This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Remote Repository Errors

I am trying to configure a private remote repository in our Cortex XSOAR 8 development instance. I have tried both on-prem GitHub server using an engine as well as github.com direct from the console but either way gets the same error: "VC: failed to push branch: exit status 128 send-pack: unexpected disconnect while reading sideband packet Con...

J.McGurk by L0 Member
  • 704 Views
  • 0 replies
  • 0 Likes

Resolved! A Few Quick Questions About the Community Edition

Hello All, Disclaimer: I am a huge XSOAR admin user at work, and was hoping for a community edition that I could run in my lab even if it is slightly limited. Is it OK to just run the Community Edition of XSOAR? Once I start my 3 day trial and it runs out, just how bad of an experience is it? What exactly gets turned off? Regards, Jeff

Copying directories on an SMB share.

I have a playbook where the end result is that I need to MOVE a folder within a Windows share from one location to another and then make a COPY of that folder in another location. The SMB V2 integration doesn't have the functionality to do this, and the PowerShell remoting integration fails when trying to connect with the following error: ac...

Resolving CrowdStrike ODS Scan Detections With Integration

Hello LiveComm, I am trying to change the status and assignment of ODS (On Demand Scans). I have tried to use the !cs-falcon-resolve-detection command but receive a 400 error. Failed to execute 'cs-falcon-resolve-detection' command. Error: Error in API call to CrowdStrike Falcon: code: 400 - reason: Bad Request Failed to validate resource Has an...

Resolved! How to work on File Content collected from Azure blob in Playbook

I am working on Playbook, where I need to update the content of Azure storage blob. I have used the integration with Azure storage container, and I am able to get the file, but I am getting the file metadata only on PB context, and I see that the file itself added to the incident. However, no direct access to the file content to edit/add/remov...

XSOAR - Question Regarding Incident Tasks

Hello everyone, I noticed that when a task in a playbook has an error or requires some sort of input, said task appears in the tab "Playbook Tasks" (attached an image for reference). I was wondering how XSOAR gets that specific information in that tab, I tried checking in the context data but haven't found anything that might relate to that tab ...

buttons to allow specific continuation of workplan

Hi everyone,I need your help. When a task reaches certain thresholds, Cortex XSOAR sends an email to the analyst. My goal is to have the analyst review all the evidence and then the anayst click a button to either approve or deny the continuation of the workplan. this's possible due on workplan?

tlmarques by L4 Transporter
  • 906 Views
  • 2 replies
  • 0 Likes

Resolved! Powershell Modules in Xsoar Cloud

Hi, I am trying to integrate with our Microsoft Defender instance from Xsoar Cloud. Right now I am trying to create a playbook task to add an item to the Tenant Allow Block List (TABL). Looks like the only way is via Powershell. I have a script that will work, but the default engine doesn't have the module needed, ExchangeOnlineManagement. Is th...

Error Handling In Playbooks/Integrations

Hi All, I want to know is there any built in configuration/settings/playbook or any module that helps to handle playbook error(error handling). Error/On Continue Task level error handling is not enough so i want if there is any integration issue or command issue or playbook issue i send email or notify the specific users.Thank you Cortex XSOAR...

Syedhkt by L2 Linker
  • 991 Views
  • 1 replies
  • 0 Likes

8.9 On-prem Install Documentation Confusion

Hello, I'm trying to install our extra-small single server on-prem 8.9 XSOAR and ran into some confusion with the documentation. I didn't see a way to report the issue elsewhere so I thought it might be helpful here.https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.9/Cortex-XSOAR-On-prem-Documentation/Install-Cortex-XSOAR-on-a-VM-deploye...

sackett by L1 Bithead
  • 757 Views
  • 1 replies
  • 0 Likes

XSOAR - Transform Language

Hello everyone, I would like to ask how to get the user.name value from this context data.I tried using the syntax ${incident.labels.user.name}, but it didn’t work. Here's the context structure: { incident: { ... labels: { user.name: "john doe", ... } ... } } Any suggestions?

G.Anshar by L1 Bithead
  • 1219 Views
  • 2 replies
  • 0 Likes

Changing Multiple Docker Images at once

Hey, We are offline users We updated from 6.12 -> 6.14, Then after the update, the docker images changed, and it's causing a lot of ": Script failed to run: failed to pull docker Image "demisto/python 3:3.11.10.113941" Now, to fix it I need to change one by one (detach, change, reattach) docker image, I want to know if it possible to change...

NivNet by L1 Bithead
  • 840 Views
  • 2 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks