Generic Webhook 1.0.28 896436 - Incident Mapping Issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Generic Webhook 1.0.28 896436 - Incident Mapping Issue

L1 Bithead

I am on Cortex XSOAR V8.5 using the Generic Webhook 1.0.28 896436 integration in conjunction with Microsoft Forms and Power Automate to automatically pull incidents and run playbooks. So far, I've been able to successfully pull incidents, classify them to an incident type, and automatically launch a playbook, but no matter what I do I cannot get the incident mapping to function. Because of this issue I cannot get any useful context to create a playbook as none of the fields I've targeted in incident mapping are being added as labels. I'm not sure why this is an issue since the mapper can see the values I'd like to use in context. Is the integration broken?

3 REPLIES 3

L1 Bithead

Hello @rlewandowski.

Thank you for reaching out to us about this topic. We kindly recommend you please take a look at this recommended material about incident mappers.

 

Cortex XSOAR 8 Engineering Training Part 3: Classification and Mapping
https://live.paloaltonetworks.com/t5/cortex-xsoar-how-to-videos/cortex-xsoar-8-engineering-training-...


Classification and Mapping documentation
https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Administrator-Guide/Classific...

L1 Bithead

I appreciate the response; however I am familiar with use of classifiers and mappers. The data is available in the mapper when pulling from my integration instance as well as when I upload sample JSON. However, the mapper is not applying to the incident at all when incidents are created.  After additional testing I've seen this occur using both the 'Generic Webhook' integration, as well as using the Cortex XSOAR API itself. In both cases I can configure the mapper properly, but it does not matter. When the incident is created the fields do not get mapped. If no one else has seen this happen, or can verify this, I will open a support case since it could be limited to my cloud instance of Cortex XSOAR v8.5.

L0 Member

I am also on XSOAR 8.5, and I do not see the options Mappers, Classifiers, or Incident Type.  It seems these options have gone away with version 8, but were there on XSOAR 6.0.

MIapicca_0-1712775867036.png

 

  • 1476 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!