Run scripts on an endpoint - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Execute Python scripts from Cortex XSIAM directly on the endpoint to perform actions, retrieve data, and retrieve files.

For enhanced endpoint remediation and endpoint management, you can run Python 3.7 scripts on your endpoints directly from Cortex XSIAM . For commonly used actions, Cortex XSIAM provides out-of-the-box scripts. You can also write and upload your own Python scripts and code snippets into Cortex XSIAM for custom actions. Cortex XSIAM enables you to manage, run, and track the script execution on the endpoints, as well as store and display the execution results per endpoint.

Danger

  • Endpoints running the Agent v7.1 and later. Since the agent uses its built-in capabilities and many available Python modules to execute the scripts, no additional setup is required on the endpoint.

  • Role in the hub with the following permissions to run and configure scripts:

    • Run Standard scripts

    • Run High-risk scripts

    • Script configuration (required to upload a new script, run a snippet, and edit an existing script)

    • Scripts (required to view the Scripts Library and the script execution results)

    Note

    Running snippets requires both Run High-risk scripts and Script configuration permissions. Additionally, all scripts are executed as System User on the endpoint.