This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

How to search for multiple attributes with MISPv3 integration

We have not been able to search for multiples values in the XSOAR MISPv3 integration with the command: !misp-search-attributes I got some tips from the community but it does not seem to work either !misp-search-attributes value=`${list.['8.8.8.8', '4.4.4.4']}` This integration is using pymisp i think, and it should be possible to pass an a...

How to sync status updates in ServiceDesk Plus?

I'm currently using ServiceDesk Plus and I would like to sync the status of requests automatically. Is there a built-in way to configure this behavior, or do I need to use custom scripts?Any advice or documentation would be really helpful. Thanks in advance! #servicedesk #servicedeskplus #xsoarintegration

Remote Repository Errors

I am trying to configure a private remote repository in our Cortex XSOAR 8 development instance. I have tried both on-prem GitHub server using an engine as well as github.com direct from the console but either way gets the same error: "VC: failed to push branch: exit status 128 send-pack: unexpected disconnect while reading sideband packet Con...

J.McGurk by L0 Member
  • 760 Views
  • 0 replies
  • 0 Likes

Resolved! A Few Quick Questions About the Community Edition

Hello All, Disclaimer: I am a huge XSOAR admin user at work, and was hoping for a community edition that I could run in my lab even if it is slightly limited. Is it OK to just run the Community Edition of XSOAR? Once I start my 3 day trial and it runs out, just how bad of an experience is it? What exactly gets turned off? Regards, Jeff

Copying directories on an SMB share.

I have a playbook where the end result is that I need to MOVE a folder within a Windows share from one location to another and then make a COPY of that folder in another location. The SMB V2 integration doesn't have the functionality to do this, and the PowerShell remoting integration fails when trying to connect with the following error: ac...

Resolving CrowdStrike ODS Scan Detections With Integration

Hello LiveComm, I am trying to change the status and assignment of ODS (On Demand Scans). I have tried to use the !cs-falcon-resolve-detection command but receive a 400 error. Failed to execute 'cs-falcon-resolve-detection' command. Error: Error in API call to CrowdStrike Falcon: code: 400 - reason: Bad Request Failed to validate resource Has an...

Resolved! How to work on File Content collected from Azure blob in Playbook

I am working on Playbook, where I need to update the content of Azure storage blob. I have used the integration with Azure storage container, and I am able to get the file, but I am getting the file metadata only on PB context, and I see that the file itself added to the incident. However, no direct access to the file content to edit/add/remov...

XSOAR - Question Regarding Incident Tasks

Hello everyone, I noticed that when a task in a playbook has an error or requires some sort of input, said task appears in the tab "Playbook Tasks" (attached an image for reference). I was wondering how XSOAR gets that specific information in that tab, I tried checking in the context data but haven't found anything that might relate to that tab ...

buttons to allow specific continuation of workplan

Hi everyone,I need your help. When a task reaches certain thresholds, Cortex XSOAR sends an email to the analyst. My goal is to have the analyst review all the evidence and then the anayst click a button to either approve or deny the continuation of the workplan. this's possible due on workplan?

tlmarques by L4 Transporter
  • 981 Views
  • 2 replies
  • 0 Likes

Resolved! Powershell Modules in Xsoar Cloud

Hi, I am trying to integrate with our Microsoft Defender instance from Xsoar Cloud. Right now I am trying to create a playbook task to add an item to the Tenant Allow Block List (TABL). Looks like the only way is via Powershell. I have a script that will work, but the default engine doesn't have the module needed, ExchangeOnlineManagement. Is th...

Error Handling In Playbooks/Integrations

Hi All, I want to know is there any built in configuration/settings/playbook or any module that helps to handle playbook error(error handling). Error/On Continue Task level error handling is not enough so i want if there is any integration issue or command issue or playbook issue i send email or notify the specific users.Thank you Cortex XSOAR...

Syedhkt by L2 Linker
  • 1084 Views
  • 1 replies
  • 0 Likes
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks