Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Resolved! Custom Fields not showing in context data

Hi all,

 

I have two custom fields. Initially, these fields were added to the context data even if they are empty. Now, they don't get added at all. This code used to work demisto.incident()['customFields']['fieldhere'] to grab the custom fields, bu

...

Resolved! Create incident with Script

Hi all,

I am creating an incident with script as following:

uri = f'/incident' body = { "name": incident_name, "type": incident_type, "createInvestigation": True, #"rawJSON": json.dumps({'hello': 'test'}) }...

Resolved! Issue while usin 'JQ' Transformer

Hello,

I would like to use 'jq' Transformer as designed in a custom "Mapper", but it constantly says to me that error message, whatever I am testing :
===> "Result: Failed to execute jq. Error: the JSON object must be str, bytes or bytearray, not dict"

...

Chronicle Errors for a while now -

!gcb-list-detections alert_state="ALERTING" page_size="100" detection_for_all_versions="False" list_basis="CREATED_TIME" start_time="2023-07-17T14:52:46.000Z" end_time="2023-07-17T14:57:46.894Z" retry-count="2" retry-interval="30" is returning "Faile

...

NickyR by L1 Bithead
  • 369 Views
  • 1 replies
  • 0 Likes

Resolved! SearchIncidentsV2 not returning results

Hi, I am using SearchIncidentsV2 automation to loop through 2 IP addresses previously saved to IP incident key, to see if these IPs are showing in FireEye NX alerts. When I try to loop I receive empty foundIncidents key:  

 

 

 

When I hardcode the

...

MMagdic_0-1689670794647.png
MMagdic by L2 Linker
  • 685 Views
  • 8 replies
  • 0 Likes

Issues after upgrading XSOAR

Hello wonderful people,

 

I just upgraded XSOAR from version 6.9 to version 6.11 in a live environment.

 

The upgrade was successful but "I got failed to migrate podman containers" after the upgrade.

 

Also after all, whenever I try to pull data from

...

Resolved! Delete Indicators Command

1) Is there a way to delete a batch of indicators with a single command, let's say all IP addresses imported with Feed XXX?

2) When I change Domain indicator expire time (Indicator Type) from 14 days to 1 hour, after expiration time indicators are st

...

MMagdic by L2 Linker
  • 823 Views
  • 7 replies
  • 0 Likes

Resolved! Generate Investigation Summary Report

Hi

I have used the automation Generate Investigation Summary Report to generate a report of particular incident. But I am not getting full content in the report that is being generated. In war room I can see details but in the generated report inform

...

Himangi by L1 Bithead
  • 475 Views
  • 1 replies
  • 0 Likes