I need to open Support Case
Any thoughts on why this is failing; this always returns Entries Found regardless if there are entities or not. You can see in the screenshot above there are 0 results, no entries. When I run this script, you'll see the screenshot below. ------Script------##Check Sentinel for entities, if none, write a message to war roomexternal_id=demisto.inc...
Hi everyone, I was trying to make a playbook to extract indicators (Hash values, domains, IP addresses) from a PDF file. I tried to use the ReadPDFFile V2 utility, however it gives the below error on 2 of the PDF files I tried. Command: !ReadPDFFileV2 entryID="29@14" maxImages="20" auto-extract="inline"(Scripts)ReasonCould not load pdf file in E...
This command works:demisto.executeCommand('setIncident', {'summary': "test"})`Note: summary is a custom field of text. This fails:demisto.executeCommand('setIncident', {'sentinelclosereason': "JOSH"})The only difference I can see is that sentinelclosereason is a SingleSelect type instead of free text. Is there any notes on how to set a value for...
Onboarding to a new company.No post processing on incident type (azure sentinel).When a ticket is closed on the close form, we have a custom "Azure Closure Reason" and "Classification Comment"; based on this we have a script(CloseSentinelCase) that triggers when "Azure Closure Reason" is modified. This script sets the "Close Reason" based on th...
hi All, I have changed my etc/demisto.conf file to move data folders(https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/manage-data/move-data-folders-to-another-location-on-the-server.html) and after upgrading my app server to 6.2 from 6.1 cortex soar application is not starting(https://docs.paloaltonetworks.com/cortex...
Hello , On of our customer is dependent on their partner for Minemeld EDL The Partner is hosting the Minemeld server and now our customer is planning to build their own Minemeld As Minemeld is no longer supported by PAN and is purely an open Source support product , What would be the best alternative and cost effective approach for the customer ...
Hi everyone,does anyone of you know how to check a custom indicator with !GetIndicatorDBotScore?Due to the recent change in the URL indicator type's regex, we needed to create a new indicator type, that makes use of the old regex. Unfortunately this breaks our playbooks, which rely at a certain spot on the !GetIndicatorDBotScore command. This wi...
Hello everyone;Cortex:The console reports 481 agents of which it gives with lost connection 110, in the licensing section it indicates 371 agents installed of the 500 licensed, so it seems that it does not take into account those of lost connection, I wanted to confirm this extreme since, according to the panel, we could be close to rushing the ...
Hi everyone,I'm facing a very strange issue. I've updated server version to 6.5 and loaded all images included in .tar file downloaded through personal link (27,2 GB) and testing integrations I used to take advantage when company didn't have antivirus packet inspection (so at that time demisto use to download images on demand) but I get lots of ...
I have created a sub-playbook(which is running in a loop for multiple inputs) generating multiple files json's and csv's. I want to delete json's only and keep csv's for a single run and at the end of loop, I want only csv's.How can I do that?I have tried delete context and in "Key" field I am passing entry ID of the file but I am getting error ...
Hi Is anybody able to help me with upgrading my community edition of XSOAR ? I can't seem to find any reference to the original download and so the token element to the script is missing, am I able to register again for it ? Any help is greatly appreciated as always.
Dear Team, Kindly share the Document for Fore scout NAC Integration with PaloAlto.
Hello community, I'm currently working on a playbook in which I want to collect data from end users via a survey.The troublesome part is that this has to happen via a ServiceNow ticket. When creating the ticket in ServiceNow I want to include the survey-URL in the ticket notes.Now, there isn't a URL created/saved in the context data. My current...
I need to set in an indicator configuration to avoid the use of some instances for enrichment, but I'm not able to edit the indicator in an account of the multi-tenant deployment, (IP), In the master account I'm able to edit without problems, I tried changing some propagation labels and syncing the accounts with no successm what else can I do? I...
