Create and edit a script including detach and attach, automation settings, etc.
Scripts perform specific actions and are comprised of commands, which are used in playbook tasks and when running commands in the War Room.
In the Scripts page ( → ), you can view, edit, and create scripts in JavaScript, Python, or PowerShell. When creating a script, you can access all Cortex XSIAM APIs, including access to alerts, investigations, share data to the War Room, etc. Scripts can receive and access arguments, and can be password protected.
You can use the Script Helper when creating a script, which provides a list of available commands and scripts, ordered alphabetically.
Detach and Attach Scripts
When installing a script from a content pack, by default, the script is attached, which means that it is not editable. To edit the script, you need to either make a copy or detach it.
Note
You can enable/disable the script in the Settings, without having to detach or duplicate the script.
While the script is detached, it is not updated by the content pack. This may be useful when you want to update the script without breaking customization. If you want to update the script through content pack updates, you need to reattach it, but any changes are overridden by the content pack on upgrade. If you want to keep the changes, make a copy before reattaching.
Search for Scripts
In the Scripts page, use free text in the search box to find a script. You can search using part or all of the scripts's name or tag. You can also search for an exact match of the script name by putting quotation marks around the search text. For example, searching for "AddEvidence" returns the script with that name. You can search for more than one exact match by including the logical operator "or" in between your search texts in quotation marks. For example, searching for "AddEvidence" or "AddKeyToList" returns the two scripts with those names. Wildcards are not supported in free text search.
Script Settings
In Script settings dialog box, you can define the following information:
Basic
Parameter | Description |
|---|---|
Name | An identifying name for the script. |
Language type | Select the script language type. |
Description | A meaningful description for the script. |
Tags | Predefined script identifiers that determine where the script is available. For example, to use this script as a phishing script, tag it with the phishing tag. |
Enabled | Whether the script is available for playbook tasks and indicator types. |
Arguments
Parameter | Description |
|---|---|
Argument | An identifying name. |
Description | A meaningful description for the argument. |
Mandatory | Makes the argument mandatory. |
Initial value | The initial default value for the argument. |
Sensitive | Makes the argument case sensitive. |
Is array | Specifies that the argument is an array. |
List options | CSV list of argument values. |
You can define the outputs according to string, number, date, boolean, etc. For more information, see Context and Outputs. The Important field is for legacy compatibility only.
Permissions
Parameter | Description |
|---|---|
Password Protect | Enables you to add a password for the script, which will be required when running the script from the CLI. |
Advanced
Parameter | Description |
|---|---|
Timeout (seconds) | Time (in seconds) before the script times out. Default is 180. |
Docker image name | For Python automation, the name of the Docker image to use to run the script. |
Run on a separate container | Runs the script on a separate container. |