Generic playbooks - Developer Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Developer Guide

Product
Cortex XSIAM
Creation date
2023-05-01
Last date published
2024-06-04
Category
Developer Guide
Abstract

Use the out of the box installed Common Playbooks content back for common tasks that are part of many analyst workflows.

The Common Playbooks content pack, installed by default, provides support for common tasks that are part of many analyst workflows. These playbooks can support multiple integrations, and can be used independently or as a sub-playbook for your larger use case.

You can view a full list of the playbooks in the Common Playbooks content pack and their descriptions in the Content tab of the pack.

A few examples of generic playbooks include:

  • Detonate URL - Generic

    Detonates URLs through active integrations that support URL detonation.

  • File Enrichment - File reputation

    Get file reputation using one or more integrations.

  • Get File Sample - Generic

    Retrieves files from endpoints by the file hash or the file path.