Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Question about the execution of the Set Assignee Task

In my playbook, I have a task that runs the Set Assignee Task script, sending an email as a parameter. During the flow execution, this task remains in the waiting status, displaying the message: waiting for user input to continue this task. I would like to understand why this task is not executed automatically.

Problem with Cisco WSA Proxy integration

Hello Team, I have a problem with Cisco WSA Proxy integration. I'm trying to connect XSOAR with Cisco WSA Proxy through Cisco WSA v2 integration. The user for this API has full administrator rights, authentication is successful, and I get a response for a GET request - !cisco-wsa-url-categories-list successfully. When I'm trying to execute ...

YuliyanD by L0 Member
  • 1559 Views
  • 2 replies
  • 0 Likes

Adding a Timestamp/Date to Custom Report Subject

Hola Livecomm, I have a very trivial question; I want to define a custom subject for my reports to include the date or timestamp of when it runs. I have researched this extensively and have found the Server Configuration Key for this but it does not guide me on how to add a variable that can include the date of which the report has run. For exam...

Resolved! Where is the XSAOR 8 CLI Reference?

In the XSOAR 8.x documentation there are examples of CLI commands, including Integration commands, system commands, and information about how to escape specific characters.However, try as I might, I can't seem to find an authoritative XSOAR CLI reference. Browsing down the list of possible commands in CLI might be OK in a pinch, but it's no subs...

mattem by L1 Bithead
  • 3303 Views
  • 1 replies
  • 0 Likes

Customfield in JIRA

Hi,I have integrated JIRA with XSOAR.I have created a custom field in JIRA which has a dropdown list with options. I want the value to be populated in JIRA by XSOAR.I am using jira edit issue automation where I am providing {"fields":{"customfield_xyz":{"value":"${abc.answer0}"}}} in issuejson. I can see the abc.answer in task output of the play...

Himangi by L2 Linker
  • 771 Views
  • 1 replies
  • 0 Likes

Resolved! Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

Dear Community, I read the documentation about Threat Intelligence Management (TIM) from this article before https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/what-is-everyone-doing-with-their-tim-license/td-p/548211?attachment-id=12602. However, that document is not updated, and there is no mention of best practices for managing T...

AFaruq_0-1750923154291.png
A.Faruq by L1 Bithead
  • 1871 Views
  • 1 replies
  • 0 Likes

Unclassified incident management: incidents remain in active status

Hi all, in XSOAR 6.8 I created a custom incident type to automatically handle the closure of unclassified incidents. In 'Incidents Classification Editor' I set this type to 'Direct unclassified events to:'. The type is correctly associated with the unclassified incidents and also the playbook but the playbook is not automatically executed and ...

Resolved! 8.9 On-Prem Update Fails to Update

I have a very-small XSOAR setup of one dev and one prod server on-prem 8.9.0-8.9.0.140-b55c42e1. There are currently no workloads on these servers as they are replacing some 6.x servers that are in production currently. I received a notification after logging in that an update to 8.9.0.155 is available. Since there are no workloads, I told it to...

sackett by L1 Bithead
  • 1333 Views
  • 1 replies
  • 0 Likes

How to Get all Recipients of an email message with EWS O365 Integration Query

Hello, I am integrating XSOAR with EWS O365, and I am building a phishing PB, that starts with query based on subject of an email, in order to get the item-id of that email message and also the recipients of that email to take action on each of them. The problem is that, when I run the search based on the subject using !ews-search-mailbox quer...

Mass Closure of XSIAM Incidents

Hello team!I would like to know if there is an option for mass closure of incidents in XSIAM.I have the following scenario of 2000 open incidents and I would like to perform mass closure of these open cases. Is there any way to do this?

Resolved! Access a list from an integration

To access a list from an automation I use something like: json = json.loads(demisto.executeCommand("getList", {"listName": "blabla"}) However, from an integration I cannot use the executeCommand method. Is there any way to access a list from an integration? If it is not possible, what alternative do I have to access static information (it is a ...

rdevega by L1 Bithead
  • 5816 Views
  • 6 replies
  • 0 Likes

XSOAR Technical query on HA cluster & license.

Hi Team, The standard customer having some other technical query. Below are the details: When installing cluster from the textual UI, it made me choose the region (default US). How do I change the region AFTER cluster installation completed? How do I know which region does my XSOAR license associate to? Please assist.

Use of Microsoft Graph Security

Hi, Has anyone used the msg-list-security-incident command from the Microsoft Graph Security integration with an odata query. It is specified in the documentation as an optional parameter, but when I try to use it I get an error stating odata is not valid. I am using the Cloud Xsoar.

  • 1304 Posts
  • 45 Subscriptions