Cortex XSOAR Discussions

Resolved! Fetch RSA NetWitness incidents

Hello Guys,

I'm trying to fetch RSA incidents, using RSA NetWitness v11.1 integration, but the error "get_token failed with status: 401
(85)" appears, when I try to make the connection between the systems.
Has anyone managed to integrate the two platfor

...

New Dashboard Option Missing

Hi

I am currently experiencing an issue with an XSOAR instance on version 6.1 the option to create a new dashboard is not on the Dashboards Tab in the home screen, I wonder does anybody have any idea what may have happened ?

Cortex XSOAR: Tenable.sc Service: How to add a schedule

Hello all

We are using Cortex XSOAR Version Version 6.0.0; Build 79522 and having problems to generate a valid schedule for a Tenable.SC, Command "tenable-sc-create-scan"

If I enter one of the pre-defined options, like "Ical" I do get error back:

Erro

...

Pre-process rule doesn't work

Hello all,

We want to create a pre-process rule to drop all Phishing incident without [Phish Alert] inside the email subject.

We're creating the following rule

type equals Phishing AND emailto equals test@test.ts AND emailsubject contains [Phish Aler...

Incident classification considering multiple fields

How can I classify an incident while taking multiple fields into consideration?

Let's say I have a list of numbers. Whenever an incident is registered I would like to check whether the value of Field A is in that list, if Yes, then classify by Field A

...

Avoid empty returns

Hello All

In my Playbook I run into an issue with empty returns.

My Playbook requests Cherwell with several hosts in an array: ["server-A","server-B"]

In Cherwell, "server-B" does not exist, so I do see that in the "Result Tab" of the Task, but the Out

...

Xsoar: Retrieve file which has been quarantined by Cortex XDR

Hello Guys,

I'm trying to retrieve a file that has been quarantined by Cortex XDR using an XSOAR playbook. I trace the Action ID in XDR but I always find it failing. However, it's always working for non-quarantined files.

I need to retrieve the file

...

Resolved! Wildfire Reports missing URL

Hello all

I did some PDF-Requests to Wildfire and getting Info back as xml.

One of those reports are marked as "Malicious" but I do not see, what/why it is Malicious.
So I've investigated and did a curl extract of the sha265 Wildfire Request.

And look

...

Does XSOAR support IPv6 ?

Hi all,

I'm searching in the documentation if xsoar is supporting IPv6 or only 4. But I cannot find info. Can you help?

Resolved! Adding endpoint list to an AD group

Hi,

I am currently building a new PlayBook and in one part of that PlayBook, I am trying to add computers, in an XSoar List, to a specific AD group.

- I Created a List that contains 2 endpoints separated with a comma ","

- My Playbook is using the Act

...

Resolved! Creating a table with SetGridField

Hello, I am having issues with creating a table using the SetGridField script,

I am not sure how to filter/transform several keys at one time. anyone that can give an example please?

Resolved! [XSOAR] rasterize output during playbook

Hi all,

I'm new in using XSOAR,

in a playbook I'm using the rasterize of a URL

now I'd like to put a conditional step where I check if the rasterize is not successful (e.g. the url does not exist)

How can I check that?

War room: View full content in a new tab. Output in column instead of row

Hello

If we press in the war room output to " View full content in a new tab" then the output is a table - and everything in one row.

Is it possible to get the output in columns?

Even csv is all in one row...

so, instead first row with description, pu

...

Cortex XQL searches in XSOAR - how to?

Hi, I am trying to integrate more and more XSOAR into my environment.

I would like to be able to do XQL searches on xdr dataset, but I can't find a way to do that.

I have Cortex Data Lake integration, but is seems to cover only logs from firewalls.

Thx

...

Cortex XDR Halt Playbooks?

So we're utilizing XDR Prevent (not Pro) here. Appears to be all the preparation on PAN's site is carefully equipped towards the Proform, and Github hasn't been exceptionally productive.

I'm contemplating whether anybody has any playbooks or work pro

...

Cortex XSOAR Discussions

Discussions

Resolved! Fetch RSA NetWitness incidents

New Dashboard Option Missing

Cortex XSOAR: Tenable.sc Service: How to add a schedule

Pre-process rule doesn't work

Incident classification considering multiple fields

Avoid empty returns

Xsoar: Retrieve file which has been quarantined by Cortex XDR

Resolved! Wildfire Reports missing URL

Does XSOAR support IPv6 ?

Resolved! Adding endpoint list to an AD group

Resolved! Creating a table with SetGridField

Resolved! [XSOAR] rasterize output during playbook

War room: View full content in a new tab. Output in column instead of row

Cortex XQL searches in XSOAR - how to?

Cortex XDR Halt Playbooks?

Missing button scripts from content packs

Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

Default Field Mapping in QRadar Content Pack 2.5.7 on XSOAR 6.12

Field Change Script To System Fields

How to Copy Incident Files from Linked Incidents

Re: Missing button scripts from content packs

Re: Editing custom content via XSOAR UI and local PC

Is there a way to obtain Cortex XSOAR community edition

Re: Extracting fields from Context/JSON in Playbook

Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Unlock your full community experience!

Cortex XSOAR Discussions

Resolved! Fetch RSA NetWitness incidents

Resolved! Wildfire Reports missing URL

Resolved! Adding endpoint list to an AD group

Resolved! Creating a table with SetGridField

Resolved! [XSOAR] rasterize output during playbook