Cortex XSOAR enables you to run system commands, integration commands, scripts, and more, from an integrated CLI.
Cortex XSOAR enables you to run system commands, integration commands, and scripts from an integrated command line interface (CLI), which enables you to make comments in your incident (in plain text or Markdown) and to execute automation scripts, system commands, and integration commands. This gives SOC teams the power to execute automations ad-hoc to support their investigations or make notes as they investigate incidents.
Note
If you are unable to run commands in the CLI, you may not have sufficient user role permissions. Contact your Cortex XSOAR administrator for more details.
In the CLI, you can run various commands, by typing the following:
Action | Description |
---|---|
| Runs integration commands, scripts, and built-in commands, such as adding evidence and assigning an analyst. |
| Runs system commands and operations, such as adding notes and closing an investigation. |
| Sends notifications to administrators, teams, and analysts by tagging users. |
You can find relevant commands, scripts, and arguments with the CLI’s auto-complete feature. This also includes fuzzy searching to help you find relevant commands based on keywords. If you type the exclamation mark (!) and start typing, autocomplete populates with options that might suit your needs. For example, if you want to work with tasks, type !task
, and all commands and scripts that include the task
in their name will display.
The CLI is available throughout Cortex XSOAR, except Marketplace and while editing Playbooks.
Note
You can use the up/down arrow buttons in the CLI to do a reverse history search for previous commands with the same prefix.
You can hide the CLI when it is not needed by clicking on the down arrow to the right of the CLI. You can click the same button to restore the CLI. If you can't see the ^ button, remove the ? Help Center button. To restore the Help Center, click Help (left menu) and click In-App Help Center.
Using special characters
Characters | Description |
---|---|
| To use these characters, place them within single or double quotes. An escape character |
| To use these characters, place them within single or double quotes and use an escape character |
Tip
When writing a query or complex text in the CLI, we strongly recommend enclosing your text with the backtick (`
) character. Text within the backticks does not require you to escape single quotation marks ('
), double quotation marks (''
), or backslashes (\
).