About JesusAngel

JesusAngel · ‎01-16-2025

Hello, I set the messages.html.formats.incidentassigned template as follows: <p>{{.username}} has assigned you {{.incTermArticle}} {{.incTermSingular}} {{.invName}}.</p> <ul> <li>{{.incTermCapitalSingular}} Id: #{{.incID}} </li> <li>{{.incTermCapitalSingular}} Name: {{.invName}}</li> <li>{{.incTermCapitalSingular}} SLA: {{.SLA}}</li> <li>{{.incTermCapitalSingular}} Severity: {{.severity}}</li> </ul> <p>Please log in and review.</p> But most of the fields were empty: Regards,

JesusAngel · ‎01-11-2025

Hi everyone, I’m trying to test the email notifications configured in Cortex XSOAR to ensure they include the correct variables (like incident severity, name, and ID). Specifically, I want to verify the notification sent to an analyst when they are assigned an incident. Here are my main questions: Is there a built-in way to send test notifications using the notification templates in XSOAR? Can I send a test email using the !send-mail command? If so, how can I structure it to include variables like {{.severity}} or {{.incident.id}} ? What variables are available to customize notifications, particularly the ones sent when an incident is assigned to an analyst? Is there a reference list or documentation for these variables? I’ve already configured the SMTP Mail Sender integration, and the test from the integration settings works fine. However, I want to simulate a real notification to validate the content and variables in the email. Any guidance on testing notifications and understanding the available variables would be greatly appreciated!

JesusAngel · ‎01-11-2025

Hi, Maybe there is some problem downloading the images? Try this command in the playground: !CheckDockerImageAvailable input=demisto/teams:1.0.0.116912 debug-mode=true trust_any_certificate=yes use_system_proxy=yes Double check XSOAR can connect to the images server. Regards, Jesús Ángel.

JesusAngel · ‎01-07-2025

Hi, I found this command in the QRadar integration: !get-remote-data id=<offense_id> lastUpdate=<yyyymmdd> . This command retrieves only the data that XSOAR fetches from QRadar. After fetching the offense, XSOAR enriches it and adds more contextual information. I need the original data to setup the mapper for QRadar offense to XSOAR fields. I can not use the context data because the mapping is done before the context data is available. Indeed, the mapper does build the context from the QRadar offense fields. Regards,

JesusAngel · ‎12-31-2024

Hi everyone, I’m working on a QRadar integration (v2.5.7) in Cortex XSOAR (v6.12) and need to generate a JSON file for a specific offense to use in several scenarios, such as configuring an incident classifier. For example, in the classifier editor, you can upload a JSON file to analyze the data structure and map the fields correctly. Here’s the situation: When I use the "Pull from instance" option with the QRadar v3 integration, XSOAR loads random incident data instead of the one I want. I want to export the JSON for a specific offense, such as #12 509 Impossible Travel Detected containing Primary Authentication Success . I’ve tried running !js script="return ${.}" in the War Room of the specific incident, but the JSON it returns contains significantly more fields than the one shown in the classifier editor when pulling data from QRadar. I’ve also considered using the command: !get-remote-data id=<offense_id> lastUpdate=<date_str> to fetch the JSON for this specific offense. Is this the right approach to generate the JSON, or is there a better method? Additionally, is it possible to extract the exact JSON used by XSOAR when it pulls data for the incident directly from QRadar, without additional fields or transformations? Thanks in advance for your help!

JesusAngel · ‎12-31-2024

Hello everyone, I’m currently using Cortex XSOAR version 6.12 along with the IBM QRadar content pack version 2.5.7 (1602991). The pack includes two mappers for incoming incidents: QRadar - Generic Incoming Mapper QRadar - Incoming Mapper However, I’ve noticed that the default configuration of both mappers only maps a few fields from the incident data. This raises a couple of questions: Is this limited field mapping the expected behavior for these mappers? Shouldn’t the majority of fields from QRadar be mapped by default so that playbooks can utilize them without additional manual configuration? I’d appreciate any insights on whether this is by design or if there’s something missing in my setup. If this is normal, how do you recommend approaching the process of mapping additional fields efficiently? Thanks in advance for your help!

Member Since	‎12-31-2024 07:37 AM
Date Last Visited	‎01-16-2025 07:24 AM
Posts	6
Total Likes Received	1

Online Status	Offline
Date Last Visited	‎01-16-2025 07:24 AM

About JesusAngel

Re: How to Send a Test Notification Email in Cortex XSOAR and Identify Available Variables?

How to Send a Test Notification Email in Cortex XSOAR and Identify Available Variables?

Re: Unavailable Docker Image while trying to update a content pack?

Re: How to Export JSON of a Specific QRadar Offense for XSOAR Use

How to Export JSON of a Specific QRadar Offense for XSOAR Use

Default Field Mapping in QRadar Content Pack 2.5.7 on XSOAR 6.12

Re: Unavailable Docker Image while trying to update a content pack?

Re: How to Send a Test Notification Email in Cortex XSOAR and Identify Available Variables?

How to Send a Test Notification Email in Cortex XSOAR and Identify Available Variables?

Re: Unavailable Docker Image while trying to update a content pack?

Re: How to Export JSON of a Specific QRadar Offense for XSOAR Use

How to Export JSON of a Specific QRadar Offense for XSOAR Use

Default Field Mapping in QRadar Content Pack 2.5.7 on XSOAR 6.12

Unlock your full community experience!

About JesusAngel