Content packs - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-11-28
Category
Administrator Guide
Solution
On-prem
Abstract

Download content packs in Marketplace for your use case.

Cortex XSOAR content in Marketplace is organized in packs. Content packs are created by Palo Alto Networks, technology partners, consulting companies, MSSPs, customers, and individual contributors. Content packs may include a variety of different components, such as integrations, scripts, playbooks, and widgets, grouped together to address a specific use case. Content packs are free and can be used by all customers.

Pre-installed content packs

Cortex XSOAR comes with a number of pre-installed content packs that cover many common uses cases. Pre-installed content packs include, but are not limited to:

  • Common Scripts, Common Widgets, Common Playbooks, Common Types, Common Reports, Common Dashboards

    These content packs provide important tools and building blocks you can use to customize your playbooks and workflows in Cortex XSOAR. The Common Scripts content pack, for example, includes scripts that convert file formats, fetch indicators from a file, export context data, send emails, and more.

  • VirusTotal

    Provides integration with the popular Virus Total service to analyze suspicious files, domains, IPs and URLs to detect malware and other security breaches.

  • TIM - Indicator Auto-Processing

    The TIM - Indicator Auto-Processing content pack includes playbooks that automate the processing of indicators for multiple use cases such as tagging, checking for existence in various lists , running enrichment for specific indicators and preparing indicators if necessary for a manual review. The content pack also includes incident types and incident layouts for manual review.

Recommended content packs

In addition, we recommend reviewing if you require the following popular content packs:

marketplace-usecases.png

Content packs such as the Malware Investigation and Response content pack and the Phishing content pack include a deployment wizard. When you install the content pack, you are prompted to use a wizard, which sets up your use case. The deployment wizard sets up the fetching integration, configures the playbook and parameters, and configures supporting integrations, in a user friendly, step-by-step interface.