How many emails does the ML model need to be created? Note: This question was asked during our Customer Success Webinar: Phishing V3
Could you please indicate which parts are changed from v2 to v3 as you go through the new playbook? Note: This question was asked during our Customer Success Webinar: Phishing V3
Hello, I am attempting to configure an Ask Task to send one email only with no retries and an end by SLA condition. I have implemented the settings to no retries (default) and to end the task upon SLA Breach 6 hours. Once saving the playbook I see that the SLA Breach setting is returned to original state without being marked. This is a relative...
Hello team, I'm trying to use the extended context feature to keep only the data I'm interrested in and put them where I need them to be. The automation I'm using is infoblox-get-ip from Infoblox integration. Here is the output of the automation: I'm setting the following string in the Extended Context field (splitted on multiple lines for bette...
Hi, I was making 2 playbooks.In the first playbook, after creating the same I scheduled it as a job. Each time the job runs, it creates a incident case. How do I prevent the incident case from being created when the job runs? In the second playbook, I was creating playbook which pulls MISP feeds which I want to send to another solution. Since it...
Hi,I am trying to create a playbook that1) Searches for expired accounts in AD2) Retrieves the sAMAccountName, Display name and expired date3) Delete the accounts 4) Sent an email notification with the details of the accounts deleted. I created the ldap query for the same and one factor was to get the current time to use in the query.There is a ...
Hi, I configured TAXII Server v1 on Cortex XSOAR. I am trying to get understand the idea of collections. I wish to create a multiple collections within XSOAR so that when a taxii client polls for the list of collections, it can see the list and select on the indicators required. How do I make the indicators/threat report that are added to XSOAR ...
We are experiencing the weird behavior, where the "tanium-tr-alert-update-state" command update all alert status.The full command used is as below!tanium-tr-alert-update-state alert_ids=2267 state=resolvedI have updated the Tanium Threat Response V2 to latest verison 2.0.15Please help to look into it and let us know what is the solution.Thank you.
Greetings,So I have been pulling rasterized images with the names of the URLs attached into XSOAR and attempting to pipe them into some ServiceNow tickets, but character restrictions are giving the system issues on what files to call during the upload process. The files are stored as the proper URL context, but filenames cannot have slashes in ...
Hi all, I have problem and I would like please you for help.My target is, from API (via postman) run some playbook with own data. For example, call playbook, where I added into playbook Inputs property "Left". How I tried set $Input.Left from my API, there are free version in one, - in data, in args, and in inputs. Nothing works, $Input.Left is ...
Hi, There is a playbook task at one of the early steps which asks analyst to start investigation or not. The below command let me change owner to command executer himself but i need this execution inside the playbook. When an analyst click "Yes" to previous mentioned task is it possible to run this command on behalf of analyst. I dont want to fo...
I am trying to use the built in demisto-api-download autmation to download a file from our hosted xsoar instance I am struggling to figure out how to format my command in the automation. From the documentation these are the inputs : Arguments DescriptionuriRequest URIfilenameFile name of downloaddescriptionDescription of file entry demisto.execu...
I am attempting to use the Email Communication type to create email threads instead of new incidents when a reply is received. From what I understand you set a Proccessing-Rule based on type and then set "Run a script" to Pre-process email script. I have performed the test and it returns the incident will be created. In addition I have ensured t...
Hello guys,I'm currently trying to create a Playbook that auto-categorize already analyzed phishing email, let me explain :Here is the current process :1. An analyst tags an email as Phishing using Outlook categories in the main Email box2. Thanks to a macro, the email is being put in a phishing email folder in outlook Now, I'd like Cortex XSOAR...
Hi, XSOAR is giving us warnings everyday at 1pm. We are receiving the email below```System Diagnostics found 1 issue(s) and 0 warning(s). Issues: Docker service is down Warnings: None Review warnings and issues in the System Diagnostics page. View it on https://URL```We are running podman instead of docker (installation default). I raised a supp...
