Cortex XSOAR Discussions

Xsoar: Retrieve file which has been quarantined by Cortex XDR

Hello Guys,

I'm trying to retrieve a file that has been quarantined by Cortex XDR using an XSOAR playbook. I trace the Action ID in XDR but I always find it failing. However, it's always working for non-quarantined files.

I need to retrieve the file

...

Resolved! Wildfire Reports missing URL

Hello all

I did some PDF-Requests to Wildfire and getting Info back as xml.

One of those reports are marked as "Malicious" but I do not see, what/why it is Malicious.
So I've investigated and did a curl extract of the sha265 Wildfire Request.

And look

...

Does XSOAR support IPv6 ?

Hi all,

I'm searching in the documentation if xsoar is supporting IPv6 or only 4. But I cannot find info. Can you help?

Resolved! Adding endpoint list to an AD group

Hi,

I am currently building a new PlayBook and in one part of that PlayBook, I am trying to add computers, in an XSoar List, to a specific AD group.

- I Created a List that contains 2 endpoints separated with a comma ","

- My Playbook is using the Act

...

Resolved! Creating a table with SetGridField

Hello, I am having issues with creating a table using the SetGridField script,

I am not sure how to filter/transform several keys at one time. anyone that can give an example please?

Resolved! [XSOAR] rasterize output during playbook

Hi all,

I'm new in using XSOAR,

in a playbook I'm using the rasterize of a URL

now I'd like to put a conditional step where I check if the rasterize is not successful (e.g. the url does not exist)

How can I check that?

War room: View full content in a new tab. Output in column instead of row

Hello

If we press in the war room output to " View full content in a new tab" then the output is a table - and everything in one row.

Is it possible to get the output in columns?

Even csv is all in one row...

so, instead first row with description, pu

...

Cortex XQL searches in XSOAR - how to?

Hi, I am trying to integrate more and more XSOAR into my environment.

I would like to be able to do XQL searches on xdr dataset, but I can't find a way to do that.

I have Cortex Data Lake integration, but is seems to cover only logs from firewalls.

Thx

...

Cortex XDR Halt Playbooks?

So we're utilizing XDR Prevent (not Pro) here. Appears to be all the preparation on PAN's site is carefully equipped towards the Proform, and Github hasn't been exceptionally productive.

I'm contemplating whether anybody has any playbooks or work pro

...

Timeframe for Script in a widget

How can I get the Timeframe inside a Dashboard into an python script so that I can use it to query splunk for the same timeframe

I haven't been able to find anything related to this in the documentation.

Thanks,

Juan

SplunkPy | Integration test throws error

While testing SplunkPy integration, I am getting the following error.

Error from SplunkPy is : Script failed to run:

Error: Error [[Traceback (most recent call last):

File "<string>", line 1, in <module>

ImportError: No module named splunklib.

...

Resolved! Specific Markdown supported?

Is there a document pointing to the specific Markdown functionality that XSOAR supports? There seem to be lots of variants on Markdown.

Resolved! Error: DB Version '##' and Insert version '##' do not match for id: ##### on bucket [] [incidents] (15)

I have a trigger script automation that updates the linked incidents of an incident. The update works, but then it produces the following error and refuses to update the field that triggered the automation.

The script works fine if I run it from t

...

Resolved! Mapping the Microsoft Security Graph to a custom incident type

Hello,

I am a noob in XSOAR, so if I am missing something obvious, my apologies.

I am working on a implementation where the system owner has set up a custom incident type for their Microsoft Security Graph API. The idea is now to do the mapping and I

...

Resolved! Output JSON for Incident Mapping

Hi all,

We have several incidents that we need to work on the mapping of, but they are relatively rare and are not pulled from the (SplunkPy) integration often enough that they are in any of the events that we get when we do the mapping (6.0) and pull

...

Discussions

Xsoar: Retrieve file which has been quarantined by Cortex XDR

Resolved! Wildfire Reports missing URL

Does XSOAR support IPv6 ?

Resolved! Adding endpoint list to an AD group

Resolved! Creating a table with SetGridField

Resolved! [XSOAR] rasterize output during playbook

War room: View full content in a new tab. Output in column instead of row

Cortex XQL searches in XSOAR - how to?

Cortex XDR Halt Playbooks?

Timeframe for Script in a widget

SplunkPy | Integration test throws error

Resolved! Specific Markdown supported?

Resolved! Error: DB Version '##' and Insert version '##' do not match for id: ##### on bucket [] [incidents] (15)

Resolved! Mapping the Microsoft Security Graph to a custom incident type

Resolved! Output JSON for Incident Mapping

Result empty after using json2html script

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

XSOAR IP Forwarding requirement

Re: War Room Table to Layout view

Unlock your full community experience!

Resolved! Wildfire Reports missing URL

Resolved! Adding endpoint list to an AD group

Resolved! Creating a table with SetGridField

Resolved! [XSOAR] rasterize output during playbook

Resolved! Specific Markdown supported?

Resolved! Error: DB Version '##' and Insert version '##' do not match for id: ##### on bucket [] [incidents] (15)

Resolved! Mapping the Microsoft Security Graph to a custom incident type

Resolved! Output JSON for Incident Mapping