Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Resolved! Add a comment on an indicator from playbook

Hello, In many indicators' layout there is a comment section where users can add text comment. Is there a way to automatically add comment from a playbook? Looking at setIndicator, I didn't find the right field associated to the comment section. Thank you for reading; Regards, Alexandre

customize widget from script

Hi Team, I have developed automation to get all the similar incident names with dictionary return results that have ID and incident name. Once I call the script from the widget, pie, table, or any of them, I get the following error; anyone can help !!

bzahran_0-1669213017794.png
bzahran by L0 Member
  • 2225 Views
  • 2 replies
  • 0 Likes

Extract Domains from Phishing Attached Email

Hi Team, I hope all are doing well; how can I extract the domains from the phishing attached files? I extracted the email using " ParseEmailFilesV2 "; exported all the email parameters such as HTML and others successfully; however, once I tried to convert HTML XML output to JSON using "ConvertXmlToJson" automation, it did not work as expecte...

bzahran by L0 Member
  • 3275 Views
  • 3 replies
  • 0 Likes

Resolved! xSOAR - Incident Search Syntax that doenst include incidents which triggered in the last 15 minutes

Hey all! I'm running a report daily which shows incidents that are still active. The idea is that we'll catch incidents that might have fallen through the cracks somehow. It works well for the most part, but it shows incidents that analysts are still working on in that moment. Is there a way to only show results beyond 15 or 30 minutes? ...

High number of process in XSOAR Engine Server

Hi, What are the engine processes corresponding to engine shell installation on RHEL with Podman? Are the number of processes on the engine server expected to rise due to each integration made on it? What are the considerations for keeping the engine processes low i.e under 500 in a multi engine server? Thanks.

DP696 by L2 Linker
  • 1586 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR Sessions and Submissions option

Hi, I came across this documentation regarding XSOAR https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-threat-intel-management-guide/unit42-intel/unit42-sessions-and-submissions The Sessions & Submissions tab enables you to use your sessions and submissions data for investigation and analysis. Sessions and submission...

Resolved! Insert logo when mail is sent from XSOAR

Hello, A playbook is creating an email with data to deliver in html, however we can't find the way to introduce the logo of the company inside it. What path should we add to the tag "<img src="*****"> to obtain the logo in our local folders?

Josep by L4 Transporter
  • 3497 Views
  • 2 replies
  • 0 Likes

Resolved! Defining Multiple Engines for Communication Tasks

It is of my understanding that you can set server configurations on the XSOAR Server and on a single engine to provide the links and responses through the engine that acts as a proxy. In a single server deployment with multiple engines can you manage this dynamically ? Essentially, can you have two engines with this configuration (Bind Address a...

Retry "ScheduleCommand" when it fails

Hello team, We're deploying a programmed automation which sometimes fails due to an external error. We'd like to retry in case the command fails. The command used is "ScheduleCommand". How can this "retry" be created? Thanks.

Josep by L4 Transporter
  • 2564 Views
  • 4 replies
  • 0 Likes

Find playbooks and subplaybooks not being used

Hello, Our XSOAR complexity has increased during the years, this means more playbooks and subplaybooks deployed. However, some of them are not used anymore, many reasons about it. How can these unnecessary playbooks and subplaybooks detected and erased? Thanks

Josep by L4 Transporter
  • 1831 Views
  • 2 replies
  • 0 Likes
  • 1305 Posts
  • 45 Subscriptions