Skip to main content

Articles

In this section you can find useful Articles about Cortex XSOAR Content.

NameDescription
Add Indicators to SIEMThis article walks you through setting up a playbook to take indicators from a threat intel feed, enrich the indicators, and push them to your SIEM.
AWS Integrations - AuthenticationOverview of authentication methods for AWS Integrations in Cortex XSOAR.
Configure Server and Integrations to Trust Custom CertificatesSetup the Server and JS/Native Integrations to Trust Custom Certificates.
Creating Custom SlackAsk BlocksSlack Blocks require some additional details to work properly with SlackAsk.
Demisto Add-on for SplunkSplunk add-on for Cortex XSOAR. This add-on enables you to push incidents from Splunk into Cortex XSOAR, according to configurable trigger parameters.
Deprecated Content ItemsSupport dates and End of Life notices for Deprecated content items (Integrations, Scripts, Playbooks).
Deprecating content items/packs and hide packs processesReview content items/packs deprecation and hidden packs processes.
Digital Forensics Content RoundupArticle listing all Cortex XSOAR content that is currently available to support digital forensic analysis and investigations.
Download Content Packs and Docker Images OfflineThe download_packs_and_docker_images script enables you to download content packs and Docker images to your computer when working offline.
EWS V2 TroubleshootingThe following provides EWS V2 troubleshooting steps to perform before contacting Cortex XSOAR customer support for help.
Export Indicators to a 3rd-partyWalk through of the configuration of the Export Indicators Service to export indicators with a bad or suspicious reputation coming from a specific Threat Intel Management (TIM) feed to Splunk.
Identity Lifecycle Management (ILM)This Identity Lifecycle Management (ILM) pack automates user provisioning by performing management operations like creating, updating, enabling or disabling users in applications used by the organization.
Invoking Long Running HTTP Integrations via Server's HTTPS endpointExplains how to set up long running integrations which expose an HTTP endpoint so they can be accessed via the Cortex XSOAR's HTTPS endpoint.
Managing CredentialsCredentials simplify and compartmentalize admin tasks, and enable you to save credentials without exposing usernames, passwords, or certificates.
Microsoft Azure and O365 Integrations OverviewThe following maps all of Microsoft integrations and their use cases. it also emphasizes the differences between similar integrations.
Microsoft Integrations - AuthenticationAuthentication method for Microsoft Graph and Azure integrations in Cortex XSOAR.
Migrating MineMeld to Cortex XSOARHow to implement the functionality of MineMeld nodes in Cortex XSOAR using a series of integrations.
OProxyService for OAuth2 authentication with 3rd party vendors.
Palo Alto Networks Integrations OverviewThe following maps the Palo Alto Networks Integrations and their use cases.
Powershell Remoting - ConfigurationOverview of how to configure your Windows environment and XSOAR for the PowerShell Remoting integration.
Processing Google Form Responses via a WebhookConnecting Google Forms with Cortex XSOAR.
Processing Microsoft Form Responses via a WebhookConnecting Microsoft Forms with Cortex XSOAR.
Set up Google Maps in Cortex XSOAR to use map automationsHow to set up Google Maps in Cortex XSOAR to use map automations.
System Diagnostics and Health CheckThe System Diagnostics and Health Check pack automatically reviews the current server and content for issues and best practices. The pack enables you to identify potential issues and remediate them before they escalate.
The Default PackOverview of the Default pack in Cortex XSOAR.
Troubleshooting GuideCommon troubleshooting steps for automations and integrations.
XSIAM Alert handling PlaybooksThe XSIAM alerts handling playbooks included in this pack help you respond to Cortex XDR alerts in a timely manner. The playbooks are based on the MITRE ATT&CK tactics and techniques and the NIST framework Computer Security Incident Handling Guide.