Agent Tools

Add Agent Tools for Cortex XSOAR agents that make use of automation scripts.
Agents make use of predefined end user generated automation scripts and files. You can extend scripting functionality by deploying forensic agent tools with a Cortex XSOAR Agent.
Agent tools come with a number of out of the box scripts, which can be configured, such as Office365, Active Directory and WinPmem.
You can create your own scripts and files by going to
Agent Tools
+ Add Tool
. The files and scripts must be in zip, tar.gz, tar.bz2, or tar format. For example, you can create the following scripts:
Once deployed, the agent can use the tool (e.g. create a memory dump can be copied to another machine for forensic analysis).
Although you can run PowerShell commands directly from Cortex XSOAR on applications such as Office 365 and Active Directory, if you want to use PowerShell scripts, you need to configure Cortex XSOAR. Use the D2 Agent Script Commands to assist you with script arguments.

Recommended For You