Security Operations

Editing custom content via XSOAR UI and local PC

Hello,
in our team we have two groups of engineers - one are developers, who mostly edit code locally via VSCode with combination of demisto-sdk. Second group is creating playbooks, managing integrations, mappers and so on via XSOAR UI.
We are at the b

Automatic Artifact Analysis in Forensic Investigation

I have created and conducted some forensic cases on Cortex XDR, but one thing that has always intrigued me is the "Alert" tab in the Forensic Investigation section. Does this tab contain alerts generated by the automatic artifact analysis feature bas

Role to access va_cves and va_endpoint datasets

Hi,
I need help creating a new role in the console that allows access via API to dump the data from the datasheets va_cves and va_endpoints. Could you help me?
Best regards.

Vulnerability Assessment Cortex XDR

I see there are two datasets regarding vulnerability assessment in Cortex XDR "va_cves" and  "va_endpoints" dataset. What is the difference between these two? Also is there some dataset or anything in Cortex XDR that I can use to find out if a CVE vu

Rare Admin Login in Environment

Hi guys, could anyone help me with the query I'm trying to do. 

I'm looking to build an alert based on the rarity of a login in the environment. For instance, raise an alert if "admin" logged in to a device, but that action hasn't been seen in the dev

XQL removes endpoint CVEs and ALL information

I want to remove all information related to the endpoint "ABC". However, with the following xql query, it only removes cves that are exclusively associated with this endpoint. If a cves is associated with multiple endpoints, the affected_products, af

Is there a way to obtain Cortex XSOAR community edition

Hello All,

I wanted to obtain a copy of Cortex XSOAR community edition for my practice lab as I need to test and deploy playbooks at my work. 
After going through different discussions here I could not find a working method to obtain a copy of Cortex X

Extracting fields from Context/JSON in Playbook

Hello,

I want to use the "GetFailedTasks" built-in automation to take some actions on the failed tasks and playbooks. The challenge i'm facing is parsing off fields from the output of the "GetFailedTasks" in playbook, namely "Task ID" and "Task Name"

Cortex xdr agent certificate

Hi all,

I have some doubts regarding the Cortex XDR agent certificate. I have gone through multiple blogs, which provided some insights, but I am still unable to see the complete picture. Below are the key facts I have gathered so far:

1. New Certifica

Appcrash Windows event log entry for "cyinjct.dll"

Hello,

I'm wondering if anyone ever had this problem. Appcrash event is occurring for "cyinjct.dll":

Host: Windows Server 2019

Cortex Agent version: 8.7.0.7735

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provi

Not able to export custom field in the report

Hello team,

I attempted to export the values of custom SLA fields into a CSV report. When I tried to create the report through the UI, it displayed the timer values, but when I actually generated the report, it only showed the run status (running or

Email confirmation:

Hello Everyone,

When we request the Palo Alto team to review or change the category of an executable that is already been tagged as 'Malware' , why don't we receive an email confirmation from the platform acknowledging the receipt or change of the

No communication method found for form

Hey

I'm getting this error when I try to use Data collection (Task Only)

No communication method found for form "". Task can be completed manually

Has anyone encountered this and can help? 

[Cortex XDR] - I Want to monitor the file creation, modification, removal, etc. under the specified path through the BIOC Rule.

Dear Everyone,

I would like to use the XDR BIOC Rule to block the host from creating, editing, deleting, renaming, etc. files in specific file paths.

I tried to write a BIOC Rule but found that it can't be successfully applied to the Restrictions p