Unclassified incident management: incidents remain in active status

Hi all,

in XSOAR 6.8 I created a custom incident type to automatically handle the closure of unclassified incidents. In 'Incidents Classification Editor' I set this type to 'Direct unclassified events to:'. The type is correctly associated with the

How to Get all Recipients of an email message with EWS O365 Integration Query

Hello,

I am integrating XSOAR with EWS O365, and I am building a phishing PB, that starts with query based on subject of an email, in order to get the item-id of that email message and also the recipients of that email to take action on each of them.

Mass Closure of XSIAM Incidents

Hello team!
I would like to know if there is an option for mass closure of incidents in XSIAM.
I have the following scenario of 2000 open incidents and I would like to perform mass closure of these open cases. Is there any way to do this?

xsoar 8.9 on-prem - scheduled activities stop working

After upgraded from xsoar 8.8 to 8.9 , all content pack that have schduled activities stop triggering.

e.g json sample generator, taxii2 feed integration etc. 

can advice? 

thanks

XSOAR Technical query on HA cluster & license.

Hi Team,

The standard customer having some other technical query.

Below are the details:

1. When installing cluster from the textual UI, it made me choose the region (default US). How do I change the region AFTER cluster installation completed?
2. How do I

Use of Microsoft Graph Security

Hi,

Has anyone used the msg-list-security-incident command from the Microsoft Graph Security integration with an odata query. It is specified in the documentation as an optional parameter, but when I try to use it I get an error stating odata is no

Use of a Certificate in a Script

Hi,

I am wanting to connect to the MicrosoftExchangeOnline (EXO) powershell module in a scrip. I have the module working but to connect to EXO from a script you must use a managed identity with a certificate. It does not support a secret key. I see

How can i trigger playbook once Indicator has beed added?

Hi,

I need to setup an automatic playbook trigger, when an indicator has added which his type is IP, a specific playbook should run?

How to search for multiple attributes with MISPv3 integration

We have not been able to search for multiples values in the XSOAR MISPv3 integration with the command:

I got some tips from the community but it does not seem to work either 

Closing an XSOAR 6 incident via API

How do we close a single incident via API? I have seen batch closing API. I'm not trying to close incidents in batch.

SplunkPy Integration

Hi everyone,
I get data from splunk with the "search index=notable" query using Splunkpy. I assign the incoming data to the type named Splunk Generic Notable by default. Here, when an incident occurs, there are fields such as event_code, process_name

API for Update incident in XSOAR 6

Can anyone share the API for updating an incident in XSOAR 6?