Common scripts to use in other scripts - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-11-04
Category
Administrator Guide
Abstract

Common server scripts available to use in automations. script automation integrations

Cortex XSIAM comes out-of-the-box with a number of common scripts, which can be used in playbooks and commands (from the War Room), the majority of which are contained in the Base and Common Scripts content packs.

The Common Scripts content pack includes scripts that are commonly used, such as EmailReputation, RunDockerCommand, ConvertXMLToJson, etc.

The Base content pack is a core pack, which helps you get started and includes various scripts including the common scripts, which can be used in other Java Script, Python and PowerShell scripts.

Common Scripts

Common scripts contain common code (functions, variables, etc.) that can be used across scripts and can be embedded when writing your own scripts and integrations. They are used to enhance the API in other scripts and integrations. For example, the tableToMarkdown function in the CommonServer script takes a JSON and transforms it to markdown. You can call this function from integrations and scripts that you author.

In the Scripts page you can view/edit the following common scripts:

  • CommonServer

    The Common Server script contains Java Script functions and variables that can be in other scripts when writing your own scripts and integrations.

    The script contains nearly 200 functions/variables , such as tabletoMarkdown, closeInvestigation, SetSeverity, etc.

    You can copy the script and add new functions/variables or add your own functions to the CommonUserServer script. You can also use this script to override the existing scripts in the CommonServer script.

  • CommonServerPython

    The CommonServerPython script contains Python functions that can be in other scripts when writing your own scripts and integrations.

    The script contains over 400 functions, such as appendContext, vtCountPositives (which counts the number of detected URLs in the War Room entry), datetime_to_string, (which converts a DateTime object into a string), etc.

    You can copy the script and add new functions/variables or add your own functions to the CommonServerUserPython script. You can also use this script to override the existing scripts in the CommonServerPython script.

  • CommonServerPowerShell

    The CommonServerPowerShell script contains PowerShell arguments/functions that can be in other scripts when writing your own scripts and integrations.

    The script contains many arguments/functions, etc such as SetIntegrationContext, Write-HostToLog (which writes to the demisto.log), ReturnOutputs (which returns results to the user more intuitively), etc.

    You can copy the script and add new arguments/functions or add your own to the CommonServerUserPowerShell script. You can also use this script to override the existing scripts in the CommonServerPowerShell script.