09-27-2022 09:23 AM
Hello,
XSOAR and XDR are used with mirroring, when an incident is closed from XSOAR it's closed in XDR too. However, the alerts in XDR are not. So an script is needed in XSOAR to close those XDR alerts. How is this is script done? where should be set? How to sync all up?
Thanks
09-27-2022 06:18 PM
Hi @Josep,
The current XDR integration does not have a command to update alerts. I would suggest raising a Feature Request at https://xsoar.ideas.aha.io/ideas. You can also write the additional API call yourself if required, refer https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/incident-manageme...
Once you have the API call and the command added to the integration, you can configure a post-processing script to run when the XSOAR incident is closed. This script can be configured to close all related XDR alerts.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
