Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Demo Data / Incidents

For purposes of demo'ing / mocking data for testing; how do you handle that....

 

Curious is there any import function to mock up incident data within XSOAR?

jboyd98 by L2 Linker
  • 2248 Views
  • 2 replies
  • 0 Likes

Resolved! XSOAR Qradar Integration Set Range Limit

Hi,

I succeeded XSOAR integration with Qradar. But I keep getting timeout warnings. I solved this problem by entering parameter "--env=REQUEST_TIME OUT=1500". But I caught that the real problem is in the query. To give an example of this, I enter the

...

[error 'open /proc/stat: too many open files']

Recently had some performance problems reported from my xsoar users.

Found a tenant crashing.  Upon investigating I found the following error in the logs:

App03 host:

error Couldn't calc cores number [error 'open /proc/stat: too many open files']error C

...

jboyd98_0-1646333459707.png
jboyd98_1-1646333459832.png
jboyd98_2-1646333459708.png
jboyd98 by L2 Linker
  • 2503 Views
  • 2 replies
  • 0 Likes

Resolved! Field Trigger Script / Broswer Caching Issue?

I have a field trigger script on dbot status changing; essentially updating a custom field to nothing if the an incident is re-opened.

 

if field=="dbotStatus" and old=="Closed" and new=="Active" and incidentType=="Azure Sentinel":
demisto.executeComman

...

jboyd98_0-1646165018375.png
jboyd98_1-1646165158523.png
jboyd98_2-1646165399027.png
jboyd98 by L2 Linker
  • 1794 Views
  • 1 replies
  • 0 Likes

trying to return raw output vs formatted

!py script=`return_results(demisto.executeCommand("azure-sentinel-list-incident-entities", {"incident_id":"xxxxxxx-xxxxxx-xxxxx"}))`

The above works and turns in human readable format; however i want to return the raw json.

 

This works:
!azure-sentinel-

...

JoshBoyd by L2 Linker
  • 2700 Views
  • 3 replies
  • 0 Likes
  • 1101 Posts
  • 34 Subscriptions