Cortex XSOAR supports the ability to
work with separate repositories for a development environment and
main account. This enables you to develop and test all of your content
in one location, and when it is ready, you push the content to the
main account. In your main account, you pull the content as you
would all other content updates, and push content to your tenants
using selective propagation.
In addition, Cortex XSOAR content updates are only delivered
to the development environment. This enables you to determine which
updates you want to push to the main account.
Working with remote repositories is git-based. Any service
that supports this protocol can be used, for example, GitHub, GitLab,
Bitbucket, etc. In addition, on-premise repositories are also supported.
How it Works
In the main account, the content appears as a content update,
just like any other, and you pull the content from the remote repository
into your working branch.
To work with remote repositories, you must have two separate
Cortex XSOAR environments on two separate machines. The development
environment is used to write the following content:
Automations
Playbooks
Integrations
Classification
Agent tools
Incident fields
Indicator fields
Evidence fields
Incident layouts
Incident types
Pre-processing rules
If you have more than two pre-processing
rules in your Local Changes queue, you must push all of those changes
to the remote repository.
Indicator types
Reports
Dashboards
Widgets
It is not possible to edit these elements on the main account.
You need to configure the remote repository feature both on your development machine and
the main machine.
After you develop your content, if you want it to be available as
part of a content update for the production environment, you must push the changes
to the remote repository. If you experience issues, learn how to troubleshoot remote
repositories.
