This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

SlackAskV2 returning answers but did not provide a field in Context Data

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SlackAskV2 returning answers but did not provide a field in Context Data

Go to solution
EDzuhri
L1 Bithead

‎11-10-2022 04:03 AM

Hello,

I am new to using XSOAR and wanted to develop a playbook that sends a confirmation whether the user clicked a phishing link or not. I tried to use SlackAskV2 which did its job by sending a message to either user or channel and returning the given answer back to XSOAR in War Room.

The issue that I encounter is, I don't see any context data being listed in the user response hence unable to use the answer as the next step for conditional tasks.

Can anybody enlighten me on this particular issue? any ideas, suggestions, or alternatives are very much appreciated.

Thanks!

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
sramesh-7
L2 Linker

‎11-14-2022 08:46 AM

Hi, 

 

After the SlackAskV2 task and the manual task which closes one the response is received, use a task with automation commentstocontext with entryid as ${lastCompletedTaskEntries.[0]} and any key you want to store the response , this will add the response to context

View solution in original post

(1)
11 REPLIES 11

Go to solution
sramesh-7
L2 Linker

‎11-14-2022 08:46 AM

Hi, 

 

After the SlackAskV2 task and the manual task which closes one the response is received, use a task with automation commentstocontext with entryid as ${lastCompletedTaskEntries.[0]} and any key you want to store the response , this will add the response to context

(1)

Go to solution
EDzuhri
L1 Bithead
In response to sramesh-7

‎11-14-2022 06:08 PM

Hi Sramesh,

Thank you for your response. I think this could be the solution to my problem. However, could you elaborate on how to postpone the SlackAskV2 task to close only after XSOAR received the answer from Slack (users) so I can accurately transform the answer coming from a user (comment) to Context data?

The reason being is I tried to use the solution you mention above but the SlackAskV2 task closes immediately. Thus, the comment that was added to the Context is the completion comment of the SlackAskV2 task (example: Message sent to Slack successfully. Thread ID is: 1668477714.281879).

 

Many thanks!

0 Likes Likes

Go to solution
EDzuhri
L1 Bithead
In response to EDzuhri

‎11-14-2022 06:18 PM

Hi Sramesh,

Please ignore my follow-up question above. I've found the solution to that using the argument Task in SlackAskV2 which will complete the next task that I crafted to be kept open until a response from the user is received.

Thank you very much for your help!

0 Likes Likes

Go to solution
ialonso
L0 Member
In response to EDzuhri

‎02-27-2023 07:45 AM

Hi EDzuhri, could you give a more detailed example of how you were able to acomplish this?. I've tried everything but I still getting the " Message sent to Slack successfully. Thread ID is: 1668477714.281879" as the output to my new key. It seems like the Task parameter is not working, as it doesn't wait until the response to close the task.

 

Thanks in advance

0 Likes Likes

Go to solution
asawyer
L3 Networker
In response to ialonso

‎03-03-2023 05:15 PM

@ialonso make sure you put a Manual task directly after SlackAskV2, before commentsToContext. That is what pauses the playbook execution until the Slack response is received by XSOAR.

0 Likes Likes

Go to solution
EDzuhri
L1 Bithead

‎03-06-2023 12:41 AM

Plus one on @asawyer answer. It should be something like the attached image below.

EDzuhri_0-1678092049791.png

 

0 Likes Likes

Go to solution
GWynn
L3 Networker

‎08-14-2023 06:25 PM

Hello all, I can't seem to get this working either. I have followed the process but no luck.Also it appears this integration does not return anything to context, so here we are trying for a work-around which appears to have worked for some people. I have attached some screenshots below. The last task, whilst closed, is still error-ing as per screenshot.

GWynn_0-1692062655358.png

GWynn_1-1692062687205.png

 

0 Likes Likes

Go to solution
GWynn
L3 Networker

‎08-14-2023 06:33 PM - edited ‎08-14-2023 08:02 PM

OK update to this, If I answer YES or NO in the manual task it works but just how do I know (without looking at the WarRoom what the answer was??)

0 Likes Likes

Go to solution
asawyer
L3 Networker

‎08-18-2023 03:53 PM

@GWynn you can use a conditional task to take a different path depending on what the answer is. Please watch this video to see how this approach works: https://live.paloaltonetworks.com/t5/cortex-xsoar-how-to-videos/cortex-xsoar-how-to-video-slackaskv2... 

0 Likes Likes

Go to solution
GWynn
L3 Networker
In response to asawyer

‎08-20-2023 05:03 AM

Hello @asawyer thanks for this. I will give it a watch, I have already figured it out I think but this video will also help! Thanks! Geoff

0 Likes Likes

Go to solution
assubramania
L2 Linker

‎10-28-2023 04:34 AM

Hi team,

 

My Slack v3 integration is working in Dev and Prod. They are in the latest version 3.2.4. I couldn't able to edit the message of users in Prod but it is working in Dev. Please someone assist soon.

0 Likes Likes
  • 1 accepted solution
  • 2483 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks