Integration with Nexthink
The connection has been tested sucessfully but error during executing commands
The connection has been tested sucessfully but error during executing commands
Got a QRadar integration.
It's suppose to pull back offenses with magnitude > 4
However, our metrics are much higher than what the client expects.
When reviewing this case got pulled into XSOAR:
However, when exporting QRadar, the incident has the foll
Hello Everyone,
Yesterday, I have observed delayed in offenses which comes from QRadar into XSOAR. I am confused with this type of behavior from XSOAR.
Offense which is triggered in QRadar : 29-03-2022 23:00PM
Same offense/Alerts is created in XSOAR :
...
Workflow:
From the Incidents page / table, select multiple incidents.
Click the "Close" button that allows closing multiple incidents at one time.
My close form comes up. I have a field trigger script on one of the fields.
It doesn't look like that fiel
I have some automation that I'm working on and I am not seeing the expected results. I broke the script down into the following simple version.
ScriptA which is:
demisto.executeCommand("ScriptB", {})
ScriptB which is:
return_results("ScriptB Called")
wh
I am using splunk 60 day free trial non-enterprise edition and created a new custom index in splunk and manually added a sample event csv format file in the new index and all date is 2 days ago sample data
splunk integration with xsoar does not genera
...
I have tried to request test/free license of XSOAR using web form - (https://start.paloaltonetworks.com/sign-up-for-community-edition.html). Completely ignored. Then I asked for support - they pointed out to local rep. Local rep can do nothing, they
...
Recently had some performance problems reported from my xsoar users.
Found a tenant crashing. Upon investigating I found the following error in the logs:
App03 host:
error Couldn't calc cores number [error 'open /proc/stat: too many open files']error C
...
Any thoughts on this -
I use my SSO account which is an is in the Administrator role.
I see 23 tenants. No filter on.
My default admin account which is also in the administrator role shows 36.
The tenants my SSO account seems to be missing seem are on
...
For purposes of demo'ing / mocking data for testing; how do you handle that....
Curious is there any import function to mock up incident data within XSOAR?
I want to change the default column view for all my analyst using the "Incidents" page / "Incidents" table.
Is there a way to change that view, or is the table view user specific only and there is no way to set for everyone?
Hi everyone, I'm struggling to make my use case work.
I need to use a playbook X, to change the owner of a specific incident using IncidentID.
Do you ever had this need?
I think I can do it using RestAPI, but i'm failing.
Thanks
Hi,
I succeeded XSOAR integration with Qradar. But I keep getting timeout warnings. I solved this problem by entering parameter "--env=REQUEST_TIME OUT=1500". But I caught that the real problem is in the query. To give an example of this, I enter the
Hi,
I'm trying to use the condition to check if incident.destinationip is an public IP. But when selecting from context incident.destinationip and then IsRFC1918Address you need to fill in something in the right side. I checked the automation script
...
Relatively new admin to XSOAR; previous admin has left.
Just completed upgrade to latest 6.5 version.
Could anyone help me understand the following:
I have a service account that seems to run xsoar demisto server containers; used ps-ef|grep demisto and
Subject | Likes |
---|---|
1 Like | |
1 Like |