• Stars
    star
    1,109
  • Rank 41,870 (Top 0.9 %)
  • Language
    Python
  • License
    MIT License
  • Created over 8 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Demisto is now Cortex XSOAR. Automate and orchestrate your Security Operations with Cortex XSOAR's ever-growing Content Repository. Pull Requests are always welcome and highly appreciated!

Content logo

CircleCI Open in Visual Studio Code

Open in Remote-Containers Open in GitHub Codespaces

If you already have VS Code and Docker installed, you can click the badge above or here to get started. Clicking these links opens VS Code, installs the Remote-Containers extension (if not installed), clones the source code into a container volume, and spins up a development container, configured with all recommended settings.

Cortex XSOAR Platform - Content Repository

Demisto is now Cortex XSOAR.

This repo contains content provided by Demisto to automate and orchestrate your Security Operations. Here we will share our ever-growing list of playbooks, automation scripts, report templates and other useful content.

We security folks love to tinker, keep enhancing and sharpening our toolset and we decided to open up everything and make it a collaborative process for the entire security community. We want to create useful knowledge and build flexible, customizable tools, sharing them with each other as we go along.

We invite you to use the playbooks and scripts, modify them to suit your needs and see what works for you, get involved in the community discussion and of course remember to give back and contribute so that others can enjoy and learn from your hard work and build upon it to enhance it even further.

Documentation

If you wish to develop and contribute Content, make sure to check our Content Developer Portal at: https://xsoar.pan.dev/

Contributing

Contributions are welcome and appreciated. For instructions about adding/modifying content please see our Content Contribution Guide.

Playbooks

The Cortex XSOAR Platform includes a visual playbook editor - you can add and modify tasks, create control flow according to answers returned by your queries, and automate everything with your existing security tools, services and products. You can also export your work to a file in the COPS format, and import playbooks shared by your peers who have done the same.

We will be releasing more and more playbooks for interesting scenarios, so stay tuned. If you are working on an interesting playbook of your own, feel free to send us a Pull Request and let's build it together.

The spec for our open playbook format, COPS, can be found here.

Scripts

These scripts written in Python or Javascript perform Security Operations tasks. The scripts are built to run inside the Cortex XSOAR Platform - they can query or send commands to a long list of existing security products, and react based on the output.

You can take your logic and the way you want to work and write your own scripts, allowing for maximum flexibility. The services and products you use can be online Cloud-based or on-premises setups, and we have tools to support more complex topologies such as when the product's subnet is firewalled off.

Integrations

Integrations written in Javascript or Python enable the Cortex XSOAR Platform to orchestrate security and IT products. Each integration provides capabilities in the form of commands and each command usually reflects a product capability (API) and returns both a human readable and computer readable response.

Docker

We use docker to run python scripts and integrations in a controlled environment. You can configure an existing docker image from the Cortex XSOAR Docker Hub Organization or create a new docker image to suite your needs. More information about how to use Docker is available here.

Reports

Cortex XSOAR Platform support flexible reports written in JSON. All of our standard reports calculating various incident statistics and metrics are stored in this repo.


Enjoy and feel free to reach out to us on the DFIR Community Slack channel.

More Repositories

1

COPS

Collaborative Open Playbook Standard
147
star
2

alfred

A Slack bot to add security info to messages containing URLs, hashes and IPs
Go
70
star
3

demisto-py

Demisto Client for Python
Python
70
star
4

demisto-sdk

Demisto SDK - Create Demisto Content with ease and efficiency
Python
70
star
5

dockerfiles

Demisto's Dockerfiles and Image Build Management
Brainfuck
65
star
6

sane-reports

Reports library that will keep you sane and not pulling your hair out
JavaScript
52
star
7

content-docs

Demisto Content Developer Docs
Python
41
star
8

sane-doc-reports

Extends the sane-reports library that will keep you sane and not pulling your hair out while generating DOCX files
Python
17
star
9

tools

A collection of demisto tools
Go
15
star
10

slack

Integration with Slack API
Go
15
star
11

parse-emails

Python
14
star
12

vscode-extension

TypeScript
12
star
13

goxforce

Golang library to access IBM X-Force Exchange
Go
12
star
14

content-ci-cd-template

Python
7
star
15

dockerfiles-info

Info about docker images used in the demisto org
Python
7
star
16

github-automation

Maintain and organize your GitHub project using an automation tool.
Python
6
star
17

pb-go

pandorabots API for Golang
Go
5
star
18

splunk-app

Splunk app repo
Python
5
star
19

gocs

CrowdStrike Intel API implementation in Golang
Go
4
star
20

infinigo

CylanceV Infinity public API implementation using Golang
Go
3
star
21

download

Entitlements app to download our installer
Go
2
star
22

go-uuid

Go
2
star
23

content-assets

2
star
24

content-helloworld-premium

Python
1
star
25

pycharm-plugin

Add-on for PyCharm that simplifies third-party integration and script development by enabling users to author Python content for XSOAR directly in PyCharm.
Java
1
star
26

demisto-splunk-app

Go
1
star
27

content-external-template

Repo will be used as a template for private repos to fork off
Shell
1
star