Environment variables setup - Demisto SDK Guide - Cortex - Security Operations

Demisto SDK Guide

Creation date
2023-08-01
Last date published
2024-10-28
Category
Demisto SDK Guide
Abstract

Add environment variables for Cortex XSOAR and Cortex XSIAM.

Some SDK commands require you to interact with the Cortex XSOAR or Cortex XSIAM tenant. Examples include uploading entities and running commands in the CLI. Cortex XSOAR also supports downloading entities from the tenant.

Cortex XSOAR 6.x

For Cortex XSOAR 6.x, you need the URL of your Cortex XSOAR instance as well as an API key.

  1. Generate and copy the API key from SettingsIntegrationsAPI Keys.

  2. Edit the ~/.zshrc and ~/.bash_profile files to add the following parameters:

    export DEMISTO_BASE_URL=<BASE_URL>
    export DEMISTO_API_KEY=<API_KEY>

    For example:

    export DEMISTO_BASE_URL=https://test.server.us.paloaltonetworks.com
    export DEMISTO_API_KEY=XXXXXXXXXXXXXXXXXXXXXX
    

    Note

    Alternatively, you can use an .env file in the root repository with the above variables. If you use an .env file, this overrides the bash_profile file.

    DEMISTO_BASE_URL=<base_url>
    DEMISTO_API_KEY=<api_key>
    

Cortex XSOAR 8 and Cortex XSIAM

For Cortex XSOAR 8 and Cortex XSIAM, you need the base URL, the API key, and the API key ID.

  1. Retrieve the base URL from the Cortex XSIAM or Cortex XSOAR instance by clicking on the Copy URL button located at the top right corner of the page. Do not copy the browser URL.

  2. Verify the API key is set to a Standard security level and has the Instance Administrator or Account Admin role.

  3. Note the ID for the API key, as this will be used as the XSIAM_AUTH_ID.

  4. Edit the ~/.zshrc and ~/.bash_profile files to add the following parameters:

    export DEMISTO_BASE_URL=<BASE_URL>
    export DEMISTO_API_KEY=<API_KEY>
    export XSIAM_AUTH_ID=<THE_XSIAM_AUTH_ID>

    For example:

    export DEMISTO_BASE_URL=https://api-xsiam-server.us.paloaltonetworks.com
    export DEMISTO_API_KEY=XXXXXXXXXXXXXXXXXXXXXX
    export XSIAM_AUTH_ID=1

    Note

    Alternatively, you can use an .env file in the root repository with the above variables. If you use an .env file, this overrides the bash_profile file.

    DEMISTO_BASE_URL=<base_url>
    DEMISTO_API_KEY=<api_key>
    XSIAM_AUTH_ID=1

Note

If the XSIAM_AUTH_ID environment variable is set, SDK commands are configured to work with an XSIAM or XSOAR 8 instance. To then use the Demisto SDK with a Cortex XSOAR 6.x instance, you must delete the XSIAM_AUTH_ID parameter from your environment with the following command: unset XSIAM_AUTH_ID.

Git related environment variables

If the primary git is not master, or the upstream is not named origin, add the following environment variables:

export DEMISTO_DEFAULT_BRANCH = <branch name here>
export DEMISTO_DEFAULT_REMOTE = <upstream name here>