This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

XSIAM Content Update Notifications pack

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XSIAM Content Update Notifications pack

PA_nts
L4 Transporter

‎04-13-2026 11:23 PM

Hi,

has anyone deployed this to date and have it working?

just started looking at this as a means to notify our platform team when we need to perform content updates etc as we manage a number of xsiam tenants..

and out the box both the playbooks fails, so would imagine some customization is needed.

 

the deployment documentation is sparse at best also

 

thanks

0 Likes Likes
3 REPLIES 3

PJagtap1
L1 Bithead

‎05-04-2026 05:51 AM

Hello @pa_tv

 

With reference to your query, I understand that you are looking to receive notifications for content pack updates in your Cortex XSIAM tenant. In this case, you can leverage the "Content Update Manager" playbook available within Cortex XSIAM, which helps both in notifying about updates and managing content pack upgrades through automation. Attached screenshot of the playbook for your reference.

 

If I have misunderstood your requirement, please feel free to clarify I would be happy to assist you further.

 

If this suggestion addresses your query, kindly consider giving it a like

 

Thanks & Regards,
Pratik Jagtap

Preview file
136 KB
0 Likes Likes

PA_nts
L4 Transporter

‎05-04-2026 06:47 AM

Thanks.. and yes this is the correct playbook to use.. 

however out the box it wont work.. and needs some customization.. and the documentation is sparse to say the least to get it working..

for one.. in my case to have it send an email, you have to edit the 'playbook start' task and add the email address you want it to be sent to in here (under inputs/outputs)

then second..the 'check for updates' task will fail if you don't have a core_api_rest datasource and api key defined.

thirdly.. in the same settings under 'playbook start' you need to change the 'demisto_rest_api_name' to your rest api datasource instance name defined above. 

this playbook also uses the subplaybook 'check for content installation' to do the actual updates.. but here also, you need to follow same process as third item above. to add the rest api instance name.. 

I am slowly working my way though this playbook if and when i get time.. i am still not able to get it to update the content packs.. for now I can  

trigger the playbook, sends me an email, i click the link as select to update the content packs.. but the update fails still.. so it is a work in progress. 

 

0 Likes Likes

PJagtap1
L1 Bithead

‎05-04-2026 10:16 PM

Sure, please feel free to reach out if you require any help I'd be happy to assist.

0 Likes Likes
  • 187 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks