Cortex XSIAM content pack dependencies, errors, and warning messages. Troubleshoot content pack installation.
Before you install a content pack, review the content pack to see what it includes, any dependencies that are required, reviews, etc. When selecting a content pack, you can view the following information:
Details: General information about the content pack including installation, content, version, author, status, etc.
Content: The content to be installed, such as automations, integrations, etc.
Dependencies: Details of any Required Content Packs and Optional Content Packs that may need to be installed with the content pack.
Version History: View the currently installed version, earlier versions, available updates, and revert if required.
After installation, go to the relevant page to view the installed content. For example, to view a playbook, go to → → .
Dependencies
In Cortex XSIAM, some objects are dependent on other objects. For example, a playbook may be dependent on other playbooks, scripts, integrations, and incident fields, etc.
For example, an Alert may be dependent on a playbook, an alert type, and an alerts field. A script may be dependent on another script, an integration, etc.
When you install a content pack, mandatory dependencies including Required Content Packs are added automatically to ensure that it installs correctly.
Some content, while not essential for installation, ensures that the content runs successfully. These dependencies include Optional Content Packs, which can be added or removed in the Cart.
Warning
If you delete a content pack, which depends on other content packs, these content packs may not run correctly. Also, if you roll back to an earlier version of a content pack, other content packs might be affected. For example, if Content Pack A depends on layouts from Content Pack B Version 2, reverting to Content Back B Version 1 could cause Content Pack A to stop working.
Required Content Packs
Required content packs are mandatory content packs, which download automatically with the content pack. These content packs are dependent on the required content pack and without them installation fails.
If a content pack is dependent on one or more content packs, you have to install all of them. For example, if content pack A requires content pack B and content pack B requires content pack C when you install content pack A, all of the other content packs are installed.
Note
You cannot remove the Required Content Packs when installing a content pack.
In the following example, the Impossible Traveler content pack requires:
Active Directory Query v2 and Base content packs (both of which are installed).
Rasterize content pack (which needs to be installed).
Optional Content Packs
Optional Content Packs are used by the content pack you want to install but are not necessary for installation. You can choose which optional content pack to install in the Cart. When you install optional content packs, mandatory dependencies are automatically included.
For example, in the Active Directory Query content pack, there are various optional content packs used by the content pack, such as Microsoft Graph Mail. You can install the content pack without Microsoft Graph Mail if your organization does not need it.
Errors and Warning Messages
You may receive an error message when you try to install a content pack. If you receive an error message, you need to fix the error before installing the content pack. If a warning message is issued, you can still download the content pack, but you should fix the problem otherwise the content may not work correctly.
Error Message Example
In this example, we want to install the Impossible Traveler content pack, but we already have a custom playbook with the same name/ID. When we try to install the content pack, the installation fails.
When clicking view errors, you can see the error. You need to update the existing custom playbook.
Warning Message Example
In this example, we want to update the Common Scripts content pack.
When we try to install, a warning message may be issued about a missing Docker image.
If you click Install Anyway, the pack installs, but you need to add the missing Docker image for the content to run correctly.