Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About Jeff.McGurk
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About Jeff.McGurk
Monday
2Posts
2Likes
1Solution
Nov 29, 2021Last Visited
User
Activity
User
Profile
Latest posts by Jeff.McGurk
| Subject | Views | Posted |
|---|---|---|
| 126 | Monday | |
| 213 | 2 weeks ago |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 2 Likes | Monday |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 12-11-2020 07:21 AM |
| Date Last Visited | Monday |
| Posts | 2 |
| Total Likes Received | 2 |
Monday
2 Kudos
I received an answer from my resident engineer. The QRadarFullSearch sub-playbook that I'm calling can be set up with a built-in loop to check for the presence of results. After the playbook finishes (meaning the search has completed) it can be repeated if no results were found, with X number of seconds between runs and up to N number of retries. I've only ever used the 'for-each input' loop criterion...I didn't realize you could make it so much smarter! I continue to be amazed every day at the things XSOAR can do.
... View more
2 weeks ago
I'd like to take the generic polling concept and make it a little more specific, but I'm coming up short. I'm doing a QRadar search (although I suspect Splunk or anything else would be very similar.) The QRadarFullSearch playbook will poll and wait for the search to finish, and that has worked great so far for what it is. But the search can finish while not actually finding anything. Can I somehow set some loops and polling to do the search, check for results, and then kick off a new search if no results were found? I would still like to use the timeout value so I'm not creating an infinite loop situation.
... View more
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
