Skip to main content

Getting Started Guide

This guide will provide you with some pointers to jumpstart your development journey. After reading it, you’ll have a great background for creating content for the Cortex XSOAR platform.

If you have trouble with any of these items, please reach out for help over Slack on the #demisto-developers channel or, if you are/want to be a technology partner, also via email.

Before you start developing#

Cortex XSOAR is a powerful platform that comes with a rich set of features and functionality that allow for a high degree of customization: we therefore recommend that you start by familiarizing yourself with the different aspects of the product:

  1. Read and understand Cortex XSOAR Concepts.
  2. Read the FAQ.
  3. Register to the Learning Center and go through the Product Training.
  4. If you plan to publish your content to the XSOAR Marketplace for other customers to use, read about the Contribution process and the different tiers and support levels (partner vs community support, etc.).
  5. Bookmark the links to the Cortex XSOAR Developer Hub (this site) and the Cortex XSOAR Product Documentation Page.
  6. Access the Palo Alto Networks DFIR Slack Community and join the #demisto-developers channel.
  7. Sign up to the Developer Newsletter to receive technical updates on developing and contributing.
  8. Obtain and install a copy of Cortex XSOAR. If you are not a Partner, you can obtain the Community Edition here. Installation instructions are available here.
  9. (only if you are integrating with an external API) Make sure you have API or SDK access to the product or solution you want to integrate with.

Technology Partners#

If you are or want to become a Technology Partner, make sure that you also:

  1. Read the Become a Technology Partner page and follow the steps to sign up and sign the agreements.
  2. Work with the Cortex XSOAR Alliances Team to make sure your use cases have been validated.

Using the right tools#

This site provides guidance and best practices to create production-quality XSOAR content: for those of you who want to take their work to the next level so that it will be published in the XSOAR marketplace and used by several production users worldwide in large SOCs, we offer a full contribution guide to walk you through proper design, development, and documentation: please read it after this article.

If you just want to get started and create content for your own benefit or contribute in a community supported way, there are no such requirements. For more information about the different support levels, check the official documentation.

Check the following summary to determine what tools you should use to create new content, depending on what you want to achieve.

Simplified Flow#

For creating content for local use or contributing community content:

  • You are welcome to work straight through the XSOAR IDE; if you are writing code (i.e. Integrations and Scripts) and prefer to use a more enhanced IDE, check out our Visual Studio Code extension).
  • If you decide to work locally, you can also install demisto-sdk to upload, download and run code on XSOAR directly from your operating system shell.

Full Development Environment#

For contributing XSOAR/Partner supported packs:

  • Full-blown development environment, usually needed for extensive, supported contributions, you will need to set up a full Development Environment.

Modifying Existing Content#

If you just want to fix a bug or enhance an existing Integration, Script, Playbook that is currently part of the Cortex XSOAR content repository, we recommend you to copy and modify it directly in the XSOAR UI. Consider using Visual Studio COde or another IDE/demisto-sdk only when the change is big. When in doubt, ask a question in our Slack Community.

Edit this page
Last updated on
Report an Issue