This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

update data to rawjson key fails

The integration created does pull the tickets .However i couldn't see rawjson field getting updated though using the below line.I couldn't do field mapping as i can't see the data on choosing instance under classification and mapping rawJSON : JSON.stringify(case.records[i])

rr449 by L0 Member
  • 2229 Views
  • 1 replies
  • 0 Likes

XSoar API Create Incident Mapping

Looking for some help on create an API integration for creating incidents and mapping those fields to normalized fields. I can create an incident just fine, I can assign the incident type, the issue I'm running into is the field normalization. IE lets take the following field called Souce IP in XSoar. The script that I'm using calls it OriginIp....

Resolved! ServerLogs integration does not work.

I have the integration enabled and configured using the requirements stated in the Marketplace, but when I try to load the dashboard it says I don't have the SSH integration enabled. But I do, and I have a local user and have tested it manually, so I don't think this is credential related. It just looks like the integration is not able to access...

Update an incident via API XSOAR

Hi, I need help about How get via API an incident update. I don't see this option (sorry), I can set a new incident but I don't update an incident. This way must be API, I use this route "/incident". Can you help me, plase? Regards

sanaya by L0 Member
  • 6675 Views
  • 4 replies
  • 1 Likes

Resolved! Update an incident via API in CORTEX XSOAR

Hi, I need help about How get via API update an incident. I don't see this option (sorry), I can set a new incident but I don't update an incident. This way must be API, I use this route "/incident". URL API: https://cortexip/incident Can you help me, plase? Regards Cortex XSOAR

sanaya by L0 Member
  • 4451 Views
  • 2 replies
  • 0 Likes

Resolved! Is partial import of data from a XSOAR instance to another XSOAR instance supported?

Helloa customer I work for is trying to perform a partial import of data from a XSOAR to another instance of the same with same version.They want a partial import beacause they have not so much resources on the second instance and they just need it to test some things. But the question is, is it supported?Should Palo Alto discourage this type of...

FindSimilarIncidents doesn't work

Hello all, We're trying to develop a playbook that first look at similar incident (FindSimilarIncidents) before proceeding but it isn't able to find any similar incident (even when we have duplicate of the current incident). For a bit of context this playbook is executed from the result of a Tenable scan when vulnerabilities are identified. For ...

AlexandreBorgo_0-1631284094703.png
AlexandreBorgo_2-1631284374214.png
AlexandreBorgo_1-1631284184311.png

Need help for Hybrid Analysis Automatisation

Hello We do use Hybrid Analysis to check URLs.Is anyone here, who can tell me how to read the results?For scanned URLs we get on Hybrid Analysis Website a "no specific result", "suspicious" or "malicious" as result.But I do not see those results in any Output of the automation. Only from third-Party scanners - but the result of Hybrid Analysis I...

[XSOAR] Issue downloading files

Hello! We want to create an automation which download a file from a given URL (which contains a file. pe: https://www.comunidad.madrid/sites/default/files/doc/sanidad/epid/informe_epidemiologico_semanal_covid_s32.pdf)The idea is to store the file in the XSOAR incident to analyze it with our tools.It is easy to do with Python in a local machine, ...

XSOAR - Send CSV

Hello, I am trying to send a csv in a post request using the "http request" built-in task, but the File parameter seems to be missing. What is the best way to send a csv file in an api post from XSOAR?

Enable Communication Tasks

Hello all I'm trying to activate the Communication Task. The Idea is, that User may answer without to have a xsoar account. So far, I found this Doc: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/engines/configure-engines/enable-access-to-communication-tasks-through-an-engine.html I've entered both settings into ...

  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks