Cortex XSOAR Discussions

War room: View full content in a new tab. Output in column instead of row

Hello

If we press in the war room output to " View full content in a new tab" then the output is a table - and everything in one row.

Is it possible to get the output in columns?

Even csv is all in one row...

so, instead first row with description, pu

...

Cortex XQL searches in XSOAR - how to?

Hi, I am trying to integrate more and more XSOAR into my environment.

I would like to be able to do XQL searches on xdr dataset, but I can't find a way to do that.

I have Cortex Data Lake integration, but is seems to cover only logs from firewalls.

Thx

...

Cortex XDR Halt Playbooks?

So we're utilizing XDR Prevent (not Pro) here. Appears to be all the preparation on PAN's site is carefully equipped towards the Proform, and Github hasn't been exceptionally productive.

I'm contemplating whether anybody has any playbooks or work pro

...

Timeframe for Script in a widget

How can I get the Timeframe inside a Dashboard into an python script so that I can use it to query splunk for the same timeframe

I haven't been able to find anything related to this in the documentation.

Thanks,

Juan

SplunkPy | Integration test throws error

While testing SplunkPy integration, I am getting the following error.

Error from SplunkPy is : Script failed to run:

Error: Error [[Traceback (most recent call last):

File "<string>", line 1, in <module>

ImportError: No module named splunklib.

...

Resolved! Specific Markdown supported?

Is there a document pointing to the specific Markdown functionality that XSOAR supports? There seem to be lots of variants on Markdown.

Resolved! Error: DB Version '##' and Insert version '##' do not match for id: ##### on bucket [] [incidents] (15)

I have a trigger script automation that updates the linked incidents of an incident. The update works, but then it produces the following error and refuses to update the field that triggered the automation.

The script works fine if I run it from t

...

Resolved! Mapping the Microsoft Security Graph to a custom incident type

Hello,

I am a noob in XSOAR, so if I am missing something obvious, my apologies.

I am working on a implementation where the system owner has set up a custom incident type for their Microsoft Security Graph API. The idea is now to do the mapping and I

...

Resolved! Output JSON for Incident Mapping

Hi all,

We have several incidents that we need to work on the mapping of, but they are relatively rare and are not pulled from the (SplunkPy) integration often enough that they are in any of the events that we get when we do the mapping (6.0) and pull

...

Cortex xsoar integration with qradar

Hi Team,

can you please help me how to integrate cortex xsoar with ibm qradar . I dont find related documents for this.It would be great if you can share KB article for this.Thanks

Resolved! Dynamic interactive GUI elements in incident layouts?

I couldn't find anything in the documentation about this. However, I'm brand new to XSOAR development, so maybe I'm missing it. So, before I go digging more, can anyone let me know if this capability exists or not?

I want dynamic interactive elemen

...

Issue Working with Files

Hello everyone,

I am having some trouble working with files in an incident.
I have integrated an API that need a path to upload a file.

This API checks the file extension in the path and as I have seen, file paths in XSOAR incidents are something like

...

Cortex XDR Prevent playbooks?

So we're using XDR Prevent (not Pro) here. Seems all the training on PAN's site is strictly geared towards the Pro version, and github hasn't been very fruitful yet.

I'm wondering if anyone has any playbooks or workflows or (crosses fingers) scripts t

...

Panorama Query Log Fails

Hello all

I run into a failure on Playbook Panorama Query Logs.

The failure is:

"Set vsys for firewall or Device group for Panorama"

This happen on the GeneralPolling Playbook and there at the task RunPollingCommand.

I've defined Device Group and askin

...

Resolved! Service APIVoid' Test fails with a 'success'

Hello

We use the Service "APIvoid" and we entered all settings for it.

If we press the Test Button, then we get back:

Failed to execute test-module command. Error: 'success' (85)

The Task itself is working, it's just...

Thanks

roger

Discussions

War room: View full content in a new tab. Output in column instead of row

Cortex XQL searches in XSOAR - how to?

Cortex XDR Halt Playbooks?

Timeframe for Script in a widget

SplunkPy | Integration test throws error

Resolved! Specific Markdown supported?

Resolved! Error: DB Version '##' and Insert version '##' do not match for id: ##### on bucket [] [incidents] (15)

Resolved! Mapping the Microsoft Security Graph to a custom incident type

Resolved! Output JSON for Incident Mapping

Cortex xsoar integration with qradar

Resolved! Dynamic interactive GUI elements in incident layouts?

Issue Working with Files

Cortex XDR Prevent playbooks?

Panorama Query Log Fails

Resolved! Service APIVoid' Test fails with a 'success'

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

8.9 On-Prem Update Fails to Update

Re: Azure Active Directory users - Incorrect padding

Re: Pre Processing Rules Logs

Re: Pre Processing Rules Logs

Azure Active Directory users - Incorrect padding

Re: No communication method found for form

Unlock your full community experience!

Resolved! Specific Markdown supported?

Resolved! Error: DB Version '##' and Insert version '##' do not match for id: ##### on bucket [] [incidents] (15)

Resolved! Mapping the Microsoft Security Graph to a custom incident type

Resolved! Output JSON for Incident Mapping

Resolved! Dynamic interactive GUI elements in incident layouts?

Resolved! Service APIVoid' Test fails with a 'success'