This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Integration classifier by workflow

Hi,I have been thinking about this a few times by now. I have a mail listener that fetches incoming mails as incidents. To classify them I would like to send them through a playbook, as a classification key doesn't provide enough context to choose the right incident type. Did anyone else try this before? Looking for some advice here 🙂

Docker issues with xSOAR

Hello, A beginner here. It seems that after initial installation when trying to install new integrations and addons from Marketplace, I keep getting warnings about missing Docker images. If I list all the images with /docker_images I see the ones that the warning claims are missing, but the versions are older than in the warning message. I have ...

antjar by L0 Member
  • 7235 Views
  • 3 replies
  • 0 Likes

Resolved! Cortex XSOAR server not responding, listening only on IPv6

Dear all,wanted to explore some features in the community edition, but the Web GUI doesn't come up.Checking from the console, I see that the server is only listening on IPv6:netstat -antActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:22 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:...

Resolved! Service Now: creating ticket with a given ticket template

Hello all, Our goal is to create a Service Now ticket from a playbook, using the Service Now integration, with a given ticket template (ticket template = ticket with predefined field). To do so with the API we send a request to the following URL: https://xxxxxxx.service-now.com/api/sn_sc/servicecatalog/items/b898666bdb86b3406712b34ffe961929/orde...

Domain checker playbook

Has anyone written a playbook that would check the age of a domain, say via it's Whois creation date, and then do a task?* *Originally contributed to dfircommunity.slack.com #playbooks channel by SteveC on Friday, May 15th, 2020 at 3:11 pm

ELaufer by L2 Linker
  • 12272 Views
  • 3 replies
  • 1 Likes

Resolved! Add a war room filter for the main account tennant.

Hello all, We're trying to edit the layout of an incident in the Main Account tennant in order to display output of splunk searches. When adding the "War Room" section in the layout we're asked to select a war room filter from existing list (see below screenshot). But as we're on the main tennant we can't go to the playground war room and add a...

img01.PNG
IMG002.PNG

XSOAR web interface not working with GloabalProtect Clientless VPN

We have Palo Alto Global Protect set up and it works very well with various web applications, however it does not work with the Demisto/XSOAR web interface. It just shows a blank page, although all connectivity is allowed and I see packets flowing. The Demisto is 5.5 and the firewall is running PanOS 8.1.17. Is it possible to be some security f...

batd2 by L4 Transporter
  • 3027 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR blacklisting O365 senders

Hello guys, When analyzing a phishing case, I would like to block a sender for all the company. I've read in the Microsoft doc and they say you can do it by creating a blacklist. I've not been able to find it in XSOAR. Is there a way of doing that? Kind Regards.

Demisto-Qradar Integration

Hi, How to filter out the incidents ingestion in to demisto from Qradar based on time.Eg:I have been integrated Demisto with Qradar on today and i want to start recieveing offences only generated from today.We have done some filtering to recieve only active offeneces on integration tab (status="OPEN") but we need to recieve offences which are ge...

  • 1300 Posts
  • 45 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks