I'm getting an error while trying to upload a 2.2MB plain-text file, the webgui only shows this message: Failed to upload file to war room. Error: K(...) is null What's the file size limit for uploads? Thanks
I'm trying to get Cortex Data Lake integrated with our Cortex XSOAR Community Edition instance, and getting nowhere very quickly. Reviewing the documentation: https://xsoar.pan.dev/docs/reference/integrations/cortex-data-lake I am completely lost finding the Token, ID, and Key values to tie it to our Cortex Data Lake instance. The documentation...
Hi Guys, Facing bit of a hiccup on playbook creation for Qradar. After the XSOAR incident closure I need to close the same alert related to that incident on Qradar too. However I cant find any function to do that in the documentation, I would really appreciate if someone can shed some light on it.
Is the delete context feature added for 6.2 or just for the debugger? And will that affect if we have delete context tasks currently in our playbooks?
Let’s say my parent playbook is very big and I just want to test the subplaybook by itself. If the subplaybook has input, how can we pass it test data for the debugger?
Does the Content Type of the list affect how it is read in by an automation or playbook, or is that only for editor syntax highlighting? Previously, would input json into a list, but since it is read in as text, we would have to handle the data with a text to json transformer. Does this still work the same?
What are the limits for lists, number of lists and size of lists?
I'd like to take the generic polling concept and make it a little more specific, but I'm coming up short. I'm doing a QRadar search (although I suspect Splunk or anything else would be very similar.) The QRadarFullSearch playbook will poll and wait for the search to finish, and that has worked great so far for what it is. But the search can f...
Hi,I am getting following error while trying to login to XSOAR through SSO. I have setup the SAML app on XSOAR with all the attributes provided by AD team. AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'https://sts.windows.net/f35a6974-607f-47d4-82d7-ff31d7dc53a5/'. Can someone ...
Hi All, We wanna send an email notification, and that email content will be incident details and results of the analyst's analysis.I checked marketplace and GitHub demisto repo but I didn't find development as I mentioned. Our html email body schema is ready for use but I guess we have to develop our own script with the api and email applicatio...
I'm working on a failsafe automation to shut down an integration if it fetches more than a certain threshold of events in a time period. Is it possible to disable an integration, or turn off the "fetches incidents" parameter, with a command? Or through the API?
Trying to learn how to use this thing. I've got a very simple playbook set up that uses the Slack integration to send a simple yes/no prompt to a user. Within the Playground, I'm able to successfully send simple messages via slack, so the connection appears to be good, but every time I run the playbook I just get 'Incident playbook task "Ask u...
