This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

CIRCL hashlookup (hashlookup.circl.lu) 1.0.0 3167802 returns error when no results

When the integration is used on non-existent hash:!file file=2795b688bb5918e092e0ee33cd25aa98Then it end with error:ReasonFailed to execute file command. Error: Error in API call [404] - NOT FOUND {"message": "Non existing MD5", "query": "2795b688bb5918e092e0ee33cd25aa98"} Usually all other !file just return info that the hash was not found:URLh...

accepting custom cert -failed

Have followed this kb however under instance, it is still unable to test successfully when unchecking the trust all certification options under the integrated instance. https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/docker/configure-python-docker-integrations-to-trust-custom-certificates upon further checking, ...

Aneo_0-1657771048980.png

Create a PDF file from context

Hi,I am trying to create playbook where IOCs are extracted and enriched and then values are send as a PDF file via email.I reached the part where the IOCs are parsed and enriched, but I am stuck at creating the PDF file. Is it possible to create a PDF file? I am trying to add the contents as a table. I did try to add html via the context values ...

XSOAR Integration with Cisco IronPort Email API - Code Missed on Backend

Hi Team, Can you please help here to integrate Cisco ESA(API V2) with XSOAR . I have tried with the following integration from marketspace "Cisco IronPort Email API (Community Contribution)" which is developed using API v2. But unfortunately It pops' the below mentioned error while testing the connections. Error(Jun 27, 2022 09:49:34 AM)Did ...

Abu_Satorp_1-1656313179757.png

Resolved! Assigning an array of Values to a key/variable

Hey guys, I'm working on separating internal and external IP(s) on a playbook and I want to use those values in a email body. So currently I'm using a temporary list to store IP(s) then call when needed in the same playbook with ${lists.templist}. But I have two limitations with this approach, Cannot add more than one IP, as setList fails. ...

Communication Task Authentication failed

Hi, I want users to authenticate in Cortex XSOAR before answering the form sent by mail like explained here https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-5/cortex-xsoar-admin/playbooks/playbook-tasks/communication-tasks/create-a-data-collection-task/create-communication-task-authentication The AD authentication instance seems to work...

lulu42 by L0 Member
  • 1940 Views
  • 1 replies
  • 0 Likes

Handling errors in a playbook

I'm looking to change the flow of my playbook not only if errors are encountered in my tasks, but dependant also on what those errors are. I found a tutorial on docs.paloaltonetworks.com that included this: Step 3: For new tasks, in the Task Name field, type a meaningful name for the task that corresponds to the data you are collecting. Step 4...

Dbot Score for Virustotal IP check is always 1

Hey Guys, I'm facing this issue that doesn't matter how malicious the IP is Dbotscore is being 1 for the VT IP automation, Things I tried, 1. Setting a threshold in VT integration for 1. 2 . Setting the reliability to A+ 2. Running the command !ip ip="54.37.136.187" long="false" threshold="1" sampleSize="10" wait="60" retries="0" fullResp...

Resolved! SetGridField Issue

I'm testing the inbuilt playbook "Integrations and Incidents Health Check" , however it throws an error on the block which contains SetGridField, which is the error shown below. I have few questions regarding the automation and troubleshooting,1) What is grid field mentioned in troubleshooting? is it the same as the grid_id?2) Is grid_Id is ju...

vidurasupun_0-1655096548235.png

Resolved! A question from the Phishing V3 webinar: Investigation

It does within an isolated container. We use XSOAR to investigate all kinds of malicious content and it is designed for it - Can we get more information on this? Is it the hardening of Docker ? or others? Note: This question was asked during our Customer Success Webinar: Phishing V3

rtsedaka by L6 Presenter
  • 2588 Views
  • 1 replies
  • 0 Likes
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks