Create a sample integration - Developer Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Developer Guide

Product
Cortex XSIAM
Creation date
2023-05-01
Last date published
2024-06-04
Category
Developer Guide
Abstract

Create a sample integration for Cortex XSIAM.

You can develop integrations using the built-in IDE in the Cortex XSIAM UI or using Visual Studio Code with the Visual Studio extension.

In this example, we use the IDE in the Cortex XSIAM UI, which includes access to Script Helper (a library of many common server functions within Cortex XSIAM) as well as a graphical user interface for editing integration settings, commands, and arguments.

CommonServerPython and CommonServerUserPython

The CommonServerPython (CSP) and CommonServerUserPython (CSUP) scripts are implicitly imported at the beginning of every Python script in Cortex XSIAM. CSP is imported first, enabling you to create your own common methods in CSUP to use across scripts and integrations.

Note

CSP and CSUP can’t be attached to integrations you create, so any changes you implement are not available for other users.

Script Helper

In many cases, there is already an existing script for common server functions. With the Script Helper, you can find tools for example to format a table, manipulate data, and post to the War Room. If a function you want to create seems like it could be used in many different scripts, there’s a good chance it already exists in Script Helper. If you do create a new function that you believe would be useful across many scripts, we encourage you to contribute that function to CommonServerPython scripts.

Follow these steps to create an integration from the IDE in the Cortex XSIAM UI.

  1. In Cortex XSIAM, navigate to SettingsData CollectionAutomation & Feed Integrations and click BYOI in the top right corner.

    Note

    If you don’t see this button, it means you don’t have the correct permissions required for creating new integrations. Contact your admin for assistance.

  2. Define integration settings.

  3. Write the integration code.

  4. Test the integration.