This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Automation "Remove From List" error

Hi, One of my playbook includes a removefromlist automation but sometimes this step gives the error below, if this step is rerun without any change everything is ok. Do you have any idea why it needs to be rerun sometimes and any ideas about this error ? [DB Version '244586' and Insert version '244585' do not match for id: IP_LIST on bucket [] ...

Resolved! Do content pack updates require downtime

I need to update my QRadar Content Pack which also requires X dependencies be upgraded.What is best practice for content package upgrades?Is it as simple as installing from marketplace or do we have to run a sync after or cycle demisto after?Other than reverting to the previous version is there any other precautions you take like taking a fresh ...

jboyd98 by L2 Linker
  • 2382 Views
  • 1 replies
  • 0 Likes

Resolved! Blueliv integration error

Hi! we are testing XSOAR capacities. For testing purposes, we are creating an integration with our intel solution, Blueliv:https://xsoar.pan.dev/docs/reference/integrations/blueliv-threat-compass When fetching it returns an error. From the mapping editor we get this:>The request sent by the client was syntactically incorrectWe think that is s...

Resolved! Do I have to set Server Configurations per tenant?

Example:https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-5/cortex-xsoar-admin/docker/docker-hardening-guide/run-docker-with-non-root-internal-users#idb5fe7d70-f021-4270-a328-7439d5574723 I set this on the main account and sync'd all accounts.However I noticed this wasn't set on on the configuration page of a tenant after.I ran the !Docker...

jboyd98_0-1649698693248.png
jboyd98 by L2 Linker
  • 2564 Views
  • 2 replies
  • 0 Likes

Resolved! error 'Missing required field: 'owner' when uploading / creating incident via json

Trying to export a ticket from PROD into DEV.To test I exported a ticket in DEV as a json using this in the playground.!azure-sentinel-get-incident-by-id incident_id="c5dc30e5-6981-4cb0-9895-66967fc3f2e9" raw-response="true"(saved as json) Then n DEV, i tried importing the json per the following instructions:https://docs.paloaltonetworks.com/cor...

jboyd98 by L2 Linker
  • 7989 Views
  • 10 replies
  • 0 Likes

Application Unreachable

Hello,I am having issues working with the Automation Menu. When opening the menu I receive the error "Application Unreachable".It appears a few times yet I am still able to access the automation that I need. What is the reason why I am receiving this error and what is the solution. ThanksCortex XSOAR

XSOAR RSS integration not fetching updated feed content

We have configured the RSS integration in the community supported RSS content pack (https://xsoar.pan.dev/marketplace/details/RSS) to ingest CISA NCAS alerts as incidents for our threat intel teams to investigate. This is using the public feed at https://www.cisa.gov/uscert/ncas/alerts.xml . The integration appears to fetch incidents correctly...

MWeir by L0 Member
  • 2217 Views
  • 1 replies
  • 0 Likes

QRadar Integration Magnitude Query not returning expected results

Got a QRadar integration. It's suppose to pull back offenses with magnitude > 4 However, our metrics are much higher than what the client expects.When reviewing this case got pulled into XSOAR:However, when exporting QRadar, the incident has the following: In the second column you can see magnitude has a value of 2; so in theory I don't think...

jboyd98_0-1648657803907.png
jboyd98_1-1648657953036.png
jboyd98 by L2 Linker
  • 3371 Views
  • 3 replies
  • 0 Likes

Alerts are not fetched within time from QRadar

Hello Everyone, Yesterday, I have observed delayed in offenses which comes from QRadar into XSOAR. I am confused with this type of behavior from XSOAR. Offense which is triggered in QRadar : 29-03-2022 23:00PMSame offense/Alerts is created in XSOAR : 30-03-2022 03:00AM Please check and suggest anything with respect to configuration and all. Cort...

Priyash7 by L0 Member
  • 2283 Views
  • 1 replies
  • 0 Likes

Resolved! Incidents Mass / Multiple "Close" button, field trigger script

Workflow:From the Incidents page / table, select multiple incidents.Click the "Close" button that allows closing multiple incidents at one time.My close form comes up. I have a field trigger script on one of the fields.It doesn't look like that field trigger script is running for any of the incidents selected. For the field trigger script, does...

JoshBoyd by L2 Linker
  • 8749 Views
  • 7 replies
  • 0 Likes

Resolved! ScriptA not calling ScriptB as expected

I have some automation that I'm working on and I am not seeing the expected results. I broke the script down into the following simple version. ScriptA which is:demisto.executeCommand("ScriptB", {})ScriptB which is:return_results("ScriptB Called")when I run ScriptA, is there a reason ScriptB would not write to the war room?

jboyd98 by L2 Linker
  • 3375 Views
  • 3 replies
  • 0 Likes

Splunk custom index not getting incident in xsoar

I am using splunk 60 day free trial non-enterprise edition and created a new custom index in splunk and manually added a sample event csv format file in the new index and all date is 2 days ago sample datasplunk integration with xsoar does not generate any incident, is there a configuration and timestamp problem?

Screen Shot 2022-03-11 at 1.33.40 PM.png
Screen Shot 2022-03-11 at 1.34.28 PM.png
Screen Shot 2022-03-11 at 1.37.39 PM.png

XSOAR test/free license - Paloalto ignoring a request from customer

I have tried to request test/free license of XSOAR using web form - (https://start.paloaltonetworks.com/sign-up-for-community-edition.html). Completely ignored. Then I asked for support - they pointed out to local rep. Local rep can do nothing, they claimed that it seems that PA do not issue that license for European countries. We have been lon...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks