This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Creating Multiple Widgets on Layout to Show Different Images

Hello,I have multiple screenshots from various tasks in the playbook such as Rasterize among others from a Sandbox Integration. I would like to make individual widgets on the Layout that can display these Image Files Separately. 1. Can the images be displayed in different Widgets such as through !setincident... from a playbook level ?2. Can the...

trying to return raw output vs formatted

!py script=`return_results(demisto.executeCommand("azure-sentinel-list-incident-entities", {"incident_id":"xxxxxxx-xxxxxx-xxxxx"}))`The above works and turns in human readable format; however i want to return the raw json. This works:!azure-sentinel-list-incident-entities incident_id=xxxx-xxxx-xxxx raw-response=true However this does not: !py sc...

JoshBoyd by L2 Linker
  • 3699 Views
  • 3 replies
  • 0 Likes

Resolved! Xsoar Twitter Entegration

Hi Everyone, We try to use twitter api on XSOAR.We created instince and try to test connection and get error: AttributeError: 'Client' object has no attribute 'say_hello' Anyone saw this error? Thanks for helps.

sentinel integration, azure-sentinel-update-incident, not able to set to active

I can close an azure incident in xsoar war-room with the following:!azure-sentinel-update-incident incident_id="xx-xxxxx-xxxxx" status="Closed" classification="Undetermined" However when i try to re-open the incident in azure from war-room with the following i get the subsequent error:!azure-sentinel-update-incident incident_id="xx-xxxxx-xxxxx" ...

jboyd98 by L2 Linker
  • 3122 Views
  • 2 replies
  • 0 Likes

Resolved! Is it possible to use nested variables in XSOAR?

Hi all,A customer of ours is trying a curious thing and I am not sure if it is possible in general, so I guessed the best way would be to ask right away. Our customer created a XSOAR list, that contains a html string with context data variables in it, like ${testinput}.In a playbook with test incidents he has set the key (e.g. ${testinput} = "te...

araka by L1 Bithead
  • 4190 Views
  • 2 replies
  • 0 Likes

Resolved! XSOAR Qradar Ingestion

I am attempting to ingest Qradar into the XSOAR using the Integration. I need to pull custom fields from the SIEM and what I need to understand is as follows;Is it preferable to pull these fields within an AQL Search at the playbook stage ?Or is it preferable to pull these fields from Qradar Integration setting ? The use case is as follows;I am...

Search in XSOAR for Timers (active incidents)

Hi allI would like to search in Cortex XSOAR for running timers that exceed a certain time. I tried it but it didn't worked out.It should work like this that I can search for an timer (in this case detectionsla the total duration) and afterwards it should show all INC that are still running (active) where the decetion sla is over 16 hoursWhile r...

Bildschirmfoto 2022-02-19 um 12.27.02.png
Bildschirmfoto 2022-02-19 um 12.32.04.png
lslschr1 by L0 Member
  • 2687 Views
  • 1 replies
  • 0 Likes

Resolved! conditional check if Azure Entities command returns with "No entries."

Any thoughts on why this is failing; this always returns Entries Found regardless if there are entities or not. You can see in the screenshot above there are 0 results, no entries. When I run this script, you'll see the screenshot below. ------Script------##Check Sentinel for entities, if none, write a message to war roomexternal_id=demisto.inc...

jboyd98_0-1644547225732.png
jboyd98_2-1644547571215.png
jboyd98 by L2 Linker
  • 2519 Views
  • 1 replies
  • 0 Likes

Resolved! ReadPDFFile V2 gives error when reading PDF file

Hi everyone, I was trying to make a playbook to extract indicators (Hash values, domains, IP addresses) from a PDF file. I tried to use the ReadPDFFile V2 utility, however it gives the below error on 2 of the PDF files I tried. Command: !ReadPDFFileV2 entryID="29@14" maxImages="20" auto-extract="inline"(Scripts)ReasonCould not load pdf file in E...

setIncident for single select type

This command works:demisto.executeCommand('setIncident', {'summary': "test"})`Note: summary is a custom field of text. This fails:demisto.executeCommand('setIncident', {'sentinelclosereason': "JOSH"})The only difference I can see is that sentinelclosereason is a SingleSelect type instead of free text. Is there any notes on how to set a value for...

jboyd98 by L2 Linker
  • 3044 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR Trigger off reopen incident / close incident

Onboarding to a new company.No post processing on incident type (azure sentinel).When a ticket is closed on the close form, we have a custom "Azure Closure Reason" and "Classification Comment"; based on this we have a script(CloseSentinelCase) that triggers when "Azure Closure Reason" is modified. This script sets the "Close Reason" based on th...

jboyd98 by L2 Linker
  • 8657 Views
  • 5 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks