Content Dependencies and Propagation - Multi-Tenant Guide - 6.12 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Multi-Tenant Guide

Product
Cortex XSOAR
Version
6.12
Creation date
2023-04-30
Last date published
2023-12-18
Category
Multi-Tenant Guide

To ensure the proper execution of content and overall system stability, content dependencies are propagated to tenants together with parent content, irrespective of their propagation labels. Such dependencies will appear during the sync process even if their propagation labels don’t match that of the tenant, as long as the labels of the parent content do match the tenant’s.

There are multiple layers of dependency relationships in Cortex XSOAR. For example, a classifier might depend on incidents/indicators, which in turn might depend on layouts, which in turn might depend on fields, which in turn might depend on scripts, and so on.

dependencies-flow-new.png

Note

Content dependencies are calculated recursively, so that if, for example, Playbook A uses Playbook B (dependency), which in turn uses Automations C and D (dependencies), all of the dependencies (Playbook B and Automations C and D) will be propagated along with Playbook A.

For a basic example of how content dependencies are propagated, consider the following “Playbook With Dependencies” sample playbook that contains two automations:

  • AddDbotScoreToContext_copy

  • AddEvidence_copy

The automations are dependencies of the playbook, which needs them to execute properly. You can view playbook dependencies under the Propagation Labels field in Playbook Settings.

Note

For other content items, you can view dependencies in the same location in the relevant settings area.

mt-dependencies-playbook.png

The playbook itself has a propagation label of test2, which matches the propagation label of the sample “Dependencies” account that it belongs to.

mt-propagation-account.png

However, the automations contained within the playbook have a propagation label of test1, which differs from that of the playbook.

mt-dependencies-automation.png

Even though the propagation labels of the automations do not match that of the account, they will still be propagated to tenants during the Sync process.

mt-dependencies-sync.png

If there is no relevant propagation tag on your content, for example, a script or playbook, but it is a dependency of a package that you do propagate to a tenant, the unlabeled content is still synced to the tenant.