Agent Tools - Administrator Guide - EoL - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-07-16
Category
Administrator Guide
End of Life > EoL
Abstract

Add Agent tools to use automation scripts. Deploy forensic agent tools with a D2 agent or shared agent.

Agents make use of predefined end user generated automation scripts and files. You can extend scripting functionality by deploying forensic agent tools with a Cortex XSOAR Agent.

Agent tools come with a number of out-of-the-box scripts, which can be configured, such as Office365, Active Directory and WinPmem.

You can create your own scripts and files by going to SettingsINTEGRATIONSAgent Tools+ Add Tool. The files and scripts must be in zip, tar.gz, tar.bz2, or tar format. For example, you can create the following scripts:

Once deployed, the agent can use the tool (e.g. create a memory dump can be copied to another machine for forensic analysis).

Although you can run PowerShell commands directly from Cortex XSOAR on applications such as Office 365 and Active Directory, if you want to use PowerShell scripts, you need to configure Cortex XSOAR. Use the D2 Agent Script Commands to assist you with script arguments.