What is a list? - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-03-27
Category
Administrator Guide
Abstract

Create and manage lists in Cortex XSIAM.

A list is a data container for storing data and is mainly used in playbooks and scripts but can be accessed anywhere the context button appears (double-curly brackets). For example, in a playbook task, access the data in a list via the context button under Lists, or by using the path ${lists.<list_name>}. Different types of data can be stored in a list, for example, text, string, numbers, Markdown, HTML, CSS, and JSON objects.  

Note

The maximum size of a list is 209715 characters.

Use cases

The following are use cases for lists: 

  • Defining HTML templates: An HTML template can be defined as part of a communication task.

  • Organizing Network Security: Use lists to keep track of internal networks and IP addresses. Compare them to a set list to ensure only allowed connections get through.

  • Store Data Objects: For example, a list of URLs, which you can call as an input for scripts and playbooks.

  • Prioritizing Incident Response: Create lists to identify critical assets like important users or servers. This helps manage incidents better by focusing on the most important things first.