Hi,
I'm looking to map specific playbook task results to respective sections in the layout. Saved filter queries are defined at very high level and are not helping me. How can this be done? Thanks in advance.
Hello,
XSOAR and XDR are used with mirroring, when an incident is closed from XSOAR it's closed in XDR too. However, the alerts in XDR are not. So an script is needed in XSOAR to close those XDR alerts. How is this is script done? where should be set
...
We publish guides/playbooks on a 3rd party site for our analyst to use when troubleshooting an incident.
that 3rd party site has an api.
I've successfully pulled the guide / page into the warroom and it displays and returns correctly using return_re
...
If I configure the integration in SOAR using an API key from Cisco Secure Cloud Analytics, I get an authorization error:
Executed: test-module
Instance Stealthwatch Cloud_instance_1d4e2580e-a33d-4ace-8877-59165345b343
Arguments {}
Start time 2022-07-2
I am having a little problem uninstalling the demisto server and the documentation isn't clear enough for me to follow(Uninstall Cortex XSOAR (paloaltonetworks.com) I tried the command specifed in the documentation and nothing happened which means th
...
Hello,
We're having some problems with some content packs compatibility in XSOAR, normally we update all them as soon as possible. However, sometimes they fail, so going back to the last version is needed. We'd like to have some visual information ab
...
Dears, we want to enrich our indicators from McAfee sitelook and Symantec Sitelook, suppose that we have a scipt that get the results?? how can we create the custom threat intelligence feeds in xsoar ??
Hello,
In the past few days our SentinelOne Integration has stopped working. I am seeing the following error;
[Failed to execute test-module command. Error: Error in API call [401] - UNAUTHORIZED {"errors": [{"code": 4010010, "detail": null, "title
...
Hello
I'd like to use wildfire-get-sample (WildFire-v2)
In the instances settings there is only one entry: API.
That API I get from https://eu.wildfire.paloaltonetworks.com/wildfire/account
In the instances I do a Test an it returned as "Success"
...
I created API key in setting and trying to get the dashboard/widget value (e.g. Playbook runs) from XSOAR but failed.
In the API guideline, there is no example of body parameters in "Get Dashboard Statistics" or "Get Widget Statistics", so I hav
...
The incident layout shows the tasks with "Waiting for user"(orange) and "Task with errors"(red). That's important so it can be checked, however some tasks are set with "stop on errors" to "no", because the playbook can be solved without those tasks.
...
Dear all,
We have an issue about visulazating the outputs of indicator enrichment via using virus total ( vt-passive-dns-data).
To be more specific I am going to share our indicator layout and what we are expecting. As its given in the first scre
...
Hi All,
I have been trying to find the best way to manage a list of IP addresses. This is the idea I am trying to achieve.
1) I identify an IP address that is malicious and block it on the PaloAlto firewall in a static object group.
2) I keep tra
...
Hello,
I'm trying to use the automation "SearchIncidentsV2" to get the incidents with two conditions: the name and a range of time.
To achieve this, first I created a simple Query to get only the incidentes with a name. name: "name of playbook"
...
Hello,
There are incidents with a context value "content : exception"
Which query command on "Search in incidents" could find all incidents with this context value?
