Configure and manage long-running integrations to export internal data from Cortex XSOAR.
Some long-running integrations provide internal data via API calls, to your third-party software, such as a firewall. You can set up Cortex XSOAR to allow third-party software to access long-running integrations installed either on the Cortex XSOAR tenant or on an engine.
Important
To ensure reliable and secure communication with Cortex XSOAR, you need to add the following DNS records:
ext-FQDN - The Cortex XSOAR DNS name mapped to the external IP address. For example,
ext-xsoar.mycompany.com
.API-FQDN - The Cortex XSOAR DNS name mapped to the API IP address. For example,
api-xsoar.mycompany.com
.
Rather than adding credentials separately for long-running integration instances, you can set up universal credentials for all long-running integrations.
Long-running integrations provide internal data via API calls such as:
Integration | Description | See More |
---|---|---|
O365 Teams (Using Graph API) | Get authorized access to a user's Teams app in a personal or organization account. | |
Generic Webhook | Creates incidents on event triggers. The trigger can be any query posted to the integration. | |
Generic Export Indicators Service | Use the Generic Export Indicators Service integration to provide an endpoint with a list of indicators as a service for the system indicators. You can set up the tenant to export internal data to an endpoint. NoteThis integration replaces the External Dynamic list integration, which is deprecated. | |
TAXII Server | Provides TAXII Services for system indicators (Outbound feed). | |
TAXII2 Server | Provides TAXII2 Services for system indicators (outbound feed). You can choose to use TAXII v2.0 or TAXII v2.1. | |
XSOAR-Web-Server | Supports handling configurable user responses (like Yes/No/Maybe) and data collection tasks that can be used to fetch key value pairs. | |
PingCastle | Listens for PingCastle XML reports. | |
Publish List | Publishes XSOAR lists for external consumption. | |
Simple API Proxy | Provides a simple API proxy to restrict privileges or minimize the amount of credentials issued at the API. | |
Syslog v2 | Opens incidents automatically from Syslog clients. | |
Web File Repository | Makes your environment ready for testing purpose for your playbooks or automations to download files from a web server. |
Note
When running on the tenant, you can only use long-running integrations provided by Cortex XSOAR, you cannot create custom ones. Custom long-running integrations are supported only on engines at this time.
Configuring custom certificates or private API Keys in the long-running integration instance is supported only on engines, not on the Cortex XSOAR tenant.