How do you recommend enriching/investigating encrypted emails in O365 that are only viewable to the intended recipient?
Note: This question was asked during our Customer Success Webinar: Phishing V3
How many emails does the ML model need to be created?
Note: This question was asked during our Customer Success Webinar: Phishing V3
Could you please indicate which parts are changed from v2 to v3 as you go through the new playbook?
Note: This question was asked during our Customer Success Webinar: Phishing V3
Hello, I am attempting to configure an Ask Task to send one email only with no retries and an end by SLA condition. I have implemented the settings to no retries (default) and to end the task upon SLA Breach 6 hours. Once saving the playbook I see th
...
Hello team,
I'm trying to use the extended context feature to keep only the data I'm interrested in and put them where I need them to be.
The automation I'm using is infoblox-get-ip from Infoblox integration.
Here is the output of the automation:
I'm
...
Hi,
I was making 2 playbooks.
In the first playbook, after creating the same I scheduled it as a job. Each time the job runs, it creates a incident case. How do I prevent the incident case from being created when the job runs?
In the second playbook,
...
Hi,
I am trying to create a playbook that
1) Searches for expired accounts in AD
2) Retrieves the sAMAccountName, Display name and expired date
3) Delete the accounts
4) Sent an email notification with the details of the accounts deleted.
I created the l
...
Hi, I configured TAXII Server v1 on Cortex XSOAR. I am trying to get understand the idea of collections. I wish to create a multiple collections within XSOAR so that when a taxii client polls for the list of collections, it can see the list and selec
...
We are experiencing the weird behavior, where the "tanium-tr-alert-update-state" command update all alert status.
The full command used is as below
!tanium-tr-alert-update-state alert_ids=2267 state=resolved
I have updated the Tanium Threat Response V2
...
Greetings,
So I have been pulling rasterized images with the names of the URLs attached into XSOAR and attempting to pipe them into some ServiceNow tickets, but character restrictions are giving the system issues on what files to call during the uploa
Hi all,
I have problem and I would like please you for help.
My target is, from API (via postman) run some playbook with own data. For example, call playbook, where I added into playbook Inputs property "Left".
How I tried set $Input.Left from my API,
...
Hi,
There is a playbook task at one of the early steps which asks analyst to start investigation or not. The below command let me change owner to command executer himself but i need this execution inside the playbook. When an analyst click "Yes" to p
...
I am trying to use the built in demisto-api-download autmation to download a file from our hosted xsoar instance
I am struggling to figure out how to format my command in the automation. From the documentation these are the inputs :
Arguments Descrip
...
I am attempting to use the Email Communication type to create email threads instead of new incidents when a reply is received. From what I understand you set a Proccessing-Rule based on type and then set "Run a script" to Pre-process email script. I
...
Hello guys,
I'm currently trying to create a Playbook that auto-categorize already analyzed phishing email, let me explain :
Here is the current process :
1. An analyst tags an email as Phishing using Outlook categories in the main Email box
2. Thanks to
...
