This guide will provide you with some pointers to jumpstart your development journey. After reading it, you’ll have a great background for creating content and integrations for the Cortex XSOAR platform.
Before you start
Cortex XSOAR is a powerful platform that comes with a rich set of features and functionality that allow for a high degree of customization: we therefore recommend that you start by familiarizing yourself with the different aspects of the product:
- Read and understand Cortex XSOAR Concepts.
- Register to the Learning Center and go through the Product Training.
- Understand the Contribution process and the different tiers and support levels (certified vs non certified, partner vs community support, etc.).
- Bookmark the links to the Cortex XSOAR Developer Hub (this site) and the Cortex XSOAR Product Documentation Page.
- Access the Palo Alto Networks DFIR Slack Community and join the #demisto-developers channel.
- Obtain and install a copy of Cortex XSOAR. If you are not a Partner, you can obtain the Community Edition here. Installation instructions are available here.
Other prerequisites (for Integrations and Automations)
If you want to develop more than just Playbooks and you are looking to create Integrations and Automations, you will also need:
- Python (3.7 and above) or Powershell programming experience.
- (for Integrations) API or SDK access to your product or solution you want to integrate with.
If you are a Technology Partner, make sure that you also:
- Read the Become a Technology Partner page and follow the steps to sign up and sign the agreements.
- Work with the Cortex XSOAR Alliances Team to make sure your use cases have been validated.
Please read the following guidelines. Following them will maximize the chances for a fast, easy, and effective review process for everyone involved. If something is not clear, please don't hesitate to reach out to us via Slack on the
- Begin by designing your contribution: we recommend to follow the Design guidelines to identify what you want to build and make sure it is aligned with our best practices.
- Setup a development environment by following the brief Dev Setup Guide or the more detailed Tutorial. Skip this step only if you are an individual contributor and you want to submit community supported content through the Cortex XSOAR UI.
- Review again the Contribution process and Checklist.
- Follow the Content Pack format to build your contribution. demisto-sdk init will help you create it.
- Depending on the content entities you need to build, navigate to the specific section of this website for details. If you are creating Integrations and/or Automations, make sure that you:
- Use the proper Directory Structure. demisto-sdk init will help you create it. If working on existing code, beyond trivial changes, we require converting to this structure as it allows running linting and unit tests and provides a clearer review process.
- Understand the YAML file structure and the Parameter Types.
- Make sure your integration follows our Logo Guidelines.
- Read and follow Python code conventions (recommended) or Powershell code conventions (advanced users only).
- If your integration generates Incidents, follow the Fetch Incidents guidelines.
- Make sure your commands make proper use of the Context, including Context Standards and DBotScore.
- Run and verify that the various linters we support pass as detailed here.
- Make sure to create unit tests as documented here
- Document your integration and automation as detailed here.
- Make sure your Content Pack is properly documented.
- Validate your content: the validation hook should run automatically every time you
git commit. You can also run the validation manually by using demisto-sdk validate.
- As you build newer versions of your Content Pack, document your changes in a relevant release notes file as detailed here.
Note: if you are a technology partner, make sure you have reviewed the use cases with your Cortex XSOAR Alliances Team and that you have a Partner ID to associate your Pull Request to.
This guide doesn't cover all the topics: please browse the left sidebar and use the search bar to find what you need, and reach out for help over Slack on the
#demisto-developers channel when in doubt.