Hi, I'm looking to map specific playbook task results to respective sections in the layout. Saved filter queries are defined at very high level and are not helping me. How can this be done? Thanks in advance.
Hello, XSOAR and XDR are used with mirroring, when an incident is closed from XSOAR it's closed in XDR too. However, the alerts in XDR are not. So an script is needed in XSOAR to close those XDR alerts. How is this is script done? where should be set? How to sync all up?Thanks
We publish guides/playbooks on a 3rd party site for our analyst to use when troubleshooting an incident.that 3rd party site has an api. I've successfully pulled the guide / page into the warroom and it displays and returns correctly using return_results return_results(decoded_contents) However, I want to take the decoded_contents and dump th...
If I configure the integration in SOAR using an API key from Cisco Secure Cloud Analytics, I get an authorization error: Executed: test-moduleInstance Stealthwatch Cloud_instance_1d4e2580e-a33d-4ace-8877-59165345b343Arguments {}Start time 2022-07-27T15:48:54.437265548Z 2022-07-27T15:48:54.562896279Z info: (Stealthwatch Cloud_instance_1d4e2580e...
I am having a little problem uninstalling the demisto server and the documentation isn't clear enough for me to follow(Uninstall Cortex XSOAR (paloaltonetworks.com) I tried the command specifed in the documentation and nothing happened which means that I didn't do it properly. How can I properly uninstall demisto??
Hello, We're having some problems with some content packs compatibility in XSOAR, normally we update all them as soon as possible. However, sometimes they fail, so going back to the last version is needed. We'd like to have some visual information about how the versions of the content packs are updating, for exemple, to know if in the last 3 day...
Dears, we want to enrich our indicators from McAfee sitelook and Symantec Sitelook, suppose that we have a scipt that get the results?? how can we create the custom threat intelligence feeds in xsoar ??
Hello, In the past few days our SentinelOne Integration has stopped working. I am seeing the following error; [Failed to execute test-module command. Error: Error in API call [401] - UNAUTHORIZED {"errors": [{"code": 4010010, "detail": null, "title": "Authentication Failed"}]} (85)] . In regards to the Server URL nothing has changed and all ot...
Hello I'd like to use wildfire-get-sample (WildFire-v2) In the instances settings there is only one entry: API. That API I get from https://eu.wildfire.paloaltonetworks.com/wildfire/account In the instances I do a Test an it returned as "Success" But whatever I try in any Playbook, I always get: Reason Request Failed with status: 403 Reaso...
I created API key in setting and trying to get the dashboard/widget value (e.g. Playbook runs) from XSOAR but failed. In the API guideline, there is no example of body parameters in "Get Dashboard Statistics" or "Get Widget Statistics", so I have no idea what should I input in order to get the value. Would someone please help for this? Thanks.
The incident layout shows the tasks with "Waiting for user"(orange) and "Task with errors"(red). That's important so it can be checked, however some tasks are set with "stop on errors" to "no", because the playbook can be solved without those tasks. How can make this tasks not to show in the layout?
Dear all, We have an issue about visulazating the outputs of indicator enrichment via using virus total ( vt-passive-dns-data). To be more specific I am going to share our indicator layout and what we are expecting. As its given in the first screenshot we are using nearly default indicator layout. However to provide more precise informatio...
Hi All, I have been trying to find the best way to manage a list of IP addresses. This is the idea I am trying to achieve. 1) I identify an IP address that is malicious and block it on the PaloAlto firewall in a static object group. 2) I keep track of the IP address along with the time I added it 3) After 48 hours I check the IP addresses I...
Hello, I'm trying to use the automation "SearchIncidentsV2" to get the incidents with two conditions: the name and a range of time. To achieve this, first I created a simple Query to get only the incidentes with a name. name: "name of playbook" It works and a markdown file can be downloaded with all the incidents and other info, like when w...
Hello, There are incidents with a context value "content : exception" Which query command on "Search in incidents" could find all incidents with this context value?
| User | Likes Count |
|---|---|
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
