Configure Cortex XSOAR to Use PowerShell

Follow these instructions to configure Cortex XSOAR to use PowerShell for D2 agents and shared agents.
You can run PowerShell commands directly from Cortex XSOAR, such as Office 365. If you want to use PowerShell, you need to configure Cortex XSOAR.
Relevant for both D2 agents and shared agents.
  1. Create the PowerShell script you want to run.
    In this example, we have created a PowerShell script, called
    printarg
    to print an argument.
    param([string]$myarg = "") Write-Host "This is my argument: " $myarg
    1. Zip up the file. In this example, we will call the file
      script
      .
  2. Upload the zip file you created in step 1.
    1. Select
      Settings
      Integrations
      Agent Tools
      Add Tool
    2. Add the file.
      You can see the script file contains the PowerShell script.
  3. Create an automation that runs the PowerShell script.
    1. Go to the
      Automation
      page and upload the script.
      In this example we have created an automation called D2PowerShellEx.
      Important to note:
      command.push("powershell.exe")
      : Runs the PowerShell.
      command.push("'" + which("printorg.ps1") + "'")
      : The absolute path of the executable script.
      //+ script/printorg.ps1
      : Annotation that tells the agent which tools to send to the Windows machine. The name of the zip file (
      script
      ) and the script name (
      printarg.ps1
      ).
      For more information about the commands, see D2 Agent Script Commands.
    2. Click Save.
  4. Run the automation in the War Room.
    To run the automation, you need to install either a D2 Agent or a Shared Agent
    For example, type
    !D2PowerShellEx myarg='success' using=sharedagent-demo

Recommended For You