Content packs - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Download content packs in Marketplace for your use case.

Cortex XSIAM content in Marketplace is organized in packs. Content packs are created by Palo Alto Networks, technology partners, consulting companies, MSSPs, customers, and individual contributors. Content packs may include a variety of different components, such as integrations, scripts, playbooks, and widgets, grouped together to address a specific use case. Content packs are free and can be used by all customers.

Pre-installed content packs

Cortex XSIAM comes with a number of pre-installed content packs that cover many common uses cases. Pre-installed content packs include, but are not limited to:

  • Common Scripts, Common Widgets, Common Playbooks, Common Types, Common Reports, Common Dashboards

    These content packs provide important tools and building blocks you can use to customize your playbooks and workflows in Cortex XSOAR. The Common Scripts content pack, for example, includes scripts that convert file formats, fetch indicators from a file, export context data, send emails, and more.

  • VirusTotal

    Provides integration with the popular Virus Total service to analyze suspicious files, domains, IPs and URLs to detect malware and other security breaches.

  • TIM - Indicator Auto-Processing

    The TIM - Indicator Auto-Processing content pack includes playbooks that automate the processing of indicators for multiple use cases such as tagging, checking for existence in various lists , running enrichment for specific indicators and preparing indicators if necessary for a manual review. The content pack also includes incident types and incident layouts for manual review.

Recommended content packs

In addition, we recommend reviewing if you require the following popular content packs: