Create and edit an automation in Cortex XSOAR, including detach and attach, automation settings, etc.
Automations perform specific actions and are comprised of commands, which are used in playbook tasks and when running commands in the War Room.
Detach and Attach Automations
When installing an automation from a Content Pack, by default, the automation is attached, which means that it is not editable. To edit the automation, you need to either make a copy or detach it.
While the automation is detached, it is not updated by the Content Pack. This may be useful when you want to update the automation without breaking customization. If you want to update the automation type through Content Pack updates, you need to reattach it, but any changes are overridden by the Content Pack on upgrade. If you want to keep the changes, make a copy before reattaching.
Script settingsyou can define the following information:
An identifying name for the automation.
Select the automation language.
A meaningful description for the automation.
Predefined script identifiers that determine where the automation is available. For example, to use this automation as a pre-processing automation, it must be tagged with the pre-processing tag.
Whether the automation is available for playbook tasks, indicator types, incident types and fields.
The Content Pack for which the automation belongs.
An identifying name.
Makes the argument mandatory.
Makes this argument the default argument for the automation.
Makes the argument case sensitive.
A meaningful description for the argument.
The initial default value for the argument.
Specifies that the argument is an array.
CSV list of argument values.
You can define the outputs according to string, number, date, boolean, etc. For more information, see Context and Outputs. The Important field is for backwards compatibility only for previous Cortex XSOAR versions.
Enables you to add a password for the automation, which will be required when running the script from the CLI
Determines which role the automation runs as. Select the role from the dropdown list.
The assigned roles determine who can run the automation.
Time (in seconds) before the automation times out. Default is 180.
The Cortex XSOAR server or D2 agent.
Docker image name
For Python automation, the name of the Docker image to use to run this automation.
Run on a separate container
Runs the automation on a separate container.
You can set the commands that the automation depends on directly from these settings. You still have the option to set the dependencies in the automation yaml file.
Recommended For You
Recommended videos not found.