Frequently asked questions - Developer Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Developer Guide
Product
Cortex XSIAM
Creation date
2023-05-01
Last date published
2025-03-06
Category
Developer Guide
Abstract

FAQs for Cortex XSIAM development.

Which IDE should I use?

When it comes to an external IDE, you have multiple options. .

Cortex XSIAM offers a free  Visual Studio Code extension that simplifies/automates tasks such as:

  • Running unit tests

  • Creating a blank integration or automation script

  • Uploading/downloading your integration code to/from Cortex XSIAM

However, if you want to use a different IDE (for example Sublime, vi, emacs), some tasks must be performed manually. To automate them, you can use the Demisto SDK.

You can also write code directly in the Cortex XSIAM, but is not recommended if you want to contribute supported content. Check here for details.

Note

IDEs are used only for writing integrations and scripts, everything else (for example playbooks, dashboards, and layouts) should be developed in the Cortex XSIAM UI.

Once the resource is developed in the Cortex XSIAM UI, you can download it using demisto-sdk download -i "$NAME_OF_RESOURCE" or export it from the UI.

Which software development tools should I use?

While the basics of writing code and changing configuration options can be done in the Cortex XSIAM UI, for complex solutions and supported contributions you'll probably need a combination of both the Cortex XSIAM UI and other tools. See Content development environments for more information.

We recommend using Visual Studio Code with the Cortex XSOAR extension when you want to contribute content to the Marketplace. The Cortex XSOAR extension works with both Cortex XSOAR and Cortex XSIAM.

We recommend using the Cortex XSIAM UI when:

  • Creating Playbooks.

  • Creating non-code entities (everything but integrations and scripts), such as:

    • Alert fields, types and layouts

    • Indicator fields, types and layouts

    • Classifiers and mappers

    • Widgets

    • Dashboards

  • Working on the properties of your integration/script (parameters, commands, arguments, and outputs) in the YAML file - this can also be done using Visual Studio Code extension.

  • Testing the user experience for what you developed.

What programming languages do you support for integrations and scripts?

  • Python

    Python is the preferred development language, since it provides a wider set of capabilities and tools. Cortex XSIAM supports Python 3, and new contributions must be developed in Python 3.7 or later.

  • PowerShell

    Cortex XSIAM supports PowerShell integrations and scripts.

Which operating systems are supported for development?

The recommended OS for development is either macOS or Linux, as Bash and Docker are used in some validation/testing flows.

For Windows, you can either work with a Linux VM or use Windows Subsystem for Linux.

Licensing

The Cortex XSIAM content repository has an MIT License.

Why is CLA is pending even though I signed the agreement?

The CLA should be signed by all branch committers. The CLA bot will let you know the committers who have not yet signed the agreement by marking them with a red X.

xsiam-faq-cla.png

If the missing user appears under one of your commits (can be checked by visiting the Commits tab in the PR), it probably means that one of your commits was done with this user. Try the following:

  1. If you have the credentials for the missing user, try to log in and sign the CLA, then click the recheck button at the bottom of the CLA message.

  2. Try to link your commits: Add the email address of the missing user to your GitHub email settings, then click the recheck button at the bottom of the CLA message.

  3. If the missing user is not a real user or named Root, you need to open a new branch:

    1. In your local environment, manually copy the code you edited (usually you can copy the entire pack) to another location.

    2. Check out the master branch.

    3. Create a new branch.

    4. Paste the code from before into your new branch.

    5. Commit and push your new branch.

    6. Open a new Pull Request for the new branch. 

  4. If the license/CLA status check remains on Pending even though all contributors have accepted the CLA, you can recheck the CLA status by visiting the following link (replace [PRID] with your PR ID):

    https://cla-assistant.io/check/demisto/content?pullRequest=[PRID] 

Important

Don't forget to close the old PR and delete the old branch.

You can find information about troubleshooting commits in the GitHub docs site Troubleshooting Guide.