Resolving CrowdStrike ODS Scan Detections With Integration

Hello LiveComm,

I am trying to change the status and assignment of ODS (On Demand Scans). I have tried to use the !cs-falcon-resolve-detection command but receive a 400 error.

XSOAR - Question Regarding Incident Tasks

Hello everyone, I noticed that when a task in a playbook has an error or requires some sort of input, said task appears in the tab "Playbook Tasks" (attached an image for reference). I was wondering how XSOAR gets that specific information in that ta

buttons to allow specific continuation of workplan

Hi everyone,
I need your help. When a task reaches certain thresholds, Cortex XSOAR sends an email to the analyst.

My goal is to have the analyst review all the evidence and then the anayst click a button to either approve or deny the continuation of

Installation

How to download the .sh script file for xsoar installation on linux???

Error Handling In Playbooks/Integrations

Hi All,

I want to know is there any built in configuration/settings/playbook or any module that helps to handle playbook error(error handling). Error/On Continue Task level error handling is not enough so i want if there is any integration issue or c

8.9 On-prem Install Documentation Confusion

Hello, I'm trying to install our extra-small single server on-prem 8.9 XSOAR and ran into some confusion with the documentation. I didn't see a way to report the issue elsewhere so I thought it might be helpful here.
https://docs-cortex.paloaltonetwor

sub-playbook looping behavior

Do sub-playbooks self loop on arrays or just lists?

I can get a sub-playbook to loop “for each input” of a list, but not an array of the same data. 

Thx

XSOAR - Transform Language

Hello everyone, I would like to ask how to get the user.name value from this context data.
I tried using the syntax ${incident.labels.user.name}, but it didn’t work.

Here's the context structure:

Changing Multiple Docker Images at once

Hey,

We are offline users

We updated from 6.12 -> 6.14, Then after the update, the docker images changed, and it's causing a lot of ": Script failed to run: failed to pull docker Image "demisto/python 3:3.11.10.113941"

Now, to fix it I need to chan

Download from War Room

Is there a script or command line call that can be used to download an entry from the War Room?

I have a script assigned to a button that generates a report and the report download is then entered into a War Room entry when executed/generated.

I

What integration I should use to run KQL query against MS Sentinel

I have MS Sentinel subscription that generate alert. I used "Microsoft Sentinel" to fetch the alert, now I want to run some KQL base on the alert information, what integration I should use? is that "Azure Log Analytics"

Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Hi everyone,

How can I fetch Next-Gen SIEM alerts from CrowdStrike into XSOAR? I have already set up my Falcon integration, and I can fetch categories like endpoint detection.

As seen in the image, there is a query section available to fetch differen

How to "empty" a field value in XSOAR, or remove the value?

Tried to remove a value of a field to "empty" 

For example "setIncident fieldname=None and !setIncident fieldname="" 

But that doesn't work, does anyone how how to remove the value?