Push and pull content - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-07
Category
Administrator Guide
Abstract

Push content to a remote repository and control access for pushing content.

Push content from the development tenant

When content you develop in the development tenant is ready to be available as a content update in the production tenant, you must push the changes from the development tenant.

Caution

You should not manually export content from the development tenant to import to the production tenant. Use only the procedures outlined in the documentation to ensure that your content is properly updated in the production tenant.

On each page you can decide whether to include or exclude items, which prevents them from being pushed to production, on a temporary or permanent basis. You can only exclude individual content items, not content packs.

  1. In the development tenant, go to SettingsConfigurationsRemote Repository ContentUser-Defined Content.

  2. Under the Included for Prod tab, search for the items you want to push. The results are displayed in a table according to:

    • NAME

      The name of the content item.

    • TYPE

      The content type, for example playbook, script, alert layout, and alert field.

    • STATUS

      The date the content item was created.

    • MESSAGE

      Additional details about the content item that were added by the content owner.

    • BY

      The content item owner.

  3. Select the items you want to push to production, and click Push to Prod.

  4. If the items have dependencies, review the contents and click Push.

    Sometimes you may not want to push all content, content pack dependencies, etc. For example, when a user makes a change in a playbook that includes a script dependency to which another user is adding a feature, and the change does not require the new feature (version) of the script, you can push the playbook without the new script.

  5. In the dialog box, add an optional message and click Push.

  6. Pull the content into the production tenant.

Pull content into the production tenant

After you push content from the development tenant, the navigation bar in the production tenant will notify Remote Repository Content Available. In case of conflicts, you have the choice whether to keep local content or delete and replace.

  1. If you click Remote Repository Content Available in the navigation bar, the Content update available window opens with a list of content available for installation, including content packs and content items.

  2. Click Check for new content or Install content.

  3. If conflicts appear, click Resolve conflicts.

  4. In the Action column, select one of the following:

    • Skip Keeps the local content in your production environment.

    • Replace: Deletes the local content and installs the content from the content repository.

  5. Click Continue to install the content.