Cortex XSOAR Tips & Tricks – Leveraging dynamic sections – number widgets

Introduction Cortex XSOAR is a security oriented automation platform, and one of the areas where it stands out is customization. A recurring problem in a SOC is data visualization, analysts can be swarmed with information, and finding out what piece of data is currently both relevant and significant can become hard. One of our tasks … Continue reading Cortex XSOAR Tips & Tricks – Leveraging dynamic sections – number widgets →

Cortex XSOAR Tips & Tricks – Leveraging dynamic sections – text

Introduction Cortex XSOAR is a security oriented automation platform, and one of the areas where it stands out is customization. A recurring problem in a SOC (Security Operation Center) is data availability. As a SOC Analyst, doing a thorough analysis of a security incident requires having access to many pieces of information in order to … Continue reading Cortex XSOAR Tips & Tricks – Leveraging dynamic sections – text →

Cortex XSOAR Tips & Tricks – Dealing with dates

Introduction As an automation platform, Cortex XSOAR fetches data that represents events set at defined moments in time. That metadata is stored within Incidents, will be queried from various systems, and may undergo conversions as it is moves from machines to humans. With its various integrations, Cortex XSOAR ingests datetimes from sources that use different … Continue reading Cortex XSOAR Tips & Tricks – Dealing with dates →

Cortex XSOAR Tips & Tricks – Creating indicator relationships in integrations

Introduction When a Threat Intelligence Management (TIM) license is present in your Cortex XSOAR environment, the feature to create relationships between indicators is available. This allows you to describe how indicators relate to each other and use this relationship in your automated analysis of a security incident. In the previous blog post in this series, … Continue reading Cortex XSOAR Tips & Tricks – Creating indicator relationships in integrations →

Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations

Introduction In Cortex XSOAR, indicators are a key part of the platform as they visualize the Indicators Of Compromise (IOC) of a security alert in the incident to the SOC analyst and can be used in automated analysis workflows to determine the incident outcome. If you have a Cortex XSOAR Threat Intelligence Management (TIM) license, … Continue reading Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations →

Cortex XSOAR Tips & Tricks – Discovering undocumented API endpoints

Introduction When you use the Cortex XSOAR API in your automations, playbooks or custom scripts, the first place you will start is the API documentation to see which API endpoints are available. But what if you cannot find an API Endpoint for the task you want to automate in the documentation? In this blog post … Continue reading Cortex XSOAR Tips & Tricks – Discovering undocumented API endpoints →