- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Cortex XSOAR is a unique platform in that it enables end-users to create their own custom content. This content includes custom playbooks, indicators, incident types, classification and mapping rules, integrations, automations — the list goes on. The ability to create custom content in Python, PowerShell, or JavaScript that fits specific needs is a huge benefit that XSOAR offers.
The question isn’t “Can you create your own custom content in XSOAR?” — of course you can! The right question to ask is if you should create your own custom content in XSOAR. Let's delve into the why and why not.
When creating custom content within XSOAR, remember the content you’re creating is being taken out of the life cycle that Palo Alto Networks product teams use to keep their content up-to-date and functioning. The responsibility of maintaining that new custom content falls to the end-user who created it.
Before you decide if custom content is needed for a particular situation, ask yourself:
Does the content I’m trying to create already exist within the platform?
If it does:
It is highly recommended you use the out of the box (OOTB) content instead of creating a custom solution.
OOTB content within XSOAR is customer driven. After working with companies from many different sectors over an extended period of time, and building content based on customer driven needs, there is a good chance that what you’re looking for already exists in the platform.
If it doesn’t:
Is there a feature within the platform that accomplishes something very close to what I was attempting to do? Is the feature I'm looking for already on the roadmap for Palo Alto to create?
Depending on the answers to the questions asked in the above paragraph It may be in your best interest to wait for that functionality to be released by the content team at Palo Alto depending on the timeline regarding the release, and depending on how critical this content is to your organization.
It is always in your best interest to submit a feature request via the AHA portal, even if you fully intend to create the custom content yourself. This way, you can move a custom solution to a solution that is being maintained by Palo Alto once it is developed. This would ultimately lift the burden of maintenance from the end-user and place it back on the Palo Alto content team. In addition, the feature you’re requesting may very well be something that multiple people could benefit from.
Is this content needed to support a specific process / procedure? Is it possible to modify that process to fit the functionality of the OOTB feature?
If this content is of high importance:
You will want to consider that this content will need to be maintained by you and/or your organization. I recommend having a review cycle for your more important custom content solutions.
If the content isn’t of high importance:
You will still need to maintain the content. However, it may not be as big of a deal if it breaks.
For example, if creating a custom integration keep in mind that:
Vendors change their backend API functionality all the time, and sometimes without very much notice. This will need to be something you pay attention to, because if a change like this happens without you knowing about it, the impact to your organization could be high depending on how important this custom integration is to your workflow.
XSOAR allows for custom content, giving end-users the ability to build unique functionality on-the-fly to meet specific needs. There can be huge benefit in this capability. However, creating custom content does have its drawbacks — and they should be taken into account before going down the customization route. Always explore all options within the XSOAR platform before crafting a custom solution, and ask yourself the questions above to help make the right choice for you and your organization.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
3 Likes | |
2 Likes | |
1 Like | |
1 Like |