This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Sending only one email for an Ask Task

Hello, I am attempting to configure an Ask Task to send one email only with no retries and an end by SLA condition. I have implemented the settings to no retries (default) and to end the task upon SLA Breach 6 hours. Once saving the playbook I see that the SLA Breach setting is returned to original state without being marked. This is a relative...

Resolved! Unable to retrieve output value while using extended context

Hello team, I'm trying to use the extended context feature to keep only the data I'm interrested in and put them where I need them to be. The automation I'm using is infoblox-get-ip from Infoblox integration. Here is the output of the automation: I'm setting the following string in the Extended Context field (splitted on multiple lines for bette...

screen1.png
screen3.PNG

Resolved! How to prevent IOCs and Incident Cases from being created when running playbooks

Hi, I was making 2 playbooks.In the first playbook, after creating the same I scheduled it as a job. Each time the job runs, it creates a incident case. How do I prevent the incident case from being created when the job runs? In the second playbook, I was creating playbook which pulls MISP feeds which I want to send to another solution. Since it...

Resolved! Playbook to search AD expired accounts and delete them

Hi,I am trying to create a playbook that1) Searches for expired accounts in AD2) Retrieves the sAMAccountName, Display name and expired date3) Delete the accounts 4) Sent an email notification with the details of the accounts deleted. I created the ldap query for the same and one factor was to get the current time to use in the query.There is a ...

Resolved! How to make indicators part of a TAXII server collection?

Hi, I configured TAXII Server v1 on Cortex XSOAR. I am trying to get understand the idea of collections. I wish to create a multiple collections within XSOAR so that when a taxii client polls for the list of collections, it can see the list and select on the indicators required. How do I make the indicators/threat report that are added to XSOAR ...

Tanium Threat Response "tanium-tr-alert-update-state" command update all alert status rather than specified alert

We are experiencing the weird behavior, where the "tanium-tr-alert-update-state" command update all alert status.The full command used is as below!tanium-tr-alert-update-state alert_ids=2267 state=resolvedI have updated the Tanium Threat Response V2 to latest verison 2.0.15Please help to look into it and let us know what is the solution.Thank you.

JOng39 by L1 Bithead
  • 2872 Views
  • 3 replies
  • 0 Likes

Resolved! Filenames with slashes not updating

Greetings,So I have been pulling rasterized images with the names of the URLs attached into XSOAR and attempting to pipe them into some ServiceNow tickets, but character restrictions are giving the system issues on what files to call during the upload process. The files are stored as the proper URL context, but filenames cannot have slashes in ...

MicrosoftTeams-image (3).png
MicrosoftTeams-image (4).png
MicrosoftTeams-image (5).png

Start playbook from API with own inputs

Hi all, I have problem and I would like please you for help.My target is, from API (via postman) run some playbook with own data. For example, call playbook, where I added into playbook Inputs property "Left". How I tried set $Input.Left from my API, there are free version in one, - in data, in args, and in inputs. Nothing works, $Input.Left is ...

Resolved! Assign owner to "current user" in playbook tasks

Hi, There is a playbook task at one of the early steps which asks analyst to start investigation or not. The below command let me change owner to command executer himself but i need this execution inside the playbook. When an analyst click "Yes" to previous mentioned task is it possible to run this command on behalf of analyst. I dont want to fo...

Resolved! how to use demisto-api-download in a Automation

I am trying to use the built in demisto-api-download autmation to download a file from our hosted xsoar instance I am struggling to figure out how to format my command in the automation. From the documentation these are the inputs : Arguments DescriptionuriRequest URIfilenameFile name of downloaddescriptionDescription of file entry demisto.execu...

kbratt by L1 Bithead
  • 6563 Views
  • 5 replies
  • 0 Likes

Resolved! Email Pre-Process not dropping email replies

I am attempting to use the Email Communication type to create email threads instead of new incidents when a reply is received. From what I understand you set a Proccessing-Rule based on type and then set "Run a script" to Pre-process email script. I have performed the test and it returns the incident will be created. In addition I have ensured t...

Auto-categorize Outlook Phishing Email

Hello guys,I'm currently trying to create a Playbook that auto-categorize already analyzed phishing email, let me explain :Here is the current process :1. An analyst tags an email as Phishing using Outlook categories in the main Email box2. Thanks to a macro, the email is being put in a phishing email folder in outlook Now, I'd like Cortex XSOAR...

benzer by L0 Member
  • 3233 Views
  • 3 replies
  • 0 Likes

Stopping "Docker service is down" notifications

Hi, XSOAR is giving us warnings everyday at 1pm. We are receiving the email below```System Diagnostics found 1 issue(s) and 0 warning(s). Issues: Docker service is down Warnings: None Review warnings and issues in the System Diagnostics page. View it on https://URL```We are running podman instead of docker (installation default). I raised a supp...

Resolved! SLA best practices

Hi, I want to set sla times per severity type but it seems xsoar bind sla's to incident type, so i think i need to start each sla per severity in playbook by testing severity it is nearly clear for me. But i am confused what type of SLA should i create , xsoar gives you flexibility to create custom sla duration lets say; response time, detect t...

Resolved! Different response page server

Hi, In a multitenant deployment i want to place the response page somewhere else from the "Host-tenant" machine lets say customer environment. And configure "External Host Name" to this new server which is accessible from customer local area. Regards.

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks