Scripts - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-09-17
Category
Administrator Guide
Solution
On-prem
Abstract

Create and edit a script including detaching and attaching and automation settings.

Scripts perform specific automated actions using commands that are used in playbook tasks and in the War Room.

On the Scripts page, you can view, edit, and create scripts in JavaScript, Python, or PowerShell. When creating a script, you can access all Cortex XSOAR APIs, including access to alerts, investigations, share data to the War Room. Scripts can receive and access arguments and can be password protected.

Configure existing scripts

When you developing a script, consider editing an out-of-the-box script to leverage existing functionality and save time and effort. On the Scripts page, use free text in the search box to find an existing script. You can search using part or all of the scripts' names or tags. You can also search for an exact match of the script name by putting quotation marks around the search text. For example, searching for "AddEvidence" returns the script with that name. You can search for more than one exact match by including the logical operator "or" in-between your search texts in quotation marks. For example, searching for "AddEvidence" or "AddKeyToList" returns the two scripts with those names. Wildcards are not supported in free text search.

The Script Helper provides a list of available alphabetically ordered commands and scripts.

Start by exploring the Common Scripts.

Common Scripts

Cortex XSOAR comes out-of-the-box with several common scripts that can be used in playbooks and commands (from the War Room), the majority of which are contained in the Base and Common Scripts content packs.

The Base content pack is a core pack that helps you get started and includes scripts that can be used in other JavaScript, Python, and PowerShell scripts. The Common Scripts content pack includes scripts that are commonly used, such as EmailReputation, RunDockerCommand, and ConvertXMLToJson.

Common Scripts contain code (such as functions and variables) that can be used across scripts and can be embedded when writing your scripts and integrations. Common Scripts are reusable modules or functions that provide additional functionality and capabilities to interact with APIs. Instead of duplicating code across multiple scripts or integrations, developers can create common scripts containing commonly used API interactions, such as authentication, data retrieval, or data manipulation. For example, in the CommonServer script, the tableToMarkdown function takes a JSON and transforms it into markdown. You can call this function from integrations and scripts that you author.

On the Scripts page, you can view/edit common scripts such as:

  • CommonServer

    The CommonServer script contains JavaScript functions and variables that can be can be used when writing your scripts and integrations.

    The script contains nearly 200 functions/variables, such as tabletoMarkdown, closeInvestigation, and SetSeverity.

    You can copy the script and add new functions/variables or add your functions to the CommonUserServer script. You can also use your scripts to override the existing scripts in the CommonServer script.

  • CommonServerPython

    The CommonServerPython script contains Python functions that can be used when writing your scripts and integrations.

    The script contains over 400 functions, such as appendContext, vtCountPositives (which counts the number of detected URLs in the War Room entry), and datetime_to_string, (which converts a DateTime object into a string).

    You can copy the script and add new functions/variables or add your functions to the CommonServerUserPython script. You can also use your scripts to override the existing scripts in the CommonServerPython script.

  • CommonServerPowerShell

    The CommonServerPowerShell script contains PowerShell arguments/functions that can be used when writing your scripts and integrations.

    The script contains many arguments/functions, such as SetIntegrationContext, Write-HostToLog (which writes to the demisto.log), and ReturnOutputs (which returns results to the user more intuitively).

    You can copy the script and add new arguments/functions or add your own to the CommonServerUserPowerShell script. You can also use your scripts to override the existing scripts in the CommonServerPowerShell script.