Given an incident with three files, how could the name of the second file be referenced?
An administrator wants to run an automation in the War Room to set the incident field "Description" to "Confirmed Phishing". Which command should they enter in the War Room CLI?
Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)
When creating an automation in XSOAR, what is the best way to create a log message?
What are the out-of-the-box aggregate values that can be applied on widgets data?
The XSOAR administrator is writing an automation and would like to return an error entry back into XSOAR if a particular command errors out. How can this be achieved?
After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context.
How can the engineer save the data so it will be accessible?
During the regular maintenance of XSOAR a customer noticed that there was an update available for the Active Directory content pack (current version 1.4.6) and updated the content pack to the latest version (version 1.4.11). However, after the update the customer noticed that the Active Directory Query integration is not working properly and asked you to resolve the issue.
Which of the following set of steps can help to resolve the issue?
An automation returned an output called: csvReport.
What filter would be used to check if the automation returned results?
How would context data be filtered to receive only malicious indicator values with DBotScore?
Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)
Management would like to get an incident report automatically following an incident’s closure. How would this be accomplished?
Reliability scores in XSOAR range from A through F. What do A and F stand for?
An engineer would like to change an incident’s SLA according to the severity field changes. How can the engineer achieve this task?
An incident field is created having the display name as Source_IP. How can the field be accessed?
A Cortex XSOAR Administrator is tasked with building a button for an analyst in order for the analyst to be assigned to the incident as an owner. What is the process?