Cortex XSOAR Discussions

Resolved! RHEL Installer Type and Podman Installation Steps

1. What RHEL installer type (minimal or full fledge GUI) should be considered for XSOAR engine server?

2. Is there any documentation by Palo Alto on Podman proxy configuration for XSOAR Engine installation and any specific URLs required to be white

...

Context data 2 layout

Hi all,

I wonder that if it is possible to show context data directly on layout, without mapping that data to incident field.

XSOAR Cisco Prime Integration

Hi,

When will the cisco prime integration available in marketplace. Is there any license limitation to use Cisco prime content pack?

Regards,

Deepa

Setting up classification & mapping for email ingest

Hi,

Here are two different emails subject:

1. Test email - Phishing Email

2. Test email - Ping

Two playbooks:

1. Phishing Email

2. Ping

Currently I have setup two instances of integration "Mail Listener v2" with corresponding incident types so

...

Rasterize PDF format queries

Hi,

I created a PDF report using rasterize with HTML body content. The XSOAR variables I put contains URLs and Email addresses.

My first challenge i faced was the variables when replaced with the acutal values (URLs and emails), they are clickable.

...

XSOAR Engine Storage Requirements

Hi,

As per the below link its mentioned minimum storage requirement for XSOAR engine is 100 GB. And for drive partition it is recommended to allocate 50 GB for /var and 50 GB for /home is XSOAR engine is getting installed on RHEL 8.x. In this case

...

smb-upload (Server Message Block (SMB) v2): error

Hi,

I want to upload a file from the XSOAR to a server, for this I want to use the smb-upload automation.

Shared map is created, all correct rights are given, credentials in the XSOAR are correct.

For now I'm just testing a simple test.txt file t

...

Resolved! DEV PROD XSOAR Engines

Is it possible for DEV and PROD servers to use the same set of engines?

#DEV

#PROD

#XSOAR

#ENGINE

Cortex XSOAR tool integrations methods

Hi,

As per below link the integrations can be executed REST API, webhooks, and other techniques. So I'd like to know about what are the other methods available in XSOAR platform.

https://xsoar.pan.dev/docs/concepts/concepts#:~:text=Product%20inte

...

Resolved! OS Requirement for Cortex XSOAR engine deployment

Hi,

In one of the XSOAR documentation its mentioned "For all Linux deployments except RHEL 7.x (for example Ubuntu, CentOS, etc.). Automatically installs Docker, downloads Docker images, enables remote engine upgrade, and allows installation of mul

...

Resolved! Body email

Hi,

In a playbook I'm using the automation 'send e-mail (EWSO365)'.

In the body of the email I'm adding a list that the playbook has generated as following:

Get

inputs.BreachData

Override input

Where

No filters applied

Transformers

JsonT

...

Installing XSOAR HA and DR for one host with one tenant in multi tenant environment

Dears,

Kindly need your support to get an answer for the following case:

We are A MSSP environment, we have many clients.

Our deployment is multi-tenant deployment with multiple hosts and each host has only one tenant on it.

Our deployment is using a dat

...

Resolved! Generate context inside a while loop in an automation

An Api call is created in an automation program. The call to the API needs to wait for a value to set to "FINISHED", so a while loop is created waiting for this value. However, I'd like to know the current status of this value setting the value in co

...

Endpoint Antivirus Exclusion list

Dears,

Kindly need your support for the following:

• we need to install the below as security controls on our XSOAR server (RHEL8):

o McAfee Endpoint security (latest version) for Linux.

o Cyber Reason EDR.

• kindly provide what is the Antivirus exclus

...

Resolved! Linked incident offense close

Hi,

A pre-process rule tests some condition and "link-close" incident into a previous one, and this works great. But i need to close related offense in qradar as well as the xsoar itself, with a sole preprocess rule deployed incident is closed in xso

...