Cortex XSOAR Discussions

Installing XSOAR HA and DR for one host with one tenant in multi tenant environment

Dears,

Kindly need your support to get an answer for the following case:

We are A MSSP environment, we have many clients.

Our deployment is multi-tenant deployment with multiple hosts and each host has only one tenant on it.

Our deployment is using a dat

...

Resolved! Generate context inside a while loop in an automation

An Api call is created in an automation program. The call to the API needs to wait for a value to set to "FINISHED", so a while loop is created waiting for this value. However, I'd like to know the current status of this value setting the value in co

...

Endpoint Antivirus Exclusion list

Dears,

Kindly need your support for the following:

• we need to install the below as security controls on our XSOAR server (RHEL8):

o McAfee Endpoint security (latest version) for Linux.

o Cyber Reason EDR.

• kindly provide what is the Antivirus exclus

...

Resolved! Linked incident offense close

Hi,

A pre-process rule tests some condition and "link-close" incident into a previous one, and this works great. But i need to close related offense in qradar as well as the xsoar itself, with a sole preprocess rule deployed incident is closed in xso

...

CIRCL hashlookup (hashlookup.circl.lu) 1.0.0 3167802 returns error when no results

When the integration is used on non-existent hash:

!file file=2795b688bb5918e092e0ee33cd25aa98

Then it end with error:

Reason

Failed to execute file command. Error: Error in API call [404] - NOT FOUND {"message": "Non existing MD5", "query": "2795b688bb5

...

accepting custom cert -failed

Have followed this kb however under instance, it is still unable to test successfully when unchecking the trust all certification options under the integrated instance.

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/d

...

Create a PDF file from context

Hi,

I am trying to create playbook where IOCs are extracted and enriched and then values are send as a PDF file via email.

I reached the part where the IOCs are parsed and enriched, but I am stuck at creating the PDF file.

Is it possible to create a PD

...

XSOAR Integration with Cisco IronPort Email API - Code Missed on Backend

Hi Team,

Can you please help here to integrate Cisco ESA(API V2) with XSOAR . I have tried with the following integration from marketspace "Cisco IronPort Email API (Community Contribution)" which is developed using API v2. But unfortunately It pop

...

Error in Splunk integration Splunkpy

Hello everyone,

While testing the integration of Splunk to XSOAR with Splunkpy, I'm getting this error:

Anyone know how to solve it?

Thanks for your support.

Resolved! Assigning an array of Values to a key/variable

Hey guys,

I'm working on separating internal and external IP(s) on a playbook and I want to use those values in a email body. So currently I'm using a temporary list to store IP(s) then call when needed in the same playbook with ${lists.templist}.

...

Communication Task Authentication failed

Hi,

I want users to authenticate in Cortex XSOAR before answering the form sent by mail like explained here https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-5/cortex-xsoar-admin/playbooks/playbook-tasks/communication-tasks/create-a-data-collec

...

Handling errors in a playbook

I'm looking to change the flow of my playbook not only if errors are encountered in my tasks, but dependant also on what those errors are. I found a tutorial on docs.paloaltonetworks.com that included this:

Step 3: For new tasks, in the Task Name f

...

Dbot Score for Virustotal IP check is always 1

Hey Guys,

I'm facing this issue that doesn't matter how malicious the IP is Dbotscore is being 1 for the VT IP automation,

Things I tried,

1. Setting a threshold in VT integration for 1.

2 . Setting the reliability to A+

2. Running the command

...

Resolved! SetGridField Issue

I'm testing the inbuilt playbook "Integrations and Incidents Health Check" , however it throws an error on the block which contains SetGridField, which is the error shown below.

I have few questions regarding the automation and troubleshooting,

1) W

...

Resolved! A question from the Phishing V3 webinar: Phishing Campaign Ticketing

Will a Phishing campaign ticket is opened automatically, If yes - when?

Note: This question was asked during our Customer Success Webinar: Phishing V3

Cortex XSOAR

Discussions

Installing XSOAR HA and DR for one host with one tenant in multi tenant environment

Resolved! Generate context inside a while loop in an automation

Endpoint Antivirus Exclusion list

Resolved! Linked incident offense close

CIRCL hashlookup (hashlookup.circl.lu) 1.0.0 3167802 returns error when no results

accepting custom cert -failed

Create a PDF file from context

XSOAR Integration with Cisco IronPort Email API - Code Missed on Backend

Error in Splunk integration Splunkpy

Resolved! Assigning an array of Values to a key/variable

Communication Task Authentication failed

Handling errors in a playbook

Dbot Score for Virustotal IP check is always 1

Resolved! SetGridField Issue

Resolved! A question from the Phishing V3 webinar: Phishing Campaign Ticketing

A Few Quick Questions About the Community Edition

How to work on File Content collected from Azure blob in Playbook

Powershell Modules in Xsoar Cloud

Azure Active Directory users - Incorrect padding

XSOAR 8 + Export Data to On-premise for Retention Compliance

Re: XSOAR - Transform Language

How can i trigger playbook once Indicator has beed added?

Re: How to work on File Content collected from Azure blob in Playbook

Re: How to work on File Content collected from Azure blob in Playbook

Re: Powershell Modules in Xsoar Cloud

Unlock your full community experience!

Resolved! Generate context inside a while loop in an automation

Resolved! Linked incident offense close

Resolved! Assigning an array of Values to a key/variable

Resolved! SetGridField Issue

Resolved! A question from the Phishing V3 webinar: Phishing Campaign Ticketing