This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Generic Webhook 1.0.28 896436 - Incident Mapping Issue

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Generic Webhook 1.0.28 896436 - Incident Mapping Issue

rlewandowski
L1 Bithead

‎04-08-2024 01:46 PM

I am on Cortex XSOAR V8.5 using the Generic Webhook 1.0.28 896436 integration in conjunction with Microsoft Forms and Power Automate to automatically pull incidents and run playbooks. So far, I've been able to successfully pull incidents, classify them to an incident type, and automatically launch a playbook, but no matter what I do I cannot get the incident mapping to function. Because of this issue I cannot get any useful context to create a playbook as none of the fields I've targeted in incident mapping are being added as labels. I'm not sure why this is an issue since the mapper can see the values I'd like to use in context. Is the integration broken?

Preview file
101 KB
Preview file
24 KB
0 Likes Likes
3 REPLIES 3

gmiguelvall
L1 Bithead

‎04-08-2024 03:42 PM

Hello @rlewandowski.

Thank you for reaching out to us about this topic. We kindly recommend you please take a look at this recommended material about incident mappers.

 

Cortex XSOAR 8 Engineering Training Part 3: Classification and Mapping
https://live.paloaltonetworks.com/t5/cortex-xsoar-how-to-videos/cortex-xsoar-8-engineering-training-...


Classification and Mapping documentation
https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Administrator-Guide/Classific...

0 Likes Likes

rlewandowski
L1 Bithead

‎04-09-2024 12:32 PM

I appreciate the response; however I am familiar with use of classifiers and mappers. The data is available in the mapper when pulling from my integration instance as well as when I upload sample JSON. However, the mapper is not applying to the incident at all when incidents are created.  After additional testing I've seen this occur using both the 'Generic Webhook' integration, as well as using the Cortex XSOAR API itself. In both cases I can configure the mapper properly, but it does not matter. When the incident is created the fields do not get mapped. If no one else has seen this happen, or can verify this, I will open a support case since it could be limited to my cloud instance of Cortex XSOAR v8.5.

0 Likes Likes

MIapicca
L0 Member

‎04-10-2024 12:07 PM

I am also on XSOAR 8.5, and I do not see the options Mappers, Classifiers, or Incident Type.  It seems these options have gone away with version 8, but were there on XSOAR 6.0.

MIapicca_0-1712775867036.png

 

0 Likes Likes
  • 1388 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks