This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Are XSOAR incident type updated?

Hello, When an incident comes to XSOAR the classifier set the incident type. I would like to know if the incident is updated with new alerts (for ex. in Cortex XDR), will the incident type in XSOAR be updated if needed or is the type set and never change (like the incident name)? When an incident is updated does the entire process runs again (cl...

lulu42 by L0 Member
  • 1824 Views
  • 1 replies
  • 0 Likes

Resolved! RHEL Installer Type and Podman Installation Steps

1. What RHEL installer type (minimal or full fledge GUI) should be considered for XSOAR engine server? 2. Is there any documentation by Palo Alto on Podman proxy configuration for XSOAR Engine installation and any specific URLs required to be whitelisted for Podman like Docker? The following URL has information on Docker but not related to ...

gnakhede by L1 Bithead
  • 3741 Views
  • 3 replies
  • 0 Likes

Setting up classification & mapping for email ingest

Hi, Here are two different emails subject: 1. Test email - Phishing Email 2. Test email - Ping Two playbooks: 1. Phishing Email 2. Ping Currently I have setup two instances of integration "Mail Listener v2" with corresponding incident types so that phishing email will go to playbook - phishing email and ping email will go to playbook - pi...

ce13 by L1 Bithead
  • 2346 Views
  • 1 replies
  • 0 Likes

Rasterize PDF format queries

Hi, I created a PDF report using rasterize with HTML body content. The XSOAR variables I put contains URLs and Email addresses. My first challenge i faced was the variables when replaced with the acutal values (URLs and emails), they are clickable. I want to prevent this as this is a phishing analysis report and I do not want the viewer to acc...

XSOAR Engine Storage Requirements

Hi, As per the below link its mentioned minimum storage requirement for XSOAR engine is 100 GB. And for drive partition it is recommended to allocate 50 GB for /var and 50 GB for /home is XSOAR engine is getting installed on RHEL 8.x. In this case other partitions like /tmp, /usr, /etc doesn't require any space? https://docs.paloaltonetworks...

DP696 by L2 Linker
  • 2345 Views
  • 1 replies
  • 0 Likes

smb-upload (Server Message Block (SMB) v2): error

Hi, I want to upload a file from the XSOAR to a server, for this I want to use the smb-upload automation. Shared map is created, all correct rights are given, credentials in the XSOAR are correct. For now I'm just testing a simple test.txt file to upload I'm always running into the same error: Failed to execute smb-upload command. Error: R...

SteveB by L0 Member
  • 3050 Views
  • 1 replies
  • 0 Likes

Cortex XSOAR tool integrations methods

Hi, As per below link the integrations can be executed REST API, webhooks, and other techniques. So I'd like to know about what are the other methods available in XSOAR platform. https://xsoar.pan.dev/docs/concepts/concepts#:~:text=Product%20integrations%20(or%20apps)%20are%20mechanisms%20through%20which%20security%20orchestration%20platform...

DP696 by L2 Linker
  • 5154 Views
  • 3 replies
  • 0 Likes

Resolved! OS Requirement for Cortex XSOAR engine deployment

Hi, In one of the XSOAR documentation its mentioned "For all Linux deployments except RHEL 7.x (for example Ubuntu, CentOS, etc.). Automatically installs Docker, downloads Docker images, enables remote engine upgrade, and allows installation of multiple engines on the same machine. For RHEL 7.x, see Install Docker Distribution for Red Hat on C...

DP696 by L2 Linker
  • 4153 Views
  • 2 replies
  • 0 Likes

Resolved! Body email

Hi, In a playbook I'm using the automation 'send e-mail (EWSO365)'. In the body of the email I'm adding a list that the playbook has generated as following: Get inputs.BreachData Override input Where No filters applied Transformers JsonToTable (title: BreachData, headers: , is_auto_json_transform: , json_transform_properties: ) I ...

SteveB by L0 Member
  • 4577 Views
  • 2 replies
  • 0 Likes

Installing XSOAR HA and DR for one host with one tenant in multi tenant environment

Dears,Kindly need your support to get an answer for the following case:We are A MSSP environment, we have many clients.Our deployment is multi-tenant deployment with multiple hosts and each host has only one tenant on it.Our deployment is using a database and XSOAR App on the same server with no disaster recovery or high availability.One of our ...

Resolved! Generate context inside a while loop in an automation

An Api call is created in an automation program. The call to the API needs to wait for a value to set to "FINISHED", so a while loop is created waiting for this value. However, I'd like to know the current status of this value setting the value in context. Why is not setting this value on the context? status="" While status != "FINISHED": stat...

Josep by L4 Transporter
  • 3860 Views
  • 4 replies
  • 0 Likes

Endpoint Antivirus Exclusion list

Dears, Kindly need your support for the following:• we need to install the below as security controls on our XSOAR server (RHEL8):o McAfee Endpoint security (latest version) for Linux.o Cyber Reason EDR.• kindly provide what is the Antivirus exclusion list of Palo alto XSOAR.• Kindly clarify if there will be any damage, conflict, or issues to ...

  • 1303 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks