Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Task "jira-edit-issue" can not handle arrays in "Description"-Filed (with solution)

HelloI had an issue with an array for several tickets in jira-edit-issue and there in the field "Description".the problem was, that I had several outputs from an other Task.So, the array "output.color": contains:[{"Color":"blue"},{"Color":"green"},{"Color":"red"]Now I had three Jira-Tasks to update.First ticket with following content in the "Des...

Cortex XSOAR Mobile App Demo

In this demo, we show you how to get up and running with the Cortex XSOAR mobile app and how to use some of the most popular features, including: DashboardsIncident summary and several IR capabilitiesView and complete tasksWar Room chat(function() { var wrapper = document.getElementById('lia-vid-6195937855001w1004h540r711'); var videoEl = wrap...

afiedler by L4 Transporter
  • 3191 Views
  • 1 replies
  • 0 Likes

Cortex XSOAR 5.5 Required Upgrade

This announcement applies to all customers currently running a version of Cortex XSOAR 5.5 older than (B78409) and that use the API, Splunk App, or SumoLogic to push incidents to XSOAR. We identified an issue in these releases that when pushing incidents from the API, Splunk App, or SumoLogic during a server restart, the incidents might be corru...

afiedler by L4 Transporter
  • 2745 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR CentOS 8 unsupported

We are running a multi tenant xsoar server and I noticed that we are using CentOS 8 Linux which reached End of Life recently. There is also the stream version of CentOS8. For this version the EOL date is May 31st, 2024. I am slightly confused as it says in the xsoar administrator's guide centos8 is unsupported because it reached EOL. Should I do...

Resolved! Azure AD Identity Protection Integration custom filter

I have the AZ AD Identity Protection integration setup and working, but I am trying to get some custom filters to work without much luck. Does anyone have an example of what OData queries are relevant with this integration? Would like to be able to filter_expression to something like risklevel=high but everything I try comes back with a "Invali...

kbratt by L1 Bithead
  • 3337 Views
  • 2 replies
  • 0 Likes

XSOAR Opsgenie integration

How do I get the api token/key for opsgenie to use in xsoar instance. Opsgenie settings gives me an api key while saving, but the api throws an incorrect key format error. Also, there is no native inbuilt integration in opsgenie for xsoar to directly generate a key

Resolved! Unique names for rasterized images into ServiceNow

Greetings,I am pulling in rasterized images into ServiceNow from URLs, and ideally I'd like to name them the URL they are pulled to eliminate some confusion. But I am not seeing a good way to do this, I have tried adding "URL${inputs.URL}" to the filename in the rasterize automation, but it appends every URL that was pulled into the filename, a...

Resolved! setting multiple values in subkeys

Hi, I have a seemingly simple task which i can't figure out how to handle. I want to import a csv file in the context, having column names as the subkeys. And then I want to get rid off some excessive subkeys/columns.My steps are:1. upload a file from file share using smb-download - SUCCESS2. Import file in the context keys using ParseCSV automa...

Antanas by L2 Linker
  • 4738 Views
  • 3 replies
  • 0 Likes

About Fetch Incidents interval

Hi All, I am new to Cortex XSOAR. I have one question. lets say we are fetching the incidents for any specific time interval and now considering SOAR recommended fetch limit of 200 Incidents per fetch, there can be situation when we might have more than 200 incidents and in this case we will have backlog of these remaining incidents for next fet...

AChawale by L0 Member
  • 2638 Views
  • 1 replies
  • 0 Likes

Multiple Checkpoint instance add-host issue

Hi, There we have 2 different CP-FW instance running but in block playbook we are unable to block 1 ip address for 2 CP-FW instance. It gives (unauthorized 401 - session expired) error. In case of single instance deployment same playbook works with no error.

Resolved! Is a query result a lit or or a dict?

Hey there, Running a query - current_unique_IDs = demisto.executeCommand("query", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL"}) when i execute - demisto.results(type(current_unique_IDs) I get But when i try list functions it says it is a dict. but when i try to do dict functions I get a non hashable error. I want to ...

Tripper_0-1651598898339.png
Tripper_0-1651599849700.png
Tripper by L1 Bithead
  • 5308 Views
  • 6 replies
  • 0 Likes
  • 1305 Posts
  • 45 Subscriptions