This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Customfield in JIRA

Hi,I have integrated JIRA with XSOAR.I have created a custom field in JIRA which has a dropdown list with options. I want the value to be populated in JIRA by XSOAR.I am using jira edit issue automation where I am providing {"fields":{"customfield_xyz":{"value":"${abc.answer0}"}}} in issuejson. I can see the abc.answer in task output of the play...

Himangi by L2 Linker
  • 712 Views
  • 1 replies
  • 0 Likes

Resolved! Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

Dear Community, I read the documentation about Threat Intelligence Management (TIM) from this article before https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/what-is-everyone-doing-with-their-tim-license/td-p/548211?attachment-id=12602. However, that document is not updated, and there is no mention of best practices for managing T...

AFaruq_0-1750923154291.png
A.Faruq by L1 Bithead
  • 1735 Views
  • 1 replies
  • 0 Likes

Unclassified incident management: incidents remain in active status

Hi all, in XSOAR 6.8 I created a custom incident type to automatically handle the closure of unclassified incidents. In 'Incidents Classification Editor' I set this type to 'Direct unclassified events to:'. The type is correctly associated with the unclassified incidents and also the playbook but the playbook is not automatically executed and ...

Resolved! 8.9 On-Prem Update Fails to Update

I have a very-small XSOAR setup of one dev and one prod server on-prem 8.9.0-8.9.0.140-b55c42e1. There are currently no workloads on these servers as they are replacing some 6.x servers that are in production currently. I received a notification after logging in that an update to 8.9.0.155 is available. Since there are no workloads, I told it to...

sackett by L1 Bithead
  • 1246 Views
  • 1 replies
  • 0 Likes

How to Get all Recipients of an email message with EWS O365 Integration Query

Hello, I am integrating XSOAR with EWS O365, and I am building a phishing PB, that starts with query based on subject of an email, in order to get the item-id of that email message and also the recipients of that email to take action on each of them. The problem is that, when I run the search based on the subject using !ews-search-mailbox quer...

Mass Closure of XSIAM Incidents

Hello team!I would like to know if there is an option for mass closure of incidents in XSIAM.I have the following scenario of 2000 open incidents and I would like to perform mass closure of these open cases. Is there any way to do this?

Resolved! Access a list from an integration

To access a list from an automation I use something like: json = json.loads(demisto.executeCommand("getList", {"listName": "blabla"}) However, from an integration I cannot use the executeCommand method. Is there any way to access a list from an integration? If it is not possible, what alternative do I have to access static information (it is a ...

rdevega by L1 Bithead
  • 5465 Views
  • 6 replies
  • 0 Likes

XSOAR Technical query on HA cluster & license.

Hi Team, The standard customer having some other technical query. Below are the details: When installing cluster from the textual UI, it made me choose the region (default US). How do I change the region AFTER cluster installation completed? How do I know which region does my XSOAR license associate to? Please assist.

Use of Microsoft Graph Security

Hi, Has anyone used the msg-list-security-incident command from the Microsoft Graph Security integration with an odata query. It is specified in the documentation as an optional parameter, but when I try to use it I get an error stating odata is not valid. I am using the Cloud Xsoar.

Use of a Certificate in a Script

Hi, I am wanting to connect to the MicrosoftExchangeOnline (EXO) powershell module in a scrip. I have the module working but to connect to EXO from a script you must use a managed identity with a certificate. It does not support a secret key. I see I can add certificates in Xsoar, but I don't see a way to use them other than in an integration....

How to search for multiple attributes with MISPv3 integration

We have not been able to search for multiples values in the XSOAR MISPv3 integration with the command: !misp-search-attributes I got some tips from the community but it does not seem to work either !misp-search-attributes value=`${list.['8.8.8.8', '4.4.4.4']}` This integration is using pymisp i think, and it should be possible to pass an a...

  • 1300 Posts
  • 45 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks