Hi all, I wonder that if it is possible to show context data directly on layout, without mapping that data to incident field.
Hi, When will the cisco prime integration available in marketplace. Is there any license limitation to use Cisco prime content pack? Regards, Deepa
Hi, Here are two different emails subject: 1. Test email - Phishing Email 2. Test email - Ping Two playbooks: 1. Phishing Email 2. Ping Currently I have setup two instances of integration "Mail Listener v2" with corresponding incident types so that phishing email will go to playbook - phishing email and ping email will go to playbook - pi...
Hi, I created a PDF report using rasterize with HTML body content. The XSOAR variables I put contains URLs and Email addresses. My first challenge i faced was the variables when replaced with the acutal values (URLs and emails), they are clickable. I want to prevent this as this is a phishing analysis report and I do not want the viewer to acc...
Hi, As per the below link its mentioned minimum storage requirement for XSOAR engine is 100 GB. And for drive partition it is recommended to allocate 50 GB for /var and 50 GB for /home is XSOAR engine is getting installed on RHEL 8.x. In this case other partitions like /tmp, /usr, /etc doesn't require any space? https://docs.paloaltonetworks...
Hi, I want to upload a file from the XSOAR to a server, for this I want to use the smb-upload automation. Shared map is created, all correct rights are given, credentials in the XSOAR are correct. For now I'm just testing a simple test.txt file to upload I'm always running into the same error: Failed to execute smb-upload command. Error: R...
Is it possible for DEV and PROD servers to use the same set of engines? #DEV #PROD #XSOAR #ENGINE
Hi, As per below link the integrations can be executed REST API, webhooks, and other techniques. So I'd like to know about what are the other methods available in XSOAR platform. https://xsoar.pan.dev/docs/concepts/concepts#:~:text=Product%20integrations%20(or%20apps)%20are%20mechanisms%20through%20which%20security%20orchestration%20platform...
Hi, In one of the XSOAR documentation its mentioned "For all Linux deployments except RHEL 7.x (for example Ubuntu, CentOS, etc.). Automatically installs Docker, downloads Docker images, enables remote engine upgrade, and allows installation of multiple engines on the same machine. For RHEL 7.x, see Install Docker Distribution for Red Hat on C...
Hi, In a playbook I'm using the automation 'send e-mail (EWSO365)'. In the body of the email I'm adding a list that the playbook has generated as following: Get inputs.BreachData Override input Where No filters applied Transformers JsonToTable (title: BreachData, headers: , is_auto_json_transform: , json_transform_properties: ) I ...
Dears,Kindly need your support to get an answer for the following case:We are A MSSP environment, we have many clients.Our deployment is multi-tenant deployment with multiple hosts and each host has only one tenant on it.Our deployment is using a database and XSOAR App on the same server with no disaster recovery or high availability.One of our ...
An Api call is created in an automation program. The call to the API needs to wait for a value to set to "FINISHED", so a while loop is created waiting for this value. However, I'd like to know the current status of this value setting the value in context. Why is not setting this value on the context? status="" While status != "FINISHED": stat...
Dears, Kindly need your support for the following:• we need to install the below as security controls on our XSOAR server (RHEL8):o McAfee Endpoint security (latest version) for Linux.o Cyber Reason EDR.• kindly provide what is the Antivirus exclusion list of Palo alto XSOAR.• Kindly clarify if there will be any damage, conflict, or issues to ...
Hi, A pre-process rule tests some condition and "link-close" incident into a previous one, and this works great. But i need to close related offense in qradar as well as the xsoar itself, with a sole preprocess rule deployed incident is closed in xsoar but offense in qradar remains open , any suggestion about how to close offense after incident-...
When the integration is used on non-existent hash:!file file=2795b688bb5918e092e0ee33cd25aa98Then it end with error:ReasonFailed to execute file command. Error: Error in API call [404] - NOT FOUND {"message": "Non existing MD5", "query": "2795b688bb5918e092e0ee33cd25aa98"} Usually all other !file just return info that the hash was not found:URLh...
