This is an example Integration Doc. Here you will provide an Overview of the Integration. Type of the product and common use case through Cortex XSOAR. What is this integration good for? What does the integration do? Known limitations (only if needed in this high level view) What version of the integrated product was tested (and what versions we believe are supported. e.g. tested on 2.0, should work on 2.0 and up).
To set up [integration name] to work with Cortex XSOAR:
Just list the requirements for integrating with Cortex XSOAR. You can include links to third-party documentation if necessary.
- API token
To set up the integration on Cortex XSOAR:
Go to ‘Settings > Integrations > Servers & Services’
Locate [integration name] by searching for it using the search box on the top of the page.
Click ‘Add instance’ to create and configure a new integration. You should configure the following settings:
- Name: A textual name for the integration instance.
- Appliance IP/Hostname: The hostname or IP address of the appliance being used.
- Appliance Port: The appliance port being used.
- Username and Password: The username and password, or toggle to Credentials.
- Fetch incidents: Select whether to automatically create Cortex XSOAR incidents from this integration instance.
- Test What is tested and what to do if the test fails
Fetched Incidents Data
Information needed to use the fetch-incidents option.
What can be fetched? (e.g. events or cases but not "observations")
How are we filtering? (e.g. "ID" / "Created Date" / "Seen Date" / configurable? )
Initial fetch parameters (from now? 10mins back?)
Anything specific about the 3rd-party product that user should know that will help understand how to run commands with parameters. For example, Archer applications are inter-connected using content id. Followed by use case.
When listing commands with inputs and outputs use the following structure:
|argument1||Filter the x by the y.||Required|
|Integration.Output||string||The indicator score.|
Context Output (JSON)
Human Readable Output (War Room)
Or state: This Integration does not have commands ....
Such as command examples, usage examples, etc.
This integration was integrated and tested with version [x.y.z.w] of [integration name]"