Create or edit an out-of-the-box script, including detach and attach and automation settings.
Developing scripts in Cortex XSIAM helps to automate repetitive tasks, streamline security operations, and make incident response more efficient. Customizing scripts can improve threat detection, mitigation, and remediation processes specific to your organization's needs.
Rather than creating a script from scratch, you can edit existing scripts. If the script was installed from a content pack, by default, the script is attached, which means that it is not editable. To edit the script, you need to either make a copy or detach it. While the script is detached, it is not updated by the content pack. This may be useful when you want to update the script without breaking customization. If you want to update the script through content pack updates, you need to reattach it, but any changes are overridden by the content pack on upgrade. If you want to keep the changes, make a copy before reattaching.
Note
You can enable/disable a script in the Settings, without having to detach or duplicate the script.
You can view recently modified or deleted scripts by clicking version history for all scripts .
Select
→ → → .Add an identifying name for the script.
Save the script.