Configure an integration including creating your own integration
Integrations are mechanisms through which Cortex XSOAR connects and communicates with other products. These integrations can be executed through REST APIs, webhooks, and other techniques. Integrations enable you to orchestrate and automate SOC operations.
Integrations can be one-way or two-way. Two-way integrations allow both systems to interact directly, making it easier to manage security operations across multiple tools.
Integrations installed from a content pack
Integrations are included in content packs which you download and install from Marketplace. After you download and install a content pack that includes an integration, you need to configure the integration by adding an instance. You can have multiple instances of an integration, for example, to connect to different environments. Additionally, if you are an MSSP and have multiple tenants, you could configure a separate instance for each tenant.
Cortex XSOAR comes out-of-the-box with several integrations to help you onboard, such as:
Mail Sender
Sends email notifications to users. By default, this integration is configured to send emails. You can change the main sender by configuring a different mail sender, such as Gmail. For more information, see Configure notifications in Cortex XSOAR.
Generic Export Indicators Service
Provides an endpoint with a list of indicators as a service for the system indicators. For more information about how to set up the integration, see Export indicators using the Generic Export Indicators Integration.
Palo Alto Networks WildFire Reports
Generates a Palo Alto Networks WildFire PDF report. For more information, see Palo Alto Networks WildFire Reports.
Rasterize
Converts URLs, PDF files, and emails to an image file or PDF file. For more information, see Rasterize.
Create an integration
You can create an integration, by adding parameters, commands, arguments, and outputs as well as writing the necessary integration code. You should have a working Cortex XSOAR tenant and programming experience with Python.
To create an integration, on the Instances page, click BYOI.
The Cortex XSOAR IDE and the HelloWorld integration template are loaded by default. For more information about how to create an integration including an example, see Create an Integration.
Configure an integration
On the Instance integration page, after you have either downloaded the integration or created an integration, you can do the following:
Option | Description |
---|---|
Add instance | Configure an integration instance to connect and communicate with other products. For more information, see Add an integration instance. After configuring the instance, you can also enable/disable the integration instance, copy the instance, and view the integration fetch history. |
View Integration's source | View the integration settings and source code. |
Edit integration's source | Edit the integration settings and source code. For more information about editing the integration's source code, see Create an Integration. NoteIf the integration was installed from a content pack you need to duplicate the integration before editing. |
Duplicate integration | If you want to change the source code, and settings, or download the integration, you need to duplicate the integration. |
Delete | Although you can't delete an integration installed from a content pack (unless a duplicate), you can delete an integration instance. |
Download the integration | Download the integration in YAML format. You can also upload an integration. NoteIf the integration was installed from a content pack you need to duplicate the integration before downloading. |
Version History | If the integration is a duplicate or you create your integration, you can see the changes in the integration. |
Contribute to Marketplace | You can send the integration to Palo Alto Networks for review and for it to be added to Marketplace. For more information, see Content pack contributions. |
You can view all the integration changes (the last 100 changes) by clicking the Version History button.