Contribution SLA - Developer Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Developer Guide

Product
Cortex XSIAM
Creation date
2023-05-01
Last date published
2024-06-04
Category
Developer Guide
Abstract

An SLA detailing the required services and the expected level of services when contributing content to the Cortex XSIAM Marketplace

You can contribute content to the Cortex XSIAM Marketplace by contributing through a GitHub pull request on the public content repository. For more information, see Contributing content.

A review phase begins with the opening of the GitHub pull request containing your changes or new content.

Cortex XSIAM content team commitments

Once your PR is open, the content team commits to the following time frames:
  1. After the PR is opened, a reviewer is assigned to your PR and publishes the initial response to your submission within five business days.

  2. If you are asked to make changes, you need to make those changes, and add a corresponding message in the pull request. Your reviewer responds within three business days. You might have multiple rounds of fixes. These commitments are the same for each round.

  3. Your reviewer is available for any questions during the review process. You can contact your reviewer via the PR itself or on Slack (DFIR Slack Community).

  4. Once your PR is approved and merged by your reviewer, an internal PR including your changes is opened within an hour. The internal PR allows us to run our internal validity and security checks on your final code. The internal PR is merged within three business days. If during the internal PR phase we discover issues related to the code changes made in the contribution, the contributor may be asked to help resolve them.

  5. Once the internal PR is merged, your changes are published in the Marketplace within three business days.

Contributor commitments

The content team requires contributors to:
  • Provide the content team with as much information as possible about changes made or about new content you have created. Provide this information in the pull request body by filling in the template.

  • Register your contribution by filling out the contribution registration form, and sign the CLA (Contributor License Agreement). The review process does not start until those forms are completed.

    Links to the Contribution registration form and to the CLA appear on your PR:

    contribution-registration-form.png
    failed_CLA.png
  • Provide the content team with a recorded demo session that demonstrates your changes. Add the link to the contribution registration form.

  • Check the status of the build of your PR once it is completed. If the build includes errors, try to solve them. For more information, see the build process.

  • During the review process, monitor your PR. Your reviewer may add comments to the PR, asking questions and requesting changes. To expedite the review process for your contribution, respond to the reviewer's code review and apply the required changes within 14 days. Stale pull requests can be closed.

    Note

    Once your pull request is reviewed, only add or update content items that were requested during the review process. If you have new content items to add, open a new pull request. If you are not sure whether to open a new pull request, consult the reviewer.

  • If your contribution includes changes in an Cortex XSIAM supported content pack, you must conform to the Cortex XSIAM code and documentation standards, and add unit tests and a test-playbook to test your code. For more information see Python code conventionsDocumentationUnit testing, and Test playbooks.

While the content team tries to merge and publish your changes as quickly as possible, the duration of the review process depends on many factors including the level of support of the edited content pack, the number and complexity of changes, and various validations and security tests.