Cortex XSOAR Discussions

XSOAR RSS integration not fetching updated feed content

We have configured the RSS integration in the community supported RSS content pack (https://xsoar.pan.dev/marketplace/details/RSS) to ingest CISA NCAS alerts as incidents for our threat intel teams to investigate.  This is using the public feed at ht

Integration with Nexthink

The connection has been tested sucessfully but error during executing commands

QRadar Integration Magnitude Query not returning expected results

Got a QRadar integration. 
It's suppose to pull back offenses with magnitude > 4

However, our metrics are much higher than what the client expects.

When reviewing this case got pulled into XSOAR:

However, when exporting QRadar, the incident has the foll

Alerts are not fetched within time from QRadar

Hello Everyone,

Yesterday, I have observed delayed in offenses which comes from QRadar into XSOAR. I am confused with this type of behavior from XSOAR.

Offense which is triggered in QRadar : 29-03-2022 23:00PM

Same offense/Alerts is created in XSOAR :

Splunk custom index not getting incident in xsoar

I am using splunk 60 day free trial non-enterprise edition and created a new custom index in splunk and manually added a sample event csv format file in the new index and all date is 2 days ago sample data

splunk integration with xsoar does not genera

XSOAR test/free license - Paloalto ignoring a request from customer

I have tried to request test/free license of XSOAR using web form - (https://start.paloaltonetworks.com/sign-up-for-community-edition.html). Completely ignored. Then I asked for support - they pointed out to local rep. Local rep can do nothing, they

error Couldn't calc cores number [error 'open /proc/stat: too many open files']

Recently had some performance problems reported from my xsoar users.

Found a tenant crashing.  Upon investigating I found the following error in the logs:

App03 host:

error Couldn't calc cores number [error 'open /proc/stat: too many open files']error C

Default Admin Account sees more tenants where is SSO Administrator does not

Any thoughts on this -
I use my SSO account which is an is in the Administrator role.

I see 23 tenants.  No filter on.

My default admin account which is also in the administrator role shows 36.

The tenants my SSO account seems to be  missing seem are on

Demo Data / Incidents

For purposes of demo'ing / mocking data for testing; how do you handle that....

Curious is there any import function to mock up incident data within XSOAR?

Using IsRFC1918Address check on context in condition task

Hi,

I'm trying to use the condition to check if incident.destinationip is an public IP. But when selecting from context incident.destinationip and then IsRFC1918Address you need to fill in something in the right side. I checked the automation script