This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! How do I get the numeric incident id in an automation?

I'm working with a Python automation, and I need to get the numeric incident id. I expect this id to be numeric (123456) but it is always a long concatenated hex string and GUID. incident = demisto.incidents()[0]incident_id = incident['id']print(incident_id ) Output is: 89a633e1ef019afeee78fbb2ac23ee84$&$234f4f55-5c46-44b1-8662-6f65039a9a0c...

Raoul by L0 Member
  • 4492 Views
  • 1 replies
  • 0 Likes

Resolved! split input to chunks with python

Hi, I'm trying to build an automation which would take an array of objects as an input, split it to chunks of specified number and put in the context. E.g. I have 36 IP addresses, i want it to split to chunks of 10. The end result would be having them in a context - 3 keys having 10 IPs and on key having the remaining 6 IPs. I can set the spli...

Antanas_0-1665477516583.png
Antanas by L2 Linker
  • 4242 Views
  • 3 replies
  • 0 Likes

XSoar Integration with cisco firepower

Dears, I installed cisco firepower integration. from Market Place. I use update network group objects command but actually it removes all the IP addresses inside this group and add the only list that I newly updated. Kindly need your support. Also for Integration with ASA firewall , it failed in the testing phase as it gives me error ...

Data presentation on XSOAR Web

Hi, I have a use case where I want to share some sensitive data with users which should have an expiration date. I want data to be put on XSOAR web server, which I would have a link for and expire after certain time. I find similar funcionality with data collection task via email when user receives a link to XSOAR and can submit his response o...

Antanas by L2 Linker
  • 1656 Views
  • 1 replies
  • 0 Likes

Questions for livebackup

Dears,we now are installing a new server to be our live backup server, we have multiple questions regarding this Kindly need your answer :1- Do we need a License for The Live backup Server????2-Are the configuration and Data are moving in real time from Active Server to standby Server?3-In case our main server is down and we converted the standb...

Resolved! User authentication

Hi, Can we use Active Directory Authentication integration for authenticate users into XSOAR, when we are using Azure AD. If not, what is the integration best suitable? Thanks

DP696 by L2 Linker
  • 2280 Views
  • 1 replies
  • 0 Likes

Problem encoding/decoding introducing in a JSON list data

Hello, I've some urls to introduce in a JSON list the command used are this one to encode: #encode to ASCII url.encode(encoding='ascii',errors="ignore").decode() In the context the variable is perfect, however inside the JSON list it's not. Even if I call variables from inside the JSON list to outside is perfect too. It's only inside the JSO...

Josep by L4 Transporter
  • 2010 Views
  • 2 replies
  • 0 Likes

Disaster recovery and High Availabilty

Dears, Kindly need your clarification for the below scenario in my environment: -- We have a XSOAR deployment and we need to deploy HA and DR to it, the current situation is that we have Basic installation with Bolt DB. -- So After reading the guide I reached out to the following two solutions: 1- Using High Availability Module, this modul...

Resolved! Problem using GenericPolling with Qradar v3 command

Hi everyone, I'm trying to use the GenericPolling playbook to wait for the "COMPLETED" status of a query in a QRadarv3 Integration. I use the following configuration:Ids: ${QRadar.Search.ID}PollingCommandName: qradar-search-status-getPollingCommandArgName: search_idInterval: 1Timeout: 30dt: QRadar.Search(val.Status!== 'COMPLETED' || val.Status...

gkindley by L1 Bithead
  • 2764 Views
  • 1 replies
  • 0 Likes

CBAppControl - Passing hash and getting respective values

Hi all, I was trying to make a playbook where I had a set of hashes extracted from a text file and then search on CbAppControl. After searching, it would return the filename of the hash and the computers where the hash was detected. Right now there is a built-in playbook to search for hash via CbAppControl though it seems it is not working a...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks