This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Rasterize PDF format queries

Hi, I created a PDF report using rasterize with HTML body content. The XSOAR variables I put contains URLs and Email addresses. My first challenge i faced was the variables when replaced with the acutal values (URLs and emails), they are clickable. I want to prevent this as this is a phishing analysis report and I do not want the viewer to acc...

XSOAR Engine Storage Requirements

Hi, As per the below link its mentioned minimum storage requirement for XSOAR engine is 100 GB. And for drive partition it is recommended to allocate 50 GB for /var and 50 GB for /home is XSOAR engine is getting installed on RHEL 8.x. In this case other partitions like /tmp, /usr, /etc doesn't require any space? https://docs.paloaltonetworks...

DP696 by L2 Linker
  • 2285 Views
  • 1 replies
  • 0 Likes

smb-upload (Server Message Block (SMB) v2): error

Hi, I want to upload a file from the XSOAR to a server, for this I want to use the smb-upload automation. Shared map is created, all correct rights are given, credentials in the XSOAR are correct. For now I'm just testing a simple test.txt file to upload I'm always running into the same error: Failed to execute smb-upload command. Error: R...

SteveB by L0 Member
  • 2984 Views
  • 1 replies
  • 0 Likes

Cortex XSOAR tool integrations methods

Hi, As per below link the integrations can be executed REST API, webhooks, and other techniques. So I'd like to know about what are the other methods available in XSOAR platform. https://xsoar.pan.dev/docs/concepts/concepts#:~:text=Product%20integrations%20(or%20apps)%20are%20mechanisms%20through%20which%20security%20orchestration%20platform...

DP696 by L2 Linker
  • 4826 Views
  • 3 replies
  • 0 Likes

Resolved! OS Requirement for Cortex XSOAR engine deployment

Hi, In one of the XSOAR documentation its mentioned "For all Linux deployments except RHEL 7.x (for example Ubuntu, CentOS, etc.). Automatically installs Docker, downloads Docker images, enables remote engine upgrade, and allows installation of multiple engines on the same machine. For RHEL 7.x, see Install Docker Distribution for Red Hat on C...

DP696 by L2 Linker
  • 4059 Views
  • 2 replies
  • 0 Likes

Resolved! Body email

Hi, In a playbook I'm using the automation 'send e-mail (EWSO365)'. In the body of the email I'm adding a list that the playbook has generated as following: Get inputs.BreachData Override input Where No filters applied Transformers JsonToTable (title: BreachData, headers: , is_auto_json_transform: , json_transform_properties: ) I ...

SteveB by L0 Member
  • 4484 Views
  • 2 replies
  • 0 Likes

Installing XSOAR HA and DR for one host with one tenant in multi tenant environment

Dears,Kindly need your support to get an answer for the following case:We are A MSSP environment, we have many clients.Our deployment is multi-tenant deployment with multiple hosts and each host has only one tenant on it.Our deployment is using a database and XSOAR App on the same server with no disaster recovery or high availability.One of our ...

Resolved! Generate context inside a while loop in an automation

An Api call is created in an automation program. The call to the API needs to wait for a value to set to "FINISHED", so a while loop is created waiting for this value. However, I'd like to know the current status of this value setting the value in context. Why is not setting this value on the context? status="" While status != "FINISHED": stat...

Josep by L4 Transporter
  • 3747 Views
  • 4 replies
  • 0 Likes

Endpoint Antivirus Exclusion list

Dears, Kindly need your support for the following:• we need to install the below as security controls on our XSOAR server (RHEL8):o McAfee Endpoint security (latest version) for Linux.o Cyber Reason EDR.• kindly provide what is the Antivirus exclusion list of Palo alto XSOAR.• Kindly clarify if there will be any damage, conflict, or issues to ...

Resolved! Linked incident offense close

Hi, A pre-process rule tests some condition and "link-close" incident into a previous one, and this works great. But i need to close related offense in qradar as well as the xsoar itself, with a sole preprocess rule deployed incident is closed in xsoar but offense in qradar remains open , any suggestion about how to close offense after incident-...

CIRCL hashlookup (hashlookup.circl.lu) 1.0.0 3167802 returns error when no results

When the integration is used on non-existent hash:!file file=2795b688bb5918e092e0ee33cd25aa98Then it end with error:ReasonFailed to execute file command. Error: Error in API call [404] - NOT FOUND {"message": "Non existing MD5", "query": "2795b688bb5918e092e0ee33cd25aa98"} Usually all other !file just return info that the hash was not found:URLh...

accepting custom cert -failed

Have followed this kb however under instance, it is still unable to test successfully when unchecking the trust all certification options under the integrated instance. https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/docker/configure-python-docker-integrations-to-trust-custom-certificates upon further checking, ...

Aneo_0-1657771048980.png

Create a PDF file from context

Hi,I am trying to create playbook where IOCs are extracted and enriched and then values are send as a PDF file via email.I reached the part where the IOCs are parsed and enriched, but I am stuck at creating the PDF file. Is it possible to create a PDF file? I am trying to add the contents as a table. I did try to add html via the context values ...

XSOAR Integration with Cisco IronPort Email API - Code Missed on Backend

Hi Team, Can you please help here to integrate Cisco ESA(API V2) with XSOAR . I have tried with the following integration from marketspace "Cisco IronPort Email API (Community Contribution)" which is developed using API v2. But unfortunately It pops' the below mentioned error while testing the connections. Error(Jun 27, 2022 09:49:34 AM)Did ...

Abu_Satorp_1-1656313179757.png
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks