Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Resolved! A question from the Phishing V3 webinar: Investigation

It does within an isolated container. We use XSOAR to investigate all kinds of malicious content and it is designed for it - Can we get more information on this? Is it the hardening of Docker ? or others? Note: This question was asked during our Customer Success Webinar: Phishing V3

rtsedaka by L6 Presenter
  • 2599 Views
  • 1 replies
  • 0 Likes

Error (July 1, 2022 2:50 PM) Script failed to run: "docker images demisto/python3:3.9.8.24399" with error "exec: "docker": executable file not found i

I am getting an error like this when i add instance while integration cortex x soarError(July 1, 2022 2:50 PM)Script failed to run: "docker images demist o/python3:3.9.8.24399" with error "exec: "docker": executable file not found in $PATH" and output "" (2617) (2603)

Sending only one email for an Ask Task

Hello, I am attempting to configure an Ask Task to send one email only with no retries and an end by SLA condition. I have implemented the settings to no retries (default) and to end the task upon SLA Breach 6 hours. Once saving the playbook I see that the SLA Breach setting is returned to original state without being marked. This is a relative...

Resolved! Unable to retrieve output value while using extended context

Hello team, I'm trying to use the extended context feature to keep only the data I'm interrested in and put them where I need them to be. The automation I'm using is infoblox-get-ip from Infoblox integration. Here is the output of the automation: I'm setting the following string in the Extended Context field (splitted on multiple lines for bette...

screen1.png
screen3.PNG

Resolved! How to prevent IOCs and Incident Cases from being created when running playbooks

Hi, I was making 2 playbooks.In the first playbook, after creating the same I scheduled it as a job. Each time the job runs, it creates a incident case. How do I prevent the incident case from being created when the job runs? In the second playbook, I was creating playbook which pulls MISP feeds which I want to send to another solution. Since it...

Resolved! Playbook to search AD expired accounts and delete them

Hi,I am trying to create a playbook that1) Searches for expired accounts in AD2) Retrieves the sAMAccountName, Display name and expired date3) Delete the accounts 4) Sent an email notification with the details of the accounts deleted. I created the ldap query for the same and one factor was to get the current time to use in the query.There is a ...

Resolved! How to make indicators part of a TAXII server collection?

Hi, I configured TAXII Server v1 on Cortex XSOAR. I am trying to get understand the idea of collections. I wish to create a multiple collections within XSOAR so that when a taxii client polls for the list of collections, it can see the list and select on the indicators required. How do I make the indicators/threat report that are added to XSOAR ...

Tanium Threat Response "tanium-tr-alert-update-state" command update all alert status rather than specified alert

We are experiencing the weird behavior, where the "tanium-tr-alert-update-state" command update all alert status.The full command used is as below!tanium-tr-alert-update-state alert_ids=2267 state=resolvedI have updated the Tanium Threat Response V2 to latest verison 2.0.15Please help to look into it and let us know what is the solution.Thank you.

JOng39 by L1 Bithead
  • 2985 Views
  • 3 replies
  • 0 Likes

Resolved! Filenames with slashes not updating

Greetings,So I have been pulling rasterized images with the names of the URLs attached into XSOAR and attempting to pipe them into some ServiceNow tickets, but character restrictions are giving the system issues on what files to call during the upload process. The files are stored as the proper URL context, but filenames cannot have slashes in ...

MicrosoftTeams-image (3).png
MicrosoftTeams-image (4).png
MicrosoftTeams-image (5).png

Start playbook from API with own inputs

Hi all, I have problem and I would like please you for help.My target is, from API (via postman) run some playbook with own data. For example, call playbook, where I added into playbook Inputs property "Left". How I tried set $Input.Left from my API, there are free version in one, - in data, in args, and in inputs. Nothing works, $Input.Left is ...

  • 1305 Posts
  • 45 Subscriptions