This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Question from "Dev to Prod" Webinar - restructuring and creating directories for content items

Has there been any consideration into restructuring and creating directories for the various content items vs the current strategy of everything going into a flat list? When you get to a point where there is a lot of content it becomes very burdensome to look at content files within Gitlab **Note: this is a question from our CS Webinar: Dev to...

rtsedaka by L6 Presenter
  • 1711 Views
  • 1 replies
  • 0 Likes

Integrating Palo Alto XSOAR or leveraged any other API integration with any of the following next-gen firewalls: Checkpoint Smart Log, Fortinet, a

Has anyone tried integrating Palo Alto XSOAR or leveraged any other API integration with any of the following next-gen firewalls: Checkpoint Smart Log, Fortinet, and Cisco firewalls for running automated searches for IOCs such as IP addresses, URLs from Threat Intel sources, etc. in logs? I would appreciate your sharing how you went about it. Th...

JideAj by L1 Bithead
  • 3695 Views
  • 3 replies
  • 0 Likes

QRadar API get assets query

Does anyone know with QRadar Integration: "qradar-assets-list"This retrieves information such as The above asset (1278) has vulnerabilities and 2 products installed, but it only provides me with a vulnerability count and product IDs.1. How do I query what those products are or what those vulnerabilities are?2. I was exploring using the "https...

jboyd98_1-1651156469974.png
jboyd98 by L2 Linker
  • 3775 Views
  • 4 replies
  • 0 Likes

Resolved! Integration - Referencing Input from previous automation

Hey there. I have what I believe to be a python syntax question. We have a playbook with two automations. The first downloads a file, which is successful. The first automation has an output of the EntryID. The second automation needs to use the entryID to get the file that was just downloaded it and perform some tasks. Finally the question; What...

Tripper_0-1651263192113.png
Tripper_1-1651263192116.png
Tripper_2-1651263192118.png
Tripper by L1 Bithead
  • 4554 Views
  • 4 replies
  • 0 Likes

how to get incident xdr my endpoint only in xsoar

I successfully configured and integrated xdr into Xsoarbut in xsoar incidents page it gets all common incidents from XDR but i need to get only my own endpoint user incidentthere is a filter option in the xdr incident to use and check your own end user, check the results, but what about xsoar?How can i do this? Should I change the classification...

Screen Shot 2022-04-25 at 10.28.19 PM.png
Screen Shot 2022-04-26 at 12.03.31 AM.png

Cortex XSOAR integration

Hi, I want to poll for Status that is nested under Results. See below example :I have this output when running the command tn-get-question-resultTanium.QuestionResult{"QuestionID": "455036","Results": [{"ComputerName": "WIN-KBR5CNLJK52.icdc-caas.local","Count": "1","ID": "1","ParentStatus": "Complete","Status": "Complete, All Patches Applied"}],...

LStanley by L0 Member
  • 3582 Views
  • 3 replies
  • 0 Likes

Resolved! ServiceNow pulling rasterized images

Hey all, I am having trouble getting the SN integration to pull the rasterized images into a SN ticket with the 'servicenow-upload-file' automation. I've tried to just upload all .png which seems to skip the rasterized images. Also trying to pull files based on tags given through rasterization doesn't seem to work earlier. Has anyone had suc...

Resolved! Sumo Logic integration error: This operation is not allowed for your account type

Hi all, the integration with Sumo Logic failed to work and now I get the error: 2022-04-22 12:41:51.3031 error Could not fetch incidents from SumoLogic instance : SumoLogic_instance_1 [error 'Script failed to run: Status: 403ID: WOXBU-A2PLF-BUHRTCode: forbiddenMessage: This operation is not allowed for your account type. at doReq (script:26:27(1...

Resolved! Error while closing incident

Hi!we are testing XSOAR on a local VM. We have created several incidents via an integration with our Threat intel solution.When we are going to close an incident.. it doesn't close! We get no error from the UI. If we go to the VM console, from /var/log/demisto/server.log we can see this error: We have no idea how to troubleshoot this... Could yo...

migueltubia_0-1650377850811.png

ip list retention

Hi, In our environment we have a list to hold ip addresses with comma seperated format, how can we provide data retention for each ip addresses within the list. Regards.

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks