This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Download from War Room

Is there a script or command line call that can be used to download an entry from the War Room? I have a script assigned to a button that generates a report and the report download is then entered into a War Room entry when executed/generated. I am looking for a method to code the download of the report automatically and not have to go to th...

BPalmer_0-1746569185023.png
B.Palmer by L0 Member
  • 705 Views
  • 1 replies
  • 0 Likes

DR to DC failover completed; DR acts as back up server as expected but in DR "Make this the production server option is not grey out"

Hi Team, The customer has did the DR to DC failover but DR backup server has " Make this the production server" tab enabled blue. The client pointing that the option show be disabled. If it is enabled, any person can make backup server as production if the link is active, without making any changes at DC XSOAR GUI. This is critical. Any suggesti...

Configure notification email on new incident

Hello, I would like to enable email notifications for every new incident. I've configured an O365 EWS instance successfully, and set server.notification.using.send-mail to use its instance name. For now, I just want all notifications to be sent to a single email address. I noticed there's an option to configure preferences in the user prof...

M.Nayet by L0 Member
  • 482 Views
  • 0 replies
  • 0 Likes

How do I send an alert to XSOAR?

I see the classify, map and playbook logic in XSOAR and I see that a playbook can ask/pull/poll for info *from* and external tool, which might be done through an integration. But is there a way for an external tool to aynchronously *send/push* an *alert* (not incident) to XSOAR and have XSOAR receive the alert in real time? I can send new *inc...

Obtaining Whois Information for a List of IPs

I'm trying to perform whois queries on an array that contains the list of IPs. My understanding is that I can pass the array to the Inputs of the "ip (whois)" script. However, since there are over 1000 IPs, submitting them all at once results in an error. Is there a way to split the array into chunks of 50? I was considering using Transformers...

R.Henmi by L0 Member
  • 806 Views
  • 1 replies
  • 0 Likes

Automating SLA in XSOAR with Reminders and Reset on Updates

Hi team! First of all, thank you very much in advance for your help. I want to add an SLA to an incident in XSOAR so that if the SLA is breached, the incident is automatically closed. In theory, this is straightforward to implement by setting a timer, a task with a tag, and an automation to close the incident, as specified in the videos and ...

F.Otero by L1 Bithead
  • 3592 Views
  • 2 replies
  • 1 Likes

Resolved! XSOAR 8 + Export Data to On-premise for Retention Compliance

Hello all, I have an XSOAR 8.+ tenant and need to store my incidents from up to two years ago. I understand that by default XSOAR retention policy retains incidents based on license etc. Is there a way to export the data that is half a year old to a cold storage on-premise archive and what are the expected egress costs of such an action? Many ...

Customize System Emails

I see there is documentation on customizing system emails: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Administrator-Guide/Customize-System-Emails I'm seeing placeholders such as {{ .username}} and {{ .invName}}. Where is the documentation on available placeholders that can be used?

Automating the regression testing of the Playbook

Hi. I am considering automating the regression testing of the Playbook. For instance, it would be ideal if we could confirm whether the existing paths can still transition smoothly when a user adds one more branch to the ConditionalTask in the Playbook. If anyone has a good idea, I would appreciate it if you could share it. Also, I would like...

MEiunyo1 by L1 Bithead
  • 980 Views
  • 1 replies
  • 0 Likes

Query on the usage of 2 XSOAR's integrations

Hi Team, The customer wants to implement 2 integrations, so they are requesting the TAC support on the usage of 2 integrations. Note: No CS team available. Below are those 2 integrations.1. NCIIPC Threat Intel Feeds via normal API key.2. HPSM (Micro Focus) ticketing tools, while entering the prerequisites information it server URL part it ...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks