This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Secrets

How is everyone else doing secrets?It seems odd to me that everything that might use an API key needs to be an integration instead of an automation.You can't seem to easily hide plain-text apikeys from an automation at all. For example:I have a Contact List for emergencies:I have an API key, that I use to query the owner of certain cloud instanc...

MrDuck by L1 Bithead
  • 4530 Views
  • 3 replies
  • 0 Likes

Cherwell Fetch Incident fails

Hello We use Demisto Version 6.2.0, Build 1271082 If I configure a Cherwell Instance to fetch incident but It fails with the following Error:Spoiler (Highlight to read)Error OccurredFailed to get samples from instanceError detailsScript failed to run: Error: [Traceback (most recent call last): File "<string>", line 1017, in <mod...

Get Qualys credentials in python script

Hi -The built in Qualys commands from an instance don't quite do what I want to do so I have a python script that uses the api to grab the last report from a map scan, filter it for systems that have specific ports open, and then upload the ip addresses of those systems to an asset group. Runs fine from my pc but I need it to kick off on its own...

sforslev by L0 Member
  • 4191 Views
  • 3 replies
  • 0 Likes

Resolved! Fetched several incidents without mapping

Hello,I recently fetched several incidents using an integration without any classification/mapping configured. I have since configured it correctly, is there any way to re-fetch or re-ingest these incidents so they get mapped and processed correctly?

jtorvald by L1 Bithead
  • 3631 Views
  • 2 replies
  • 0 Likes

Cortex XSOAR Context Issue

Hi Everyone, I have Cortex XSOAR with SplunkPY running and fetching incidents. I am using Splunk classifier and Splunk incoming mapper by default. Drill down is being enriched successfully and i can see it parsed at both classifier & mapper stages - see below screenshotdrilldown parsed in classifier&mapperHowever, context is not splittin...

2021-09-30_181850.png
2021-09-30_182723.png
Rawabdeh by L1 Bithead
  • 8729 Views
  • 9 replies
  • 0 Likes

demisto-py - Specify Playbook

Hello All, I have a python script using demisto-py that creates tickets based on an input Word document. However, specifying the playbook isn't working. When I call demisto_client.demisto_api.CreateIncidentRequest() with the "playbookid" field is populated with the Playbook name, as found in Playbooks page. I thought this field invoked the p...

twjolson by L0 Member
  • 3377 Views
  • 2 replies
  • 0 Likes

Read-Only role assignment issue

I have deployed a number of other roles using SAML successfully. Now when it comes to assigning the Read-only role this has become a challenge. Unlike the other previously configured roles that also included not only the SAML mapping but also the Shift assignments, which work. The Read-Only role does not, this issue is specific to the role and i...

jpadro by L0 Member
  • 2370 Views
  • 1 replies
  • 0 Likes

Integration "Palo Alto Networks PAN-OS" Question

HelloI'll try to get a API request from our Panoramas.The curl request looks like;curl -X GET "https://<panorama>/api/?key=<api-key>&type=op&<show><devices><all></all></devices></show>"So, I tried with the Integration "Palo Alto Networks PAN-OS"There is a command "panorama", where I mitgh e...

Does XSOAR API Batch Close Incidents Endpoint Work?

I am attempting to close a single incident via the XSOAR API and the Batch Close Incidents endpoint (POST /incident/batchClose). The information about my request and the response are posted below. The status of the incident was new before I sent the close request and does not appear to have changed after sending the request even though the respo...

Snader by L1 Bithead
  • 2969 Views
  • 1 replies
  • 0 Likes

Send Email with Integration Got any error

Hello Everyone, If any integration(RSA Netwitness or Syslog) in XSOAR is failed and got some error then can I send mail to any team member as integration got some error. I have already configured System diagnostic but it cannot work.I need any alternative way or solution for this.

Priyash7 by L0 Member
  • 3171 Views
  • 1 replies
  • 0 Likes

Wildfire Report "Results" into "Outputs"

Hello When I request a Wildfire request then I do not get a lot of Information in the "Output" to work with other tasks.To get more infos, I do in the Demisto CLI this: !wildfire-report format=xml hash=<sha256-Hash> verbose=true raw-response="true" extend-context=contextKey=JsonOutputPath But then all infos are in the "Resuls"-"Tab" instea...

update data to rawjson key fails

The integration created does pull the tickets .However i couldn't see rawjson field getting updated though using the below line.I couldn't do field mapping as i can't see the data on choosing instance under classification and mapping rawJSON : JSON.stringify(case.records[i])

rr449 by L0 Member
  • 2210 Views
  • 1 replies
  • 0 Likes

XSoar API Create Incident Mapping

Looking for some help on create an API integration for creating incidents and mapping those fields to normalized fields. I can create an incident just fine, I can assign the incident type, the issue I'm running into is the field normalization. IE lets take the following field called Souce IP in XSoar. The script that I'm using calls it OriginIp....

  • 1300 Posts
  • 45 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks