Security Operations

Adding a Timestamp/Date to Custom Report Subject

Hola Livecomm,

I have a very trivial question; I want to define a custom subject for my reports to include the date or timestamp of when it runs. I have researched this extensively and have found the Server Configuration Key for this but it does not

API for Update incident in XSOAR 6

Can anyone share the API for updating an incident in XSOAR 6? 

[Cortex XDR] Are there any How-To video recordered about Windows Event Collector applet for the broker VM?

Dear, 

Following the acquisition of the Pro license for GB to collect Windows logs from domain controllers, I saw documentation regarding the configuration of the Windows Event Collector applet from the Broker VM.

However, I was wondering if there

Broker-VM disconnet alert notification

Hi All,

anyi dea how i can generate an alert when a broker-vm gets disconnected?

Has anyone managed to create a correlation rule that will alert if a Broker-VM gets disconnected from XSIAM?

the xsiam documentation states that 'To help you monito

Cortex XDR- Compromise Assessment

Hi, we recently moved to Cortex XDR, and I’m struggling to run a forensic script (such as AmCache) across 100 endpoints. I need to have all the results automatically combined into a single Excel sheet after the script finishes, similar to how Fidelis

How to sync status updates in ServiceDesk Plus?

I'm currently using ServiceDesk Plus and I would like to sync the status of requests automatically.

Is there a built-in way to configure this behavior, or do I need to use custom scripts?
Any advice or documentation would be really helpful.

Thanks in

Cortex XDR-Agent failed to generate support File - Error 13 - Error 109

Greetings,

when trying to create a Support File via Agent-GUI or CMD on a Windows Client, the Operation either crashes the Agent-Service (GUI) or Outputs the Error shown in attached Screenshot.

- Disk-Space on Client is >100GB

- Connection to Cor

XDR CIE

How is CIE configured in XDR MSSP? Is it only on the parent and then shared to child tenants or can it be configured differently on each of the child tenants?

Cortex XDR Agent 8.8

Hi,

We upgraded the Cortex XDR agent version to 8.8.0.10622 for MS Windows. However, in a few moments, it started detecting Netskope and Tanium as malicious and blocking them.

We have added Netskope and Tanium to the whitelist, but they are still

Installing Cortex Agent on Linux LXD

Hello everyone,

I am looking to install the Cortex Agent on a Linux system within an LXD container. Does anyone have insights or a step-by-step guide on how to install the Cortex Agent in this environment?
Additionally, is Cortex officially supported

Working with Multi-Select Array Field with setParentIncidentFields

Hello all,

I have an array of various IPs, and I want to set them to a case field using the setParentIncidentFields command. When defining the argument of values ${my.ips} only the last value is saved. I have tried join or split but to no success. Ca

Not able to link more than 50 incident into first incident

Hi Team,

I want the know in one incident how many incident we can link using pre-processing rule. Is there is any limitation kindly let us know.

Currently i am not able to link more than 50 incident into one incident.

Cortex XSOAR 

Cortex Broker Mapper scans

We’re experiencing an issue with Cortex brokers related to the network mapper.
When we run network scans using the "ICMP Echo" flag, the scan completes successfully and everything works as expected.

However, when performing a "TCP SYN" scan on the foll

How can i trigger playbook once Indicator has beed added?

Hi,

I need to setup an automatic playbook trigger, when an indicator has added which his type is IP, a specific playbook should run?