSOAR Engine Server

Hi, What are the engine processes corresponding to engine shell installation on RHEL with Podman? Are the number of processes on the engine server expected to rise due to each integration made on it? What are the considerations for keeping the engine processes low i.e under 500 in a multi engine server? Thanks.

DP696 by L2 Linker
  • 1522 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR Sessions and Submissions option

Hi, I came across this documentation regarding XSOAR https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-threat-intel-management-guide/unit42-intel/unit42-sessions-and-submissions The Sessions & Submissions tab enables you to use your sessions and submissions data for investigation and analysis. Sessions and submission...

Resolved! Insert logo when mail is sent from XSOAR

Hello, A playbook is creating an email with data to deliver in html, however we can't find the way to introduce the logo of the company inside it. What path should we add to the tag "<img src="*****"> to obtain the logo in our local folders?

Josep by L4 Transporter
  • 3331 Views
  • 2 replies
  • 0 Likes

Resolved! Defining Multiple Engines for Communication Tasks

It is of my understanding that you can set server configurations on the XSOAR Server and on a single engine to provide the links and responses through the engine that acts as a proxy. In a single server deployment with multiple engines can you manage this dynamically ? Essentially, can you have two engines with this configuration (Bind Address a...

Retry "ScheduleCommand" when it fails

Hello team, We're deploying a programmed automation which sometimes fails due to an external error. We'd like to retry in case the command fails. The command used is "ScheduleCommand". How can this "retry" be created? Thanks.

Josep by L4 Transporter
  • 2425 Views
  • 4 replies
  • 0 Likes

Find playbooks and subplaybooks not being used

Hello, Our XSOAR complexity has increased during the years, this means more playbooks and subplaybooks deployed. However, some of them are not used anymore, many reasons about it. How can these unnecessary playbooks and subplaybooks detected and erased? Thanks

Josep by L4 Transporter
  • 1744 Views
  • 2 replies
  • 0 Likes

XSOAR ON AZURE MARKETPLACE

Hello All, Has anyone deployed XSOAR using Azure Marketplace? I was able to deploy one for testing, but I couldn't logon to the GUI, I believe there should be a default admin password created when the VM was created just as documented when using Google Cloud Marketplace, but I cannot login. Thank You!

ORufai by L0 Member
  • 1831 Views
  • 2 replies
  • 0 Likes

Resolved! Read Email Body

I am trying to write a playbook that will read the email body and understand what the email is related to base on keywords or patterns. Is there a script or integration that could do that? My best idea is to use Machine Learning for it, but I am not sure it will work. Thank you

axespera by L1 Bithead
  • 2904 Views
  • 2 replies
  • 0 Likes

Resolved! How to prevent incidents from creating from every alerts in Integration

Hi All, I configured an MSSP integration which polls the same for alerts created on that platform and creates an incident out of them if present. The thing is I want to create an incident for one type of alert (it has a keyword category). For the other alerts, I do not wish to create an incident on the XSOAR platform. How can I do the same or dr...

Resolved! Resetting Qradar integration and keep mapped alerts.

Hello colleagues, I'm using Qradar integration with all the alerts mapped and parameters configured. In order to solve a "fetch events" puntual problem is recommended to reset the integration with empty parameters and the use again the already working parameters. This will reset the integration and will solve some bugs, however, I don't know if ...

Josep by L4 Transporter
  • 1958 Views
  • 1 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks