Getting Started Guide

This guide will provide you with some pointers to jumpstart your development journey. After reading it, you’ll have a great background for creating content and integrations for the Cortex XSOAR platform.

If you have trouble with any of these items, please reach out for help in over Slack on the #demisto-developers channel or via email.

Before you start

Cortex XSOAR is a powerful platform that comes with a rich set of features and functionality that allow for a high degree of customization: we therefore recommend that start by familiarizing the different aspects of the product:

  1. Read and understand Cortex XSOAR Concepts.
  2. Register to the Learning Center and go through the Product Training.
  3. Understand the Contribution process and the different tiers and support levels (certified vs non certified, partner vs community support, etc.)
  4. Bookmark the links to the Cortex XSOAR Developer Hub (this site) and the Cortex XSOAR Product Documentation Page
  5. Access to the Palo Alto Networks DFIR Slack Community and join the #demisto-developers channel
  6. Obtain and install copy of Cortex XSOAR. If you are not a Partner, you can obtain the Community Edition [here](https://start.paloaltonetworks.com/sign-up-for-demisto-free-edition. Installation instructions are available here.

Other prerequisites (for Integrations and Automations)

If you want to develop more than just Playbooks and you are looking at creating Integrations and Automations, you will also need:

  1. Python (3.7 and above) or Powershell programming experience.
  2. (for Integrations) API or SDK access to your product or solution you want to integrate with.

Technology Partners

If you are a Technology Partner, make sure that you also:

  1. Read the Become a Technology Partner page follow the steps to sign up and sign the agreements.
  2. Work with the Cortex XSOAR Alliances Team to make sure your use cases has been validated.

Development Guidelines

Please read the following guidelines. Following them will maximize the chances for a fast, easy and effective review process for everyone involved. If something is not clear, please don't hesitate to reach out to us via Slack on the #demisto-developers channel.

  1. Begin by designing your contribution: we recommend to follow the Design guidelines to identify what you want to build and make sure it is aligned to our best practices.
  2. Setup a development environment by following the brief Dev Setup Guide or the more detailed Tutorial. Skip this step only if you are an individual contributore and you want to submit community supported content through the Cortex XSOAR UI.
  3. Review again the Contribution process and Checklist.
  4. Follow the Content Pack format to build your contribution. demisto-sdk init will help you create it.
  5. Depending on the content entities you need to build, navigate the specific section of this website for details. If you are creating Integrations and/or Automations, make sure that you:
  6. Make sure your Content Pack is properly documented.
  7. Validate your content: the validation hook should run automatically every time you git commit. You can also run the validation manually by using demisto-sdk validate
  8. As you build newer versions of your Content Pack, document your changes in a relevant release notes file as detailed here.

At this point you should be ready to submit a Pull Request! Check out our Contributing Checklist, and for more details on the review process, refer to our Contributing page on GitHub.

Note: if you are a technology partner, make sure you have reviewed the use cases with your Cortex XSOAR Alliances Team and that you have a Partner ID to associate your Pull Request to.

A good working example that summarizes all of the above is the Hello World Content Pack that you can use as a reference. Check out also the Hello World Design Document.

This guide doesn't cover all the topics: please browse the left sidebar and use the search bar to find what you need, and reach out for help over Slack on the #demisto-developers channel when in doubt.

Last updated on