Cortex XSOAR Discussions

Resolved! Changing the owner of an Incident X from another Incident Y

Hi everyone, I'm struggling to make my use case work.

I need to use a playbook X, to change the owner of a specific incident using IncidentID.

Do you ever had this need?

I think I can do it using RestAPI, but i'm failing.

Thanks

Resolved! XSOAR Qradar Integration Set Range Limit

Hi,

I succeeded XSOAR integration with Qradar. But I keep getting timeout warnings. I solved this problem by entering parameter "--env=REQUEST_TIME OUT=1500". But I caught that the real problem is in the query. To give an example of this, I enter the

...

Using IsRFC1918Address check on context in condition task

Hi,

I'm trying to use the condition to check if incident.destinationip is an public IP. But when selecting from context incident.destinationip and then IsRFC1918Address you need to fill in something in the right side. I checked the automation script

...

Resolved! Docker running as non-root, but hardening script fails?

Relatively new admin to XSOAR; previous admin has left.

Just completed upgrade to latest 6.5 version.

Could anyone help me understand the following:

I have a service account that seems to run xsoar demisto server containers; used ps-ef|grep demisto and

...

[error 'open /proc/stat: too many open files']

Recently had some performance problems reported from my xsoar users.

Found a tenant crashing. Upon investigating I found the following error in the logs:

App03 host:

error Couldn't calc cores number [error 'open /proc/stat: too many open files']error C

...

Resolved! X out of X accounts returned an error during a multi-account request

Seeing the following every multiple times a minute in my server.log

Note i replaced the host with <host>

error Some requests to accounts failed for incidents export [error '2 of 18 requests to accounts failed! failing accounts are [acc_Dem01,acc_Demi

...

FortiSEIM Integration - Auth Issues

Dear All ,

FortiSiem integration is failing due to the Auth issues , Your help would be appreciated

Resolved! Field Trigger Script / Broswer Caching Issue?

I have a field trigger script on dbot status changing; essentially updating a custom field to nothing if the an incident is re-opened.

if field=="dbotStatus" and old=="Closed" and new=="Active" and incidentType=="Azure Sentinel":
demisto.executeComman

...

XSOAR - How to pull file from context in playbook

Hello,

I am trying to pull a file from the context. I tried pulling the 'EntryId' for the file, but the playbook returned an error saying there was not a file at that file path. Is it possible to pull a file from the context, and if so, how can it be

...

Generic Webhook - Integration Issues

Dear Team ,

We are unable to fetch incidents via web-hook integration , it thrown an error (

{"detail":"Method Not Allowed"} )

while testing

your help would be greatly appreciated

Error trying to move an account to a different host

We have a MT XSOAR deployment, and I need to move a created account that is on the main host to a different one, when I try to move the account I get the error

"Account acc_XXXX could not be moved to HOST because address phoenix.scilabs.mx: missing p

...

Captura de pantalla 2022-02-23 123157.jpg

Resolved! Creating Multiple Widgets on Layout to Show Different Images

Hello,

I have multiple screenshots from various tasks in the playbook such as Rasterize among others from a Sandbox Integration. I would like to make individual widgets on the Layout that can display these Image Files Separately.

1. Can the images be

...

trying to return raw output vs formatted

!py script=`return_results(demisto.executeCommand("azure-sentinel-list-incident-entities", {"incident_id":"xxxxxxx-xxxxxx-xxxxx"}))`

The above works and turns in human readable format; however i want to return the raw json.

This works:
!azure-sentinel-

...

Resolved! Xsoar Twitter Entegration

Hi Everyone,

We try to use twitter api on XSOAR.We created instince and try to test connection and get error:

AttributeError: 'Client' object has no attribute 'say_hello'

Anyone saw this error?

Thanks for helps.

sentinel integration, azure-sentinel-update-incident, not able to set to active

I can close an azure incident in xsoar war-room with the following:

!azure-sentinel-update-incident incident_id="xx-xxxxx-xxxxx" status="Closed" classification="Undetermined"

However when i try to re-open the incident in azure from war-room with the f

...

Cortex XSOAR Discussions

Discussions

Resolved! Changing the owner of an Incident X from another Incident Y

Resolved! XSOAR Qradar Integration Set Range Limit

Using IsRFC1918Address check on context in condition task

Resolved! Docker running as non-root, but hardening script fails?

[error 'open /proc/stat: too many open files']

Resolved! X out of X accounts returned an error during a multi-account request

FortiSEIM Integration - Auth Issues

Resolved! Field Trigger Script / Broswer Caching Issue?

XSOAR - How to pull file from context in playbook

Generic Webhook - Integration Issues

Error trying to move an account to a different host

Resolved! Creating Multiple Widgets on Layout to Show Different Images

trying to return raw output vs formatted

Resolved! Xsoar Twitter Entegration

sentinel integration, azure-sentinel-update-incident, not able to set to active

XSOAR 8 + Export Data to On-premise for Retention Compliance

How to include the initial Email as attachment OR how to reply on the same Email sent

Missing button scripts from content packs

Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

Default Field Mapping in QRadar Content Pack 2.5.7 on XSOAR 6.12

Re: Missing button scripts from content packs

Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Re: How to include the initial Email as attachment OR how to reply on the same Email sent

Automating SLA in XSOAR with Reminders and Reset on Updates

Re: How to include the initial Email as attachment OR how to reply on the same Email sent

Unlock your full community experience!

Cortex XSOAR Discussions

Resolved! Changing the owner of an Incident X from another Incident Y

Resolved! XSOAR Qradar Integration Set Range Limit

Resolved! Docker running as non-root, but hardening script fails?

Resolved! X out of X accounts returned an error during a multi-account request

Resolved! Field Trigger Script / Broswer Caching Issue?

Resolved! Creating Multiple Widgets on Layout to Show Different Images

Resolved! Xsoar Twitter Entegration