Content Dependencies and Propagation - Multi-Tenant Guide - 8 - Cortex XSOAR - Cortex - Security Operations

To ensure the proper execution of content and overall system stability, content dependencies are propagated to child tenants together with parent content, irrespective of their propagation labels. Such dependencies appear during the sync process even if their propagation labels don’t match that of the tenant, as long as the labels of the parent content do match the tenants.

There are multiple layers of dependency relationships in Cortex XSOAR. For example, a classifier might depend on incidents/indicators, which in turn might depend on layouts, which in turn might depend on fields, which in turn might depend on scripts, and so on.

For a basic example of how content dependencies are propagated, consider the Access Investigation - Generic playbook that contains six scripts.

The scripts are dependencies of the playbook, which needs them to execute properly. You can view playbook dependencies under the Propagation Labels field in the playbook Settings.

The playbook itself has a propagation label of test2, which matches the propagation label of the sample “Dependencies” tenant that it belongs to.

However, the scripts contained within the playbook have a propagation label of test1, which differs from that of the playbook.

Even though the propagation labels of the scripts do not match that of the tenant, they are still be propagated to tenants during the Sync process.

If there is no relevant propagation tag on your content, for example, a script or playbook, but it is a dependency of a package that you do propagate to a tenant, the unlabeled content is still synced to the tenant.