This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

error Couldn't calc cores number [error 'open /proc/stat: too many open files']

Recently had some performance problems reported from my xsoar users.Found a tenant crashing. Upon investigating I found the following error in the logs:App03 host:error Couldn't calc cores number [error 'open /proc/stat: too many open files']error Couldn't calc cores number [error 'open /proc/stat: too many open files'] I set this on APP03 las...

jboyd98_0-1646331590341.png
jboyd98_1-1646331827555.png
jboyd98_2-1646331889270.png
jboyd98 by L2 Linker
  • 2110 Views
  • 1 replies
  • 0 Likes

Default Admin Account sees more tenants where is SSO Administrator does not

Any thoughts on this -I use my SSO account which is an is in the Administrator role.I see 23 tenants. No filter on.My default admin account which is also in the administrator role shows 36. The tenants my SSO account seems to be missing seem are ones that are stopped (older accounts). Incognito window doesn't make a difference, tried hard relo...

jboyd98_1-1646679096093.png
jboyd98_0-1646679032918.png
jboyd98 by L2 Linker
  • 2036 Views
  • 1 replies
  • 0 Likes

Demo Data / Incidents

For purposes of demo'ing / mocking data for testing; how do you handle that.... Curious is there any import function to mock up incident data within XSOAR?

jboyd98 by L2 Linker
  • 2899 Views
  • 2 replies
  • 0 Likes

Resolved! XSOAR Qradar Integration Set Range Limit

Hi,I succeeded XSOAR integration with Qradar. But I keep getting timeout warnings. I solved this problem by entering parameter "--env=REQUEST_TIME OUT=1500". But I caught that the real problem is in the query. To give an example of this, I enter the first integration query as "status='OPEN' and id > 13061". Then XSOAR automatically changes th...

Using IsRFC1918Address check on context in condition task

Hi, I'm trying to use the condition to check if incident.destinationip is an public IP. But when selecting from context incident.destinationip and then IsRFC1918Address you need to fill in something in the right side. I checked the automation script and that should return True or False. But When testing the condition it always returns not matchi...

KevinThys_1-1646323874844.png

Resolved! Docker running as non-root, but hardening script fails?

Relatively new admin to XSOAR; previous admin has left.Just completed upgrade to latest 6.5 version.Could anyone help me understand the following:I have a service account that seems to run xsoar demisto server containers; used ps-ef|grep demisto and return a number of containers; "demisto" is the user below.demisto 32710 3808 0 10:56 ? ...

jboyd98_0-1646331218200.png
jboyd98 by L2 Linker
  • 3420 Views
  • 2 replies
  • 0 Likes

[error 'open /proc/stat: too many open files']

Recently had some performance problems reported from my xsoar users.Found a tenant crashing. Upon investigating I found the following error in the logs:App03 host:error Couldn't calc cores number [error 'open /proc/stat: too many open files']error Couldn't calc cores number [error 'open /proc/stat: too many open files'] I set this on APP03 las...

jboyd98_0-1646333459707.png
jboyd98_1-1646333459832.png
jboyd98_2-1646333459708.png
jboyd98 by L2 Linker
  • 3527 Views
  • 2 replies
  • 0 Likes

Resolved! X out of X accounts returned an error during a multi-account request

Seeing the following every multiple times a minute in my server.log Note i replaced the host with <host> error Some requests to accounts failed for incidents export [error '2 of 18 requests to accounts failed! failing accounts are [acc_Dem01,acc_DemistoTest][HTTPResponse accountURI:https://<host>:443/acc_Dem01/incident/batch/exportTo...

jboyd98 by L2 Linker
  • 3952 Views
  • 1 replies
  • 0 Likes

Resolved! Field Trigger Script / Broswer Caching Issue?

I have a field trigger script on dbot status changing; essentially updating a custom field to nothing if the an incident is re-opened. if field=="dbotStatus" and old=="Closed" and new=="Active" and incidentType=="Azure Sentinel":demisto.executeCommand("setIncident", {'customFields': {"sentinelclosereason": ""}}) This seems to work as the previou...

jboyd98_0-1646165018375.png
jboyd98_1-1646165158523.png
jboyd98_2-1646165399027.png
jboyd98 by L2 Linker
  • 2587 Views
  • 1 replies
  • 0 Likes

Error trying to move an account to a different host

We have a MT XSOAR deployment, and I need to move a created account that is on the main host to a different one, when I try to move the account I get the error "Account acc_XXXX could not be moved to HOST because address phoenix.scilabs.mx: missing port in address" Why is this happening?

Captura de pantalla 2022-02-23 123157.jpg
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks