Create and edit an automation in Cortex XSOAR, including detach and attach, automation settings, etc.
Automations perform specific actions and are comprised of commands, which are used in playbook tasks and when running commands in the War Room.
In the
page, you can view, edit, and create automations in JavaScript, Python, or Powershell. When creating an automation, you can access all Cortex XSOAR APIs, including access to incidents, investigations, share data to the War Room, etc. Automations can receive and access arguments, and can be password protected.
You can use the Script Helper when creating an automation, which provides a list of available commands and scripts, ordered alphabetically. For more information about the automations used in Cortex XSOAR, see the List of Automations.
Detach and Attach Automations
When installing an automation from a Content Pack, by default, the automation is attached, which means that it is not editable. To edit the automation, you need to either make a copy or detach it.
While the automation is detached, it is not updated by the Content Pack. This may be useful when you want to update the automation without breaking customization. If you want to update the automation type through Content Pack updates, you need to reattach it, but any changes are overridden by the Content Pack on upgrade. If you want to keep the changes, make a copy before reattaching.
Automation Settings
Script settings
you can define the following information:
Basic Settings
An identifying name for the automation.
Select the automation language.
A meaningful description for the automation.
Predefined script identifiers that determine where the automation is available. For example, to use this automation as a pre-processing automation, it must be tagged with the pre-processing tag.
Whether the automation is available for playbook tasks, indicator types, incident types and fields.
Content Pack
The Content Pack for which the automation belongs.
An identifying name.
Makes the argument mandatory.
Makes this argument the default argument for the automation.
Makes the argument case sensitive.
A meaningful description for the argument.
Initial value
The initial default value for the argument.
Is array
Specifies that the argument is an array.
List options
CSV list of argument values.
You can define the outputs according to string, number, date, boolean, etc. For more information, see Context and Outputs. The Important field is for backwards compatibility only for previous Cortex XSOAR versions.
Password Protect
Enables you to add a password for the automation, which will be required when running the script from the CLI
Run as
Determines which role the automation runs as. Select the role from the dropdown list.
The assigned roles determine who can run the automation.
Timeout (seconds)
Time (in seconds) before the automation times out. Default is 180.
Run on
The Cortex XSOAR server or D2 agent.
Docker image name
For Python automation, the name of the Docker image to use to run this automation.
Run on a separate container
Runs the automation on a separate container.
You can set the commands that the automation depends on directly from these settings. You still have the option to set the dependencies in the automation yaml file.

Recommended For You