Welcome

Welcome to the Cortex XSOAR Developer Hub! You'll be able find a lot of information on how to develop content in Cortex XSOAR. If you see something missing or have any comments, please let us know by using the Report an issue button at the bottom of each page. We value your contribution and we strive to give you a great developer experience.

About Cortex XSOAR

Cortex XSOAR's security orchestration and automation enables standardized, automated, and coordinated response across your security product stack. Playbooks powered by thousands of security actions make scalable, accelerated incident response a reality. On this site you will learn the ins and out of Cortex XSOAR's development platform so you can begin to create content and integrations.

Developer Documentation

The Cortex XSOAR Developer Hub includes several documentation sections, that cover different use cases. Use the left side-bar navigation to navigate between the different sections and articles. We recommend staring with the Concepts section to learn the core fundamentals to get started developing with Cortex XSOAR. After familiarizing yourself with the different concepts, we recommend following the Getting Started section which will provide you with all the details needed to get your development environment up and running. Follow the Integrations, Playbooks, Incidents, Fields & Layouts sections as appropriate for your development needs.

Concepts

Learn the core fundamentals to get started developing with Cortex XSOAR. This section includes documents that cover many relevant concepts that are useful to understand how Cortex XSOAR works, what components are used for which tasks and how the contribution process works.

Getting Started

Do you want to build a Cortex XSOAR Integration? This section shows you how to get started from setting up your IDE, how to use the PyCharm plugin, how to store content elements in a Pack and how we use Docker to run integrations.

Integrations

As the main connection between Cortex XSOAR and the 3rd-party product, an integration forms the basis for the work you'll be contributing. You'll learn how to fetch incidents from your system in order to create incdients in Cortex XSOAR as well as the details around the integration best practices, logos, YAML files, etc.

Playbooks

Playbooks allow our mutual customers to execute multiple commands against multiple systems in a sequential, repeatable workflow. A playbook is key to showing the value of the joint solution and this section will cover how to create playbooks, using the Context to share variables within your playbooks and how to manage a task.

Incidents, Fields & Layouts

Learn about the incident lifecycle within our platform. And Cortex XSOAR allows customization of many aspects of the system including the layout of data within an incident.

Reference

In the Reference section you will find detailed reference documentation about all the Cortex XSOAR components: Integrations, Scripts, Playbooks, etc. As we add more content, new information will be published here.

Partners

If you are a Palo Alto Networks Technology Partner, or wish to become a Partner, please check out our Partners section of the site.

Last updated on