12-30-2025 04:00 AM
Hi,
I’m looking for a way to back up my custom content - such as playbooks, lists, scripts, correlation rules, and more, to an external repository (GitHub, GitLab, Azure DevOps, etc.).
So far, I’ve had partial success with playbooks using Python scripts and API calls, but I’m having difficulty backing up the other content types.
Has anyone tried implementing something like this?
02-11-2026 06:03 AM
Hello @Yossi_Nagar ,
Greetings for the day.
In Cortex XSIAM, backing up custom content to an external repository can be achieved through two primary methods: the native Remote Repository feature for specific supported content types, and a specialized API-based workaround for a comprehensive backup of all custom content.
Cortex XSIAM includes a built-in feature to manage and sync content between tenants (for example, Development to Production) using a Git-based repository such as GitHub, GitLab, Bitbucket, or Azure DevOps.
The following types can be pushed and pulled via the Remote Repository:
Playbooks and Scripts
Integrations
Classifiers and Mappers
Issue/Indicator Layouts, Types, and Fields
The native sync feature does not support:
Correlation Rules
Parsing Rules and Data Modeling Rules
Lists and Dashboards
To back up the content types not supported by the Remote Repository (such as lists and correlation rules), you can automate the export of a Content Bundle and push it to your repository. This method uses the internal API to download all custom content in a single encrypted file.
Create a playbook or script that uses the core-api-download command to target the /content/bundle endpoint:
core-api-download endpoint="/content/bundle"
Use an integration command (for example, from the GitHub or GitLab content packs) to upload the resulting file. Example using the GitHub integration:
github-commit-file filename="XSIAM_Backup.zip" content="${core-api-download.File}" repository="your-repo-name" branch="main" message="Daily automated backup"
Configure this playbook to run as a Job (for example, daily or weekly) under:
Settings → Configurations → Automation → Jobs
You can also manually export all custom content for backup purposes via the UI:
Navigate to Settings → Configurations → General → Server Settings.
Scroll to the Custom Content section.
Click Export all custom content to download a .tar file containing your custom playbooks, scripts, layouts, and other components.
Correlation Rules: These often must be moved manually by copying the XQL query text.
Version Mismatch: It is not recommended to push or pull content between tenants running different XSIAM versions to avoid compatibility issues.
Permissions: Managing Remote Repository settings requires Instance Admin privileges or specific RBAC permissions for Remote Repository.
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".
Thanks & Regards,
S. Subashkar Sekar
02-11-2026 06:03 AM
Hello @Yossi_Nagar ,
Greetings for the day.
In Cortex XSIAM, backing up custom content to an external repository can be achieved through two primary methods: the native Remote Repository feature for specific supported content types, and a specialized API-based workaround for a comprehensive backup of all custom content.
Cortex XSIAM includes a built-in feature to manage and sync content between tenants (for example, Development to Production) using a Git-based repository such as GitHub, GitLab, Bitbucket, or Azure DevOps.
The following types can be pushed and pulled via the Remote Repository:
Playbooks and Scripts
Integrations
Classifiers and Mappers
Issue/Indicator Layouts, Types, and Fields
The native sync feature does not support:
Correlation Rules
Parsing Rules and Data Modeling Rules
Lists and Dashboards
To back up the content types not supported by the Remote Repository (such as lists and correlation rules), you can automate the export of a Content Bundle and push it to your repository. This method uses the internal API to download all custom content in a single encrypted file.
Create a playbook or script that uses the core-api-download command to target the /content/bundle endpoint:
core-api-download endpoint="/content/bundle"
Use an integration command (for example, from the GitHub or GitLab content packs) to upload the resulting file. Example using the GitHub integration:
github-commit-file filename="XSIAM_Backup.zip" content="${core-api-download.File}" repository="your-repo-name" branch="main" message="Daily automated backup"
Configure this playbook to run as a Job (for example, daily or weekly) under:
Settings → Configurations → Automation → Jobs
You can also manually export all custom content for backup purposes via the UI:
Navigate to Settings → Configurations → General → Server Settings.
Scroll to the Custom Content section.
Click Export all custom content to download a .tar file containing your custom playbooks, scripts, layouts, and other components.
Correlation Rules: These often must be moved manually by copying the XQL query text.
Version Mismatch: It is not recommended to push or pull content between tenants running different XSIAM versions to avoid compatibility issues.
Permissions: Managing Remote Repository settings requires Instance Admin privileges or specific RBAC permissions for Remote Repository.
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".
Thanks & Regards,
S. Subashkar Sekar
02-11-2026 06:38 AM
The best answer I got.
Thank you for so detailed answer, I believe you covered everything here - I'll go and check all options you mentioned.
Appreciate that,
Thank you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
