This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Problem using GenericPolling with Qradar v3 command

Hi everyone, I'm trying to use the GenericPolling playbook to wait for the "COMPLETED" status of a query in a QRadarv3 Integration. I use the following configuration:Ids: ${QRadar.Search.ID}PollingCommandName: qradar-search-status-getPollingCommandArgName: search_idInterval: 1Timeout: 30dt: QRadar.Search(val.Status!== 'COMPLETED' || val.Status...

gkindley by L1 Bithead
  • 2827 Views
  • 1 replies
  • 0 Likes

CBAppControl - Passing hash and getting respective values

Hi all, I was trying to make a playbook where I had a set of hashes extracted from a text file and then search on CbAppControl. After searching, it would return the filename of the hash and the computers where the hash was detected. Right now there is a built-in playbook to search for hash via CbAppControl though it seems it is not working a...

Create script to close XDR alerts from XSOAR.

Hello, XSOAR and XDR are used with mirroring, when an incident is closed from XSOAR it's closed in XDR too. However, the alerts in XDR are not. So an script is needed in XSOAR to close those XDR alerts. How is this is script done? where should be set? How to sync all up?Thanks

Josep by L4 Transporter
  • 1713 Views
  • 1 replies
  • 0 Likes

Long Text Field Error when setting field with setIncident

We publish guides/playbooks on a 3rd party site for our analyst to use when troubleshooting an incident.that 3rd party site has an api. I've successfully pulled the guide / page into the warroom and it displays and returns correctly using return_results return_results(decoded_contents) However, I want to take the decoded_contents and dump th...

JoshBoyd by L2 Linker
  • 3538 Views
  • 1 replies
  • 0 Likes

XSOAR Cisco Secure Cloud Analytics (stealthwatch) integration

If I configure the integration in SOAR using an API key from Cisco Secure Cloud Analytics, I get an authorization error: Executed: test-moduleInstance Stealthwatch Cloud_instance_1d4e2580e-a33d-4ace-8877-59165345b343Arguments {}Start time 2022-07-27T15:48:54.437265548Z 2022-07-27T15:48:54.562896279Z info: (Stealthwatch Cloud_instance_1d4e2580e...

QShah by L0 Member
  • 3197 Views
  • 1 replies
  • 0 Likes

Resolved! Uninstall Demisto Server

I am having a little problem uninstalling the demisto server and the documentation isn't clear enough for me to follow(Uninstall Cortex XSOAR (paloaltonetworks.com) I tried the command specifed in the documentation and nothing happened which means that I didn't do it properly. How can I properly uninstall demisto??

Create dashboard or mail to report updates in own XSOAR content packs.

Hello, We're having some problems with some content packs compatibility in XSOAR, normally we update all them as soon as possible. However, sometimes they fail, so going back to the last version is needed. We'd like to have some visual information about how the versions of the content packs are updating, for exemple, to know if in the last 3 day...

Josep by L4 Transporter
  • 2084 Views
  • 2 replies
  • 0 Likes

Resolved! Problems with SentinelOne V2 Integration - 401

Hello, In the past few days our SentinelOne Integration has stopped working. I am seeing the following error; [Failed to execute test-module command. Error: Error in API call [401] - UNAUTHORIZED {"errors": [{"code": 4010010, "detail": null, "title": "Authentication Failed"}]} (85)] . In regards to the Server URL nothing has changed and all ot...

wildfire-get-sample (WildFire-v2) Permission Denied

Hello I'd like to use wildfire-get-sample (WildFire-v2) In the instances settings there is only one entry: API. That API I get from https://eu.wildfire.paloaltonetworks.com/wildfire/account In the instances I do a Test an it returned as "Success" But whatever I try in any Playbook, I always get: Reason Request Failed with status: 403 Reaso...

Resolved! Get Dashboard/Widget value from Cortex XSOAR

I created API key in setting and trying to get the dashboard/widget value (e.g. Playbook runs) from XSOAR but failed. In the API guideline, there is no example of body parameters in "Get Dashboard Statistics" or "Get Widget Statistics", so I have no idea what should I input in order to get the value. Would someone please help for this? Thanks.

ce13_0-1663730334768.png
ce13 by L1 Bithead
  • 3731 Views
  • 2 replies
  • 0 Likes

Not show tasks with errors in the layout when "stop on errors" is set to "no" inside the task.

The incident layout shows the tasks with "Waiting for user"(orange) and "Task with errors"(red). That's important so it can be checked, however some tasks are set with "stop on errors" to "no", because the playbook can be solved without those tasks. How can make this tasks not to show in the layout?

Josep by L4 Transporter
  • 1537 Views
  • 1 replies
  • 0 Likes
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks