Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Cortex XSOAR Context Issue

 

Hi Everyone, 

I have Cortex XSOAR with SplunkPY running and fetching incidents. I am using Splunk classifier and Splunk incoming mapper by default. 

Drill down is being enriched successfully and i can see it parsed at both classifier & mapper stages -

...

2021-09-30_181850.png
2021-09-30_182723.png
Rawabdeh by L1 Bithead
  • 7624 Views
  • 9 replies
  • 0 Likes

demisto-py - Specify Playbook

Hello All,

 

I have a python script using demisto-py that creates tickets based on an input Word document.

 

However, specifying the playbook isn't working.  

 

When I call demisto_client.demisto_api.CreateIncidentRequest() with the "playbookid" field is p

...

twjolson by L0 Member
  • 3000 Views
  • 2 replies
  • 0 Likes

Read-Only role assignment issue

I have deployed a number of other roles using SAML successfully. Now when it comes to assigning the Read-only role this has become a challenge. Unlike the other previously configured roles that also included not only the SAML mapping but also the Shi

...

jpadro by L0 Member
  • 2141 Views
  • 1 replies
  • 0 Likes

Send Email with Integration Got any error

Hello Everyone,

 

If any integration(RSA Netwitness or Syslog) in XSOAR is failed and got some error then can I send mail to any team member as integration got some error. I have already configured System diagnostic but it cannot work.

I need any altern

...

Priyash7 by L0 Member
  • 2955 Views
  • 1 replies
  • 0 Likes

Wildfire Report "Results" into "Outputs"

Hello

 

When I request a Wildfire request then I do not get a lot of Information in the "Output" to work with other tasks.

To get more infos, I do in the Demisto CLI this:

 

!wildfire-report format=xml hash=<sha256-Hash> verbose=true raw-response="true" e

...

update data to rawjson key fails

The integration created does pull the tickets .However i couldn't see rawjson field getting updated though using the below line.I couldn't do field mapping as i can't see the data on choosing instance under classification and mapping

 

rawJSON : JSON.s

...

rr449 by L0 Member
  • 2015 Views
  • 1 replies
  • 0 Likes

XSoar API Create Incident Mapping

Looking for some help on create an API integration for creating incidents and mapping those fields to normalized fields.

 

I can create an incident just fine, I can assign the incident type, the issue I'm running into is the field normalization. IE let

...

Resolved! ServerLogs integration does not work.

I have the integration enabled and configured using the requirements stated in the Marketplace, but when I try to load the dashboard it says I don't have the SSH integration enabled. But I do, and I have a local user and have tested it manually, so I

...

Update an incident via API XSOAR

Hi,

 

I need help about How get via API an incident update. I don't see this option (sorry), I can set a new incident but I don't update an incident. This way must be API, I use this route "/incident".

 

Can you help me, plase?

 

 

Regards

sanaya by L0 Member
  • 5878 Views
  • 4 replies
  • 1 Likes
  • 1266 Posts
  • 43 Subscriptions
Top Liked Authors