Skip to main content

XSOAR-Web-Server

This Integration is part of the Xsoar-web-server Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This is a simple web-server that as of now, supports handling configurable user responses (like Yes/No/Maybe) and data collection tasks that can be used to fetch key value pairs. What makes it different from Data collection tasks is that the URL to perform a certain action is predictable and written to the incident context when an action is setup. This URL can be inserted to for example: an HTML email. User clicks are recorded in the integration context and can be polled by Scheduled Commands/ Generic Polling. This integration was integrated and tested with version 1.0 of XSOAR-Web-Server

Configure XSOAR-Web-Server on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for XSOAR-Web-Server.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Incident typeFalse
    Long running instanceFalse
    Server Listening PortRuns the service on this port from within Cortex XSOAR. Requires a unique port for each long-running integration instance. Do not use the same port for multiple instances. Note: If you click the test button more than once, a failure may occur mistakenly indicating that the port is already in use. (For Cortex XSOAR 8 and Cortex XSIAM) If using an engine, you must enter a Listen Port. If not using an engine, do not enter a Listen Port and an unused port will automatically be generated when the instance is saved.True
    XSOAR external URLThe URL on which the user should send the response to.True
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

xsoar-ws-setup-simple-action#


setup the web server to handle URL clicks for each action specified from single or multiple recipients

Base Command#

xsoar-ws-setup-simple-action

Input#

Argument NameDescriptionRequired
actionsComma-separated possible values for each action. Mandatory for get requests.Required
emailaddressesComma-separated email addresses of the recipients.Required
userstringUser defined string that has to be set from the playbook. This is used to differentiate between multiple jobs running on the same incident.Required
htmltemplateTemplate to construct the HTML mail.
xsoarproxyUsed to specify what endpoint to submit the responses. If set to false, the HTML template will have the endpoint containing the custom port. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
WS-ActionDetailsunknownThe current status of the action's configuration details.
WS-ActionDetails.job_uuidunknownSubset of action details, added for ease of configuration in playbooks.

xsoar-ws-clear-cache#


Clear the backend storage containing all session information.

Base Command#

xsoar-ws-clear-cache

Input#

Argument NameDescriptionRequired

Context Output#

There is no context output for this command.

xsoar-ws-show-cache#


Show the details of all the setup actions from the backend.

Base Command#

xsoar-ws-show-cache

Input#

Argument NameDescriptionRequired

Context Output#

There is no context output for this command.

xsoar-ws-remove-action#


Remove a certain job from the backend.

Base Command#

xsoar-ws-remove-action

Input#

Argument NameDescriptionRequired
uuidJob's UUID.Required

Context Output#

There is no context output for this command.

xsoar-ws-get-action-status#


Gets the current status of an action that was setup. Used to track if the user responded to the action.

Base Command#

xsoar-ws-get-action-status

Input#

Argument NameDescriptionRequired
uuidJob's UUID.Required

Context Output#

PathTypeDescription
WS-ActionStatusunknownThe current status of the action with some configuration data. Is used for polling the status.
WS-ActionStatus.link_trackerunknownSubset of action status. Tracked here to make it easier for configuring playbooks.

xsoar-ws-set-job-complete#


Set a job to complete. Usually called from the automation that is polling the result.

Base Command#

xsoar-ws-set-job-complete

Input#

Argument NameDescriptionRequired
uuidJob's uuid.Required

Context Output#

There is no context output for this command.

xsoar-ws-setup-form-submission#


Setup a form submission job that can take multiple values from multiple users.

Base Command#

xsoar-ws-setup-form-submission

Input#

Argument NameDescriptionRequired
emailaddressesComma-separated email addresses of the recipients.Required
userstringOptional user string that can be set from the playbook. Can be used to differentiate between multiple jobs running on the same incident.Optional
htmltemplateThe template to build the email content.Required
xsoarproxyUsed to specify what endpoint to submit the responses. If set to false, the HTML template will have the endpoint containing the custom port. Default is true.Optional

Context Output#

There is no context output for this command.