Skip to content
AIR Knowledge Base

Cortex XSOAR Integration

Steps to Integrate

Section titled “Steps to Integrate”

Step 1: Preparing API Token

  1. Create a new API Token by clicking the Settings → API Tokens.
  2. Give a Token Name.
  3. Choose an expiration date.
  4. Click Save and copy the token.

Step 2: Adding Integration to Cortex XSOAR

Section titled “Step 2: Adding Integration to Cortex XSOAR”
  1. Sign in to Cortex XSOAR server.
  2. Click “Marketplace” on the left bottom corner.
  3. Search and install the AIR Integration to your instance.

Step 3: Setting up the Integration

Section titled “Step 3: Setting up the Integration”
  1. Click “Settings” on the left bottom corner.
  2. Find installed integration, and click “Add instance
  3. Fill in the AIR Server URL and API Key. Click “Test”, and you will see “Success”, which means Cortex XSOAR established the test connection with the AIR Server.
  4. Save and Exit.

Usage

Section titled “Usage”

Isolation

  • You can use the integration in Automations, Playbooks, or War Room.
  • To execute an isolation task, write the following command at the bottom of the page:
!air-isolate hostname=<HOSTNAMEofENDPOINT> organization_id=<ORGANIZATION ID> isolation=<ENABLE or DISABLE>
  • Acquisition
  • To execute an acquisition task, write the following command at the bottom of the page:
!binalyze-air-acquire case_id=<CASE-ID> hostname=<HOSTNAMEofENDPOINT> organization_id=0 profile="PROFILE"