This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! ReadPDFFile V2 gives error when reading PDF file

Hi everyone, I was trying to make a playbook to extract indicators (Hash values, domains, IP addresses) from a PDF file. I tried to use the ReadPDFFile V2 utility, however it gives the below error on 2 of the PDF files I tried. Command: !ReadPDFFileV2 entryID="29@14" maxImages="20" auto-extract="inline"(Scripts)ReasonCould not load pdf file in E...

setIncident for single select type

This command works:demisto.executeCommand('setIncident', {'summary': "test"})`Note: summary is a custom field of text. This fails:demisto.executeCommand('setIncident', {'sentinelclosereason': "JOSH"})The only difference I can see is that sentinelclosereason is a SingleSelect type instead of free text. Is there any notes on how to set a value for...

jboyd98 by L2 Linker
  • 3085 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR Trigger off reopen incident / close incident

Onboarding to a new company.No post processing on incident type (azure sentinel).When a ticket is closed on the close form, we have a custom "Azure Closure Reason" and "Classification Comment"; based on this we have a script(CloseSentinelCase) that triggers when "Azure Closure Reason" is modified. This script sets the "Close Reason" based on th...

jboyd98 by L2 Linker
  • 8839 Views
  • 5 replies
  • 0 Likes

server not starting after upgrade to 6.2 version

hi All, I have changed my etc/demisto.conf file to move data folders(https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/manage-data/move-data-folders-to-another-location-on-the-server.html) and after upgrading my app server to 6.2 from 6.1 cortex soar application is not starting(https://docs.paloaltonetworks.com/cortex...

Minemeld Alternative

Hello , On of our customer is dependent on their partner for Minemeld EDL The Partner is hosting the Minemeld server and now our customer is planning to build their own Minemeld As Minemeld is no longer supported by PAN and is purely an open Source support product , What would be the best alternative and cost effective approach for the customer ...

Resolved! How to check custom indicator types with !GetIndicatorDBotScore?

Hi everyone,does anyone of you know how to check a custom indicator with !GetIndicatorDBotScore?Due to the recent change in the URL indicator type's regex, we needed to create a new indicator type, that makes use of the old regex. Unfortunately this breaks our playbooks, which rely at a certain spot on the !GetIndicatorDBotScore command. This wi...

araka by L1 Bithead
  • 6531 Views
  • 8 replies
  • 0 Likes

Cortex Doubt Operations

Hello everyone;Cortex:The console reports 481 agents of which it gives with lost connection 110, in the licensing section it indicates 371 agents installed of the 500 licensed, so it seems that it does not take into account those of lost connection, I wanted to confirm this extreme since, according to the panel, we could be close to rushing the ...

Alpalo by L4 Transporter
  • 2151 Views
  • 1 replies
  • 0 Likes

Missing docker images in air-gapped context

Hi everyone,I'm facing a very strange issue. I've updated server version to 6.5 and loaded all images included in .tar file downloaded through personal link (27,2 GB) and testing integrations I used to take advantage when company didn't have antivirus packet inspection (so at that time demisto use to download images on demand) but I get lots of ...

Delete a single file from multiple files

I have created a sub-playbook(which is running in a loop for multiple inputs) generating multiple files json's and csv's. I want to delete json's only and keep csv's for a single run and at the end of loop, I want only csv's.How can I do that?I have tried delete context and in "Key" field I am passing entry ID of the file but I am getting error ...

Resolved! Upgrade Community Edition XSOAR

Hi Is anybody able to help me with upgrading my community edition of XSOAR ? I can't seem to find any reference to the original download and so the token element to the script is missing, am I able to register again for it ? Any help is greatly appreciated as always.

Resolved! Get Data Collection Survey Link

Hello community, I'm currently working on a playbook in which I want to collect data from end users via a survey.The troublesome part is that this has to happen via a ServiceNow ticket. When creating the ticket in ServiceNow I want to include the survey-URL in the ticket notes.Now, there isn't a URL created/saved in the context data. My current...

Cannot edit indicator in multi tenant account

I need to set in an indicator configuration to avoid the use of some instances for enrichment, but I'm not able to edit the indicator in an account of the multi-tenant deployment, (IP), In the master account I'm able to edit without problems, I tried changing some propagation labels and syncing the accounts with no successm what else can I do? I...

Captura de Pantalla 2021-12-29 a la(s) 14.39.24.png
Captura de Pantalla 2021-12-29 a la(s) 14.38.56.png
Captura de Pantalla 2021-12-29 a la(s) 14.37.04.png

Create custom canvas

Hi guys, i need to create a relationship/attack map for our analysts, im wondering if i can somehow use the canvas to make such diagram/map.. there is anyway we can use the canvas library or something similar already existing on xsoar instead of creating all from scratch ? thanks

Demon by L0 Member
  • 2363 Views
  • 1 replies
  • 0 Likes

Problem with file uploading

I'm getting an error while trying to upload a 2.2MB plain-text file, the webgui only shows this message: Failed to upload file to war room. Error: K(...) is null What's the file size limit for uploads? Thanks

  • 1301 Posts
  • 45 Subscriptions
Top Liked Posts
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks