Contributing content - Developer Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Developer Guide

Product
Cortex XSIAM
Creation date
2023-05-01
Last date published
2024-06-04
Category
Developer Guide
Abstract

How to contribute content for Cortex XSIAM.

Contributing enables clients and partners who create new content, or who modify existing content (enhancements, bug fixes, etc.) to share their work with the community by making it publicly available in the Marketplace. Content can be Cortex XSIAM, partner, or community supported.

If you are beginning development, we recommend you first review Getting started. If you have questions or need support with the development or contribution process, contact us via the #demisto-developers slack channel.

Note

This topic is only related to Cortex XSIAM content. For documentation contributions, see Documentation Contributions.

All content is open source and resides in the Cortex XSIAM GitHub Repository, with a MIT license.

Support and Requirements

Contributions can be either officially supported (by Palo Alto Networks or a Technology Partner), or community supported. Officially supported content packs have a stricter quality-control process and provide an email address or website for support. Community supported content packs do not have a support contact. Customers can ask questions about community supported packs on the Live Community

Note

If you contribute content that integrates with one of Palo Alto Networks' products, we require the pack to be supported by Cortex XSIAM. Due to this support requirement, in some cases we may adopt your pack and push it into the Cortex XSIAM development pipeline to be released as Cortex XSIAM supported.

For more information about the different support levels, see the support types documentation.

How to Contribute

Before you begin contributing content, we recommend reviewing the Contribution SLA, which details the requirements for content contributions. After you have created your content, you must submit your content to Palo Alto Networks for review. The Cortex XSIAM content team reviews and approves all content before it becomes available to customers.

To submit your content:

  • Contribute through a GitHub pull request on the public Cortex XSIAM content repository. We recommend using this workflow in the following scenarios:

    • You are a Technology Partner contributing partner supported new content.

    • Your contribution is large and contains many different parts (integrations, scripts, playbooks, layouts, etc.) and is likely to lead to a complex review process.

    • You are proficient with GitHub.

    Note

    We recommend using a GitHub Codespace, which provides you with a pre-configured ready-to-use development environment. This method is still experimental, but makes the contribution, development, and review processes easier. For more information and a step-by-step guide, see Set up a GitHub Codespace environment.

This document describes the main workflow for supported and community contributions, and summarizes everything you must do before and after opening a pull request on GitHub to contribute your pack. These steps are not required if you are contributing community supported content, but we recommend reviewing this document to be aware of best practices.

Contributor Guidelines

Please read the following guidelines carefully. Following these guidelines will provide for a fast, easy, and effective review process for everyone involved. If anything is unclear, please reach out to us via Slack on the #demisto-developers channel.

  1. Start by designing your contribution. Follow the design guidelines to identify exactly what you want to build and to verify it's aligned with our best practices.

  2. Verify that you have met all the requirements for contributions.

  3. Set up a development environment, a preconfigured GitHub Codespace environment, or a containerized development environment.

  4. Follow the content pack structure to build your contribution. Use demisto-sdk init to help create it.

  5. If you are updating an existing content pack, verify it is updated with the latest version available in the Marketplace before proceeding.

  6. Depending on the content entities you need to build, navigate to the specific sections of this website for more details. If you are creating integrations and/or scripts), verify that you:

  7. Create the appropriate content pack documentation.

  8. Follow the documentation best practices.

  9. As you build newer versions of your content pack, document your changes in relevant release notes files.

After completing these steps, you should be ready to submit a pull request.

A working example that summarizes all of the above is the Hello World content pack that you can use as a reference. We also recommend reviewing the Hello World Design Document.

Pull requests

Before opening a pull request

To submit a pull request to the Cortex XSIAM GitHub repository, you need to:

  • Review the file checklist to verify you have included all necessary files.

  • Verify you are working on a GitHub fork of the Cortex XSIAM content repository, and create a branch for your contribution. Do NOT submit changes to the master branch.

    content-new-fork.gif
  • Validate your content. The validation hook runs automatically every time you run git commit. You can also run the validation manually by using demisto-sdk validate. Example: demisto-sdk validate -i Packs/YourPackName. If you get an error that is unclear, ask for help on the #demisto-developers channel on our Slack DFIR Community.

  • If your contribution has integrations or scripts, verify it passes lint checks and unit tests with demisto-sdk lint -i Packs/YourPackName.

  • Create a short video to demo your product and your pack, and provide the link to the video. The video is used by our reviewers to understand what your product does and how the content pack works.

Open a pull request

After you have completed all of the above the requirements and are ready to open your pull request, commit and push your work to the branch you have created in your forked repository. After you push your changes to the remote branch on GitHub, GitHub automatically detects the changes and a green Compare & pull request button appears at the top.

compare_and_pull.png

Click Compare & pull request . When the form opens, update the title and the description, using the pre-existing template, and Create pull request.

For more information about creating a pull request from a fork, see the GitHub documentation.

Note

By default, the pull request is opened from your fork on the branch you created, to the master branch of the base Cortex XSIAM content repository. After a few minutes, the target branch (master) is replaced with a different custom branch. This is intentional and should not be changed.

After opening a pull request

  • Sign the CLA. Every contributor must sign our Contributor License Agreement in order for their contribution to be added to our content. If there are CLA issues, see the FAQ.

  • Fill out the registration form.

  • A contributions team member will begin reviewing your contribution.

  • Monitor your pull request on GitHub. Our content team adds comments to the pull request, asking questions and requesting changes as needed. To proceed with your contribution, you are asked to respond to the reviewer's code review and apply the required changes within 14 days. Stale pull requests may be closed.

  • We may contact you to schedule an interactive demo. You will need a working instance of Cortex XSIAM with your pack fully configured and ready for presentation. Check out our contribution demo page for more details.

Note

As part of the pull request template, you are asked to fill in the contribution registration form. The form must be completed for us to review your contribution.

For more information about pull requests, see Pull request conventions.