Extend Context

Extend context to retrieve specific information from integrations or commands and map to fields. Cortex XSOAR playbooks
There are situations where the data returned by an integration or command is not exactly what you need. For example, when you run the command
!ad-get-user name="sampleName"
, you receive information about the user's dn, email, and more. You may only want the name of the user's manager and you may want to store that information in a specific field.
Cortex XSOAR enables you to do that using the Extend Context feature. Extend Context can be used as in the situation above, or when you want to run a command multiple times and save the output to a different key each time. Using the
command, run the command once to retrieve the user, and once to retrieve the user's manager.
There are situations where an integration is configured to display only some of the information that you retrieved. The information is shown in context-data, but there is more available. For example, when you run a command to retrieve offenses from a SIEM, only some of the information is displayed, per the configuration of the instance. You can use Extend Context to retrieve the additional information and place it in a new field.
By default, when you run a command, either from the command line or as part of a script or playbook, a subset of JSON fields are returned. To display the full JSON response, run the command using the

Recommended For You