Hi guys, When an Indicator is created, it extracts the existing enrich
playbook data, but if there is one malicious IOC tool here, the
indicator is flagged as malicious. We want to implement a check here to
ensure there are at least two. How can we s...
Hi guys, We have implemented ESX-SIEM integration and are experiencing
performance issues due to receiving too many unknown events. Has anyone
developed a parser for this? Thanks in advance
Hi,We would like to obtain an output detailing what playbooks users are
running on SOAR and the operations they perform. Can we achieve this
using audit logs, or do you have any existing playbooks or similar tools
for this purpose?
Hello, We have a phishing scenario on Exchange and we use local
Exchange. However, in the new scenario, O365 has been added and some
emails are being moved here. In the new environment, some emails are on
Exchange and some on O365. How can we use the...
Hi guys, I am working on a playbook and I need support on something. We
get bulk data from a list, we can think of it as a bulk indicator. I am
enriching with these IPs (abuseIP, virustotal etc) and in the decision
step after reputation, it gives res...
@Himanshu735 @cdurkin_FTNT I'm having problems with the
FSM-WUA-WinLog-Security log again. This time, the log appears cleaner
than the previous one, but the parser is not successful.
