DR to DC failover completed; DR acts as back up server as expected but in DR "Make this the production server option is not grey out"

Hi Team,

The customer has did the DR to DC failover but DR backup server has " Make this the production server" tab enabled blue.

The client pointing that the option show be disabled. If it is enabled, any person can make backup server as production

populating playbook custom node/script output in Dashboard and Reports

Hello Team,

I want to populate a custom script output in playbook to Dashboards and Reports.

This playbook is triggered on incident and took same data from incident modify it and also uses some third-party custom app data to enrich.

I want to p

Configure notification email on new incident

Hello,

I would like to enable email notifications for every new incident.

I've configured an O365 EWS instance successfully, and set server.notification.using.send-mail to use its instance name.

For now, I just want all notifications to be sent t

How do I send an alert to XSOAR?

I see the classify, map and playbook logic in XSOAR and I see that a playbook can ask/pull/poll for info *from* and external tool, which might be done through an integration.  But is there a way for an external tool to aynchronously *send/push* an *a

Obtaining Whois Information for a List of IPs

I'm trying to perform whois queries on an array that contains the list of IPs.

My understanding is that I can pass the array to the Inputs of the "ip (whois)" script.

However, since there are over 1000 IPs, submitting them all at once results in an e

XSOAR 8 SearchIncidentsv2 script

When I use the XSOAR 8 SearchIncidentsv2 script with reason argument it return no results for example reason:False Positive returns nothing. Why is that? Is there some specific formatting to use?

Empty report

when generating report from cortex xsoar in PDF its empty report nothing is on it.

Automating SLA in XSOAR with Reminders and Reset on Updates

Hi team!

First of all, thank you very much in advance for your help.

I want to add an SLA to an incident in XSOAR so that if the SLA is breached, the incident is automatically closed. In theory, this is straightforward to implement by setting a t

Customize System Emails

I see there is documentation on customizing system emails: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Administrator-Guide/Customize-System-Emails

I'm seeing placeholders such as {{ .username}} and  {{ .invName}}. Where i

Automating the regression testing of the Playbook

Hi.

I am considering automating the regression testing of the Playbook.

For instance, it would be ideal if we could confirm whether the existing paths can still transition smoothly when a user adds one more branch to the ConditionalTask in the Playb

Query on the usage of 2 XSOAR's integrations

Hi Team,

The customer wants to implement 2 integrations, so they are requesting the TAC support on the usage of 2 integrations.

Note: No CS team available.

Below are those 2 integrations.

1. NCIIPC Threat Intel Feeds via normal API key.
2. HPSM (

Pre Processing script for dropping multiple similar incidents

Hi Team,

I need to find a way to drop similar events (by eventnames field)  from QRadar when they are mirrored in in XSOAR  by using a pre process rule

I have checked for a native approach in Cortex Xsoar to do it but it seems that
Pre-processin

Automated Daily Report for XDR and XSOAR?

Hi all and happy Taco Tuesday!

I'm part of a very small team of 3 that supports a retail company's domestic and international security & compliance operations, and I'm looking to automate some daily reporting that would ultimately be viewed in Conflue

Propagation Label

Hi all,
I imported a custom pack to XSOAR main account, but I don't want some tenants to use it so I want to use XSOAR propagation labels, but even if I set propagation labels, when I sync it distributes to tenants.
Do you have any suggestion?