Create a script - Create or edit an out-of-the-box script, including detach and attach and automation settings. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation
Product
Cortex Cloud Application Security > Cortex CLOUD
License
Cloud Runtime Security
Creation date
2024-12-24
Last date published
2026-06-04
Category
Administrator Guide
Abstract

Create or edit an out-of-the-box script, including detach and attach and automation settings.

Creating custom scripts in Cortex Cloud helps meet your organization’s specific needs to automate repetitive tasks, streamline security operations, and make case response more efficient.

  1. Navigate to Investigation & ResponseAutomationScripts and click New Script.

  2. Add an identifying name for the script.

  3. Click Save.

  4. In the Agentic Assistant pane, start a conversation with the Automation Engineer agent to create the script, or manually create the script code and define the script settings.

    For more information, see Use the Automation Engineer agent to accelerate script development and deployment. For details about script settings, see Create a script.Create a script

  5. Save the script version.

  6. (Recommended) Click Test to validate your script.

    1. In the Arguments section, provide values for any inputs your prompt requires. These inputs are used to simulate how the script will behave in a live playbook, or how the script registered as an Action and assigned to an Agent will run as part of an executed plan.

      You can add input values manually.

    2. Click Run.

      The tests are executed in a Playground environment. Review the output generated by the AI to validate the script's behavior and ensure it produces the expected results. The output is typically a text summary or another structured format that you have defined.

      Tip

      If there is an error, you can copy the error message from the test result into the Agentic Assistant prompt and ask the Automation Engineer agent to correct the error.

      In each run result, you can take the following actions:

      Action

      Description

      Mark as note

      Marks the entry as a note, which can help you understand why certain action was taken and assist future decisions.

      When marked as a note, it is highlighted, so you can easily find it in the War Room or the Issue Overview tab.

      View artifact in new tab

      Opens a new tab for the artifact.

      Download artifact

      Downloads the run details to a text file, including the AI task name,, the script name, user name and password, and the result.

      Add tags

      Add any relevant tags to use that help you find relevant information.

  7. (Optional) Click three-dots-dark.png and select Register new Action to register the script as an Action. For more information, see Manage actions.Manage actions

Note

  • You can enable/disable a script in the Settings without having to duplicate the script.

  • You can view recently modified or deleted scripts by clicking the version history for all scripts versionhistory.png.

Basic script settings

Define the relevant Basic script parameters.

Parameter

Description

Name

An identifying name for the script.

Language type

Select the script language type.

Important

If you choose Python, from the Agentic Assistant you can use the Automation Engineer agent.

Description

A meaningful description of the script.

Tags

Predefined script identifiers.

For example, if a script is intended for phishing, tagging it with the phishing tag helps organize, classify, and manage the script among other scripts.

Organizations can also implement policies or restrictions based on tags associated with scripts. For example, they may restrict certain users from accessing or executing a script tagged for phishing.

Enabled

Whether the script is available for playbook tasks and indicator types, or to run in the CLI.

Arguments

You can create, edit, or delete arguments as required.

Parameter

Description

Argument

An identifying name.

Mandatory

Makes the argument mandatory.

Default

Makes the argument the default.

Sensitive

Hides the argument from being displayed in the UI and in logs.

Description

A meaningful description of the argument.

Default

The default value for the argument.

Is array

Specifies that the argument is an array.

List options

A comma-separated list of argument values.

You can create, edit, or delete outputs as required. Define the outputs according to types such as string, number, date, and Boolean. For more information, see Context and Outputs.

Parameter

Description

Context Path

A dot-notation representation of the path to access the Context. For example, ThreatStream.Analysis.ReportID.

Description

A short description of what the context path represents. For example, the ID of the report submitted to the sandbox.

Type

The value type of the context path, such as string, number, and date, enables Cortex Cloud to format the data correctly.

Script permissions

Parameter

Description

Password Protect

Enables you to add a password for the script, which will be required when running the script from the CLI.

Advanced

Parameter

Description

Timeout (seconds)

Time (in seconds) before the script times out. Default is 180.

Docker image name

For Python scripts, this is the name of the Docker image to use for the script.

Cortex Cloud supports the following Python versions:

  • 2.7

  • 3.0 and later

You can change the Docker image.

The default Docker image that Cortex Cloud uses is demisto/python3, but you can use other Docker images.

Run on a separate container

Runs the script on a separate container.

Depends on commands

You can set the commands that the script depends on directly from these settings. You still have the option to set the dependencies in the script YAML file.

Edit existing code or create new code

Modify parameters, logic, or integrations within a script to adapt it to specific use cases, optimize performance, and address evolving security needs without starting from scratch.

The Script Helper provides a list of available alphabetically ordered commands and scripts.