Cortex XSOAR Discussions

Issue with Nutanix VM Creation for XSOAR v8.7 - "Boot Device Not Found"

Hello XSOAR Community,

I’m encountering an issue when deploying Cortex XSOAR v8.7 on a Nutanix environment. Every time I create a VM using the provided OVA file, the VM fails to boot and displays the error:

“Boot device not found. Please install an o

...

SQL results into layout

Hi ,

I’m running a playbook that generates multiple SQL results. What are the best practices for displaying these effectively in the incident layout? Should I use Markdown, custom sections, or widgets? Any tips for handling this?

Thanks!

XSOAR Feature Request

Hello all xsoar enthusiasts,

There is a FR that helps us to make xsoar a better place for MS Defender integration. Please upvote this FR here: Add Microsoft Sentinel | Cortex XSOAR Customer Feature Request

FR Description:
Palo Alto offers a range of

...

ServiceNow Developer looking for ideas

Hello all,

I am a ServiceNow developer that is assisting a user that is using the XSOAR integration. The user is using the XSOAR application to run queries on my SN instance, but is not getting any results. I have checked his API account and

...

Child Incident Evidence In Parent

Hello!

I need to mark some child incident entries as notes and evidence in the parent incident.

I have found ways in which you can pass the entries to the parent and then mark them as note/evidence in the parent. However, I would like to have an auto

...

Build transformer with execute.command()

Hello,

I'm trying to build a transformer that given a IP gives back the reverse dns. However, it seems that using commands in transformers is not allowed. Am I wrong?

Resolved! How to Copy Incident Files from Linked Incidents

Hello Live Community,

I am working on a use-case that requires me to copy incident files of any kind from within linked incidents and copy them to the main incident to be saved as evidence. I have tried the getentries command but an entryID does not

...

How to Automatically Send an Email When an Incident is Created in XSOAR?

Hello,

I want to automatically send an email whenever an incident is created in XSOAR. I’ve created a playbook and written a simple script that sends an email for a specific incident when executed within the playbook.

However, I’d like to automate th

...

Remove apps with Playbook XSOAR XDR

I would like to know about your experience. How do you handle uninstalling software on specific devices that are not allowed and need to be removed via Cortex XDR with Cortex XSOAR Playbooks without the user see the uninstall.

Web File Repository Integration error "Failed to execute wfr-status command"

Hi,

Anyone encountered the following error when executing "wfr-status"?

Command:

!wfr-status(Web File Repository)

Reason

Failed to execute wfr-status command. Error: Verify that the server URL parameter is correct and that you have ac

...

Resolved! About XSOAR Free Edition Licenses

Dear All,

I installed the free version of XSOAR.
However, when I installed XSOAR after the 30-day free license period, the license was not applied properly when I applied the license file.

Can I get the free license again by applying again from th

...

Resolved! Field Change Script To System Fields

Hey Community
Did anyone ever attach a field change trigger script to a system field?

I guess it can't be done directly but is there a work around?

Also, is there a way to run a script as soon as incident is created

Cortex XSOAR

Resolved! Can XSOAR disk space vary automatically?

Hi everyone! I hope you're doing well. I wanted to ask something: Is it possible for the disk usage on my XSOAR to sometimes be at 60% and other times drop below that number? I mean, without me taking any action, can the disk space percentage decreas

...

CSOAR Pre processing rule with scheduled jobs

How can we set the preprocess rule to drop any incidents created by schedule jobs?

For example: any incident category=job and some incident field like description contains "False". The playbook in schedule Job, will run some tasks and condition and

...

Securonix

Can someone help me? I have created an instance in the Securonix integration but I want to fetch incidents but I do not get the alerts from my SIEM SECURONIX. It should be noted that the user and everything is correct. But I would like to know if any

...

Discussions

Issue with Nutanix VM Creation for XSOAR v8.7 - "Boot Device Not Found"

SQL results into layout

XSOAR Feature Request

ServiceNow Developer looking for ideas

Child Incident Evidence In Parent

Build transformer with execute.command()

Resolved! How to Copy Incident Files from Linked Incidents

How to Automatically Send an Email When an Incident is Created in XSOAR?

Remove apps with Playbook XSOAR XDR

Web File Repository Integration error "Failed to execute wfr-status command"

Resolved! About XSOAR Free Edition Licenses

Resolved! Field Change Script To System Fields

Resolved! Can XSOAR disk space vary automatically?

CSOAR Pre processing rule with scheduled jobs

Securonix

A Few Quick Questions About the Community Edition

How to work on File Content collected from Azure blob in Playbook

Powershell Modules in Xsoar Cloud

Azure Active Directory users - Incorrect padding

XSOAR 8 + Export Data to On-premise for Retention Compliance

Re: XSOAR - Transform Language

Re: How to work on File Content collected from Azure blob in Playbook

Re: How to work on File Content collected from Azure blob in Playbook

Re: Powershell Modules in Xsoar Cloud

Re: XSOAR - Question Regarding Incident Tasks

Unlock your full community experience!

Resolved! How to Copy Incident Files from Linked Incidents

Resolved! About XSOAR Free Edition Licenses

Resolved! Field Change Script To System Fields

Resolved! Can XSOAR disk space vary automatically?