Create a list and add it to your content pack.
After creating a list in Cortex XSIAM, you can download it and add it to your content pack.
In Cortex XSIAM, when viewing a list, click the more options icon (three vertical dots) to Download list.
Add
list-to the beginning of the file name and change the file extension to.json. For example, for a JSON list, rename the filelist-mylistname.json.Edit the file to change the
idfield to be identical to thenamefield. and edit the value in theversionfield to-1to prevent user changes.Your JSON file should include the following:
id: <name of your list> version: -1 name: <name of your list>
Save your list in the lists directory:
Packs/<pack_name>/Lists/.
Note
If you download the list via the demisto-sdk download command, you do not need to change the file extension, as it downloads as mylist.json.
The following is an example of a list-checked_integrations.json file.
{
"allRead": false,
"allReadWrite": false,
"data": "Cylance Protect v2_instance_1,Core REST API_instance_1,Image OCR_default_instance,McAfee ESM v2_instance_1,Microsoft Defender Advanced Threat Protection_instance_2,Rasterize_default_instance,Trend Micro Deep Security_instance_1,Where is the egg?_default_instance,d2,fcm_default_instance,vt,ad-login,ad-query,splunk",
"dbotCreatedBy": "",
"description": "",
"fromVersion": "6.5.0",
"hasRole": false,
"id": "checked integrations",
"itemVersion": "",
"locked": false,
"name": "checked integrations",
"nameLocked": false,
"packID": "",
"previousAllRead": false,
"previousAllReadWrite": false,
"previousRoles": [],
"roles": [],
"system": false,
"tags": null,
"toVersion": "",
"truncated": false,
"type": "plain_text",
"version": -1
}