Cortex Marketplace - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Search the Cortex Marketplace and find content. Search by use cases, integrations, and categories.

Marketplace enables you to:

  • Leverage content from the largest SOAR community: Continuously extend Cortex XSIAM with proven use cases contributed by SecOps users and SOAR partners.

  • Discover top-rated, validated content: Identify the content offerings recommended by your peers and validated by the world’s leading cybersecurity company. Discover how to increase automation with the tools that you already have.

  • Solve your toughest security use cases: Deploy turnkey security workflows that span integrations, playbooks, dashboard layouts, and reports with a single click.

Marketplace enables you to build a strong community with other security professionals by exchanging content. You can explore the latest trends from Cortex XSIAM and other contributors and test drive use cases all within your Cortex XSIAM platform.

Cortex XSIAM supports free content packs, which are either Cortex XSIAM partner, or developer-supported packs. You can restrict a user role from managing content packs in Marketplace when defining/editing user roles.

In Marketplace, you can browse all content packs (including installed content), or view only installed content packs.

You can search for content packs by entering text in the search bar and selecting the relevant content pack from the search results.

You can sort content packs by latest update, best match, recommended, number of downloads, and filter according to the following criteria:

  • Use cases: Filter according to high-level use cases, such as Phishing, Malware, Ransomware, Access.

  • Integrations: Filter according to the integration included in the content pack.

  • Categories: Filter according to content pack categories, such as Messaging, and Forensics & Malware Analysis

  • Published: Filter according to whether published by Cortex XSIAM or by Cortex XSIAM technology partners.

  • General:

    • Certified: Created and supported by a user and certified by Cortex XSIAM. Cortex XSIAM has tested the content to ensure that it meets standards and works correctly.

    • Support: Supported by either Cortex XSIAM or a partner-supported content pack.

    • Uses my integrations: Content packs that use integrations that you have added instances for (whether or not they are enabled).

  • Content Pack Includes: Filter according to the content of the content pack, such as scripts, Integrations, and Playbooks.

  • Tags: Filter according to tags, such as Alerts, Network, and Security.

  • Types: Filter according to Collection or TIM.

When clicking a content pack you can view detailed information including content that it installs (such as scripts and playbooks, and indicator fields), dependencies (what content packs are required or optional) and version history (including whether you want to roll back to earlier versions).