This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Help with AD computers extract and group validation

Hi ! I am trying to use XSoar to extract all computers from a specific "OU" in my AD and validate if those computers are members of a group and if they are not, add the missing computers to the said group. Servers OS needs to be excluded from this extract since I do not want servers to be added to the AD group. The "ad-get-computer" from the Tas...

Resolved! return results from python request(s) output

I have a custom integration where I am trying to map results (in strings) that are emailsinto output to use for the next defined task or playbook.I figured, IF the output looked like output = 'email1\nemail2\nemail3' that I could do a return_results(output)and then in the Script settings, map the 'outputs' section under Arguments to "context pat...

MrDuck by L1 Bithead
  • 6635 Views
  • 1 replies
  • 0 Likes

Confluence Service username ascii-problems

Hello I've tried to add our Confluence Server into XSOAR (Version 6.2.0, Build 1271082), but I'm failing in the Test-Function.I've used as example username "1" and also Password as "1". This is the result: 'ascii' codec can't encode character u'\u20<XX_REPLACED>3' in position 60: ordinal not in range(<XX_REPLACED>28) (85) And Debug M...

Resolved! TLS Error XSOAR gui

Hi All, Bit of an odd one this, for seemingly no reason my browser started the tls client hello with tls v1 instead of v1.2 this meant that although xosar was up and running I was unable to get to the login page as xsoar was resetting the connection, regardless of what I tried I could not fix or even pin down the issue to a root cause.fast forw...

EWSv2 mark item as junk issue

Hi Guys Did anyone of you manage to mark emails as junk using !ews-mark-item-as-junk?I can get the item from the mailbox using the id and even mark it read / unread. But if I try to mark it as junk I get following error: Failed mark-item-as-junk with error: The specified object was not found in the store., The store ID provided isn't an ID of an...

MS Graph Integration Issues

Late Yesterday something happened to all of my Ms Graph integrations. They now all return a Error in authentication. Try checking the credentials you entered. (85).. I have tried to recreate the application and key but same thing. Are there logs/or someplace on Microsoft to look and see what the issue is? Or is anyone else having issues?

Resolved! Fetch RSA NetWitness incidents

Hello Guys,I'm trying to fetch RSA incidents, using RSA NetWitness v11.1 integration, but the error "get_token failed with status: 401(85)" appears, when I try to make the connection between the systems.Has anyone managed to integrate the two platforms to catch incidents?

New Dashboard Option Missing

Hi I am currently experiencing an issue with an XSOAR instance on version 6.1 the option to create a new dashboard is not on the Dashboards Tab in the home screen, I wonder does anybody have any idea what may have happened ?

Cortex XSOAR: Tenable.sc Service: How to add a schedule

Hello all We are using Cortex XSOAR Version Version 6.0.0; Build 79522 and having problems to generate a valid schedule for a Tenable.SC, Command "tenable-sc-create-scan" If I enter one of the pre-defined options, like "Ical" I do get error back:Error: Got an error from TenableSC, code: 146, details: Please specify a valid Scan Schedule definiti...

Pre-process rule doesn't work

Hello all, We want to create a pre-process rule to drop all Phishing incident without [Phish Alert] inside the email subject. We're creating the following rule type equals Phishing AND emailto equals test@test.ts AND emailsubject contains [Phish Alert] Testing with the following JSON: {"type":"Phishing","emailsubject":"[Phish Alert] test preproc...

test.PNG

Incident classification considering multiple fields

How can I classify an incident while taking multiple fields into consideration?Let's say I have a list of numbers. Whenever an incident is registered I would like to check whether the value of Field A is in that list, if Yes, then classify by Field A, if Not then classify by other Field B.

OZamir by L1 Bithead
  • 2779 Views
  • 1 replies
  • 0 Likes

Avoid empty returns

Hello All In my Playbook I run into an issue with empty returns.My Playbook requests Cherwell with several hosts in an array: ["server-A","server-B"]In Cherwell, "server-B" does not exist, so I do see that in the "Result Tab" of the Task, but the Output is only from the one Host (server-A), which is in the Cherwell DB.The reason is, that I have ...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks