Cortex XSOAR Discussions

Question from "Dev to Prod" Webinar - restructuring and creating directories for content items

Has there been any consideration into restructuring and creating directories for the various content items vs the current strategy of everything going into a flat list? When you get to a point where there is a lot of content it becomes very burdensom

...

Question from "Dev to Prod" Webinar - Ansible

Can ansible used for deployment of SOAR ?

**Note: this is a question from our CS Webinar: Dev to Prod Configuration and Best Practices in Cortex XSOAR

Question from "Dev to Prod" Webinar - Export Custom Content

Will Export Custom Content export a change to a system field (Like setting "Owner" to mandatory? This has not been my experience.

**Note: this is a question from our CS Webinar: Dev to Prod Configuration and Best Practices in Cortex XSOAR

Integrating Palo Alto XSOAR or leveraged any other API integration with any of the following next-gen firewalls: Checkpoint Smart Log, Fortinet, a

Has anyone tried integrating Palo Alto XSOAR or leveraged any other API integration with any of the following next-gen firewalls: Checkpoint Smart Log, Fortinet, and Cisco firewalls for running automated searches for IOCs such as IP addresses, URLs f

...

QRadar API get assets query

Does anyone know with QRadar Integration: "qradar-assets-list"

This retrieves information such as

The above asset (1278) has vulnerabilities and 2 products installed, but it only provides me with a vulnerability count and product IDs.

1. How do I que

...

Resolved! Integration - Referencing Input from previous automation

Hey there. I have what I believe to be a python syntax question. We have a playbook with two automations. The first downloads a file, which is successful. The first automation has an output of the EntryID.

The second automation needs to use the entry

...

how to get incident xdr my endpoint only in xsoar

I successfully configured and integrated xdr into Xsoar

but in xsoar incidents page it gets all common incidents from XDR but i need to get only my own endpoint user incident

there is a filter option in the xdr incident to use and check your own end us

...

Screen Shot 2022-04-25 at 10.28.19 PM.png

Screen Shot 2022-04-26 at 12.03.31 AM.png

Cortex XSOAR integration

Hi, I want to poll for Status that is nested under Results. See below example :

I have this output when running the command tn-get-question-result

Tanium.QuestionResult
{
"QuestionID": "455036",
"Results": [
{
"ComputerName": "WIN-KBR5CNLJK52.icdc-caas.loca

...

Resolved! ServiceNow pulling rasterized images

Hey all,

I am having trouble getting the SN integration to pull the rasterized images into a SN ticket with the 'servicenow-upload-file' automation. I've tried to just upload all .png which seems to skip the rasterized images. Also trying to pull

...

Resolved! multitenant deployment main dashboard problem

Hi,

I have a multitenant deployment holding 30+ accounts, in my main account dashboard page it is unable to populate statistics such as incident count etc. It just keeps loading with no error. Any idea how can i sort this.

Regards.

Resolved! Sumo Logic integration error: This operation is not allowed for your account type

Hi all,

the integration with Sumo Logic failed to work and now I get the error:

2022-04-22 12:41:51.3031 error Could not fetch incidents from SumoLogic instance : SumoLogic_instance_1 [error 'Script failed to run: Status: 403
ID: WOXBU-A2PLF-BUHRT
Code

...

Add event data into "incident summary" section in "incident info"

Hi,

Is there any way to add a specific event field into "incident info" page to visualize in the "Incident Summary" section. Let's say a request url is not included in incident info but in event info we have the url information..

Regards.

Resolved! Error while closing incident

Hi!

we are testing XSOAR on a local VM. We have created several incidents via an integration with our Threat intel solution.

When we are going to close an incident.. it doesn't close!

We get no error from the UI. If we go to the VM console, from /var/l

...

ip list retention

Hi,

In our environment we have a list to hold ip addresses with comma seperated format, how can we provide data retention for each ip addresses within the list.

Regards.

How to change Dashboard Widget Date Range from occurred to closed date

Looking at some of my widgets on my dashboard, i noticed there is a date range filter. But is there a way to specify to use the closed date and not the occurred date?

Cortex XSOAR Discussions

Discussions

Question from "Dev to Prod" Webinar - restructuring and creating directories for content items

Question from "Dev to Prod" Webinar - Ansible

Question from "Dev to Prod" Webinar - Export Custom Content

Integrating Palo Alto XSOAR or leveraged any other API integration with any of the following next-gen firewalls: Checkpoint Smart Log, Fortinet, a

QRadar API get assets query

Resolved! Integration - Referencing Input from previous automation

how to get incident xdr my endpoint only in xsoar

Cortex XSOAR integration

Resolved! ServiceNow pulling rasterized images

Resolved! multitenant deployment main dashboard problem

Resolved! Sumo Logic integration error: This operation is not allowed for your account type

Add event data into "incident summary" section in "incident info"

Resolved! Error while closing incident

ip list retention

How to change Dashboard Widget Date Range from occurred to closed date

Missing button scripts from content packs

Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

Default Field Mapping in QRadar Content Pack 2.5.7 on XSOAR 6.12

Field Change Script To System Fields

How to Copy Incident Files from Linked Incidents

Re: Missing button scripts from content packs

Re: Editing custom content via XSOAR UI and local PC

Is there a way to obtain Cortex XSOAR community edition

Re: Extracting fields from Context/JSON in Playbook

Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Unlock your full community experience!

Cortex XSOAR Discussions

Resolved! Integration - Referencing Input from previous automation

Resolved! ServiceNow pulling rasterized images

Resolved! multitenant deployment main dashboard problem

Resolved! Sumo Logic integration error: This operation is not allowed for your account type

Resolved! Error while closing incident