New User FAQ for Cortex XSOAR.
The following are frequently asked questions for new Cortex XSOAR users.
If you have a full content bundle (.tar.gz file), navigate to Settings & Info → Settings → System → Server Settings and scroll to Custom content. Browse for the file or drag and drop into the Upload custom content box.
You can also import specific content types, such as playbooks, by navigating to that section of Cortex XSOAR and then clicking the upload button in the upper right corner of the page.
Navigate to Settings & Info → Settings → System → Server Settings and scroll to Custom content. Click Export all custom content to download a compressed file containing all of the custom content from your instance.
You can also export individual content items, such as playbooks, by selecting the content item, clicking the triple dot menu in the upper right corner of the page, and clicking the Download button.
Navigate to your username and select Username → User Preferences → Notifications. By default, all notifications are enabled. Deselect the checkboxes for notifications you don’t want to receive.
Configure an integration instance for that chat application. As long as the integration instance implements the
send-notification command, it appears on the Notifications tab.
Dashboards show data from a rolling, relative timeframe from a certain time in the past (for example, 7 days ago) through the present and are shown when you log into Cortex XSOAR. Reports allow you to share similar data outside of Cortex XSOAR via email. Reports can be scheduled to run at a specific time to capture data where the start/end time is important. For example, if management requests a report on the incidents that occurred between 08:00 yesterday and 08:00 today.
The link to the playground appears at the bottom of the My Incidents menu item in the left sidebar. You can also access the shortcut option using
ctrl-alt-k and type
playground or go directly to
Navigate to Marketplace → Installed Content Packs. From the Show dropdown, select Update available. Click the checkbox to select all, then click the Update button.
Cortex XSOAR comes with a powerful search capability that uses the Lucene query syntax. For example, to search playbooks:
Search for the playbook with the exact name “Phishing - Generic v3”:
name:"Phishing - Generic v3"
Search for playbooks where the word “Phishing” appears anywhere in supported system objects:
Search for playbooks where the playbook name contains “Phishing”: