Cortex Core - Platform

This integration uses the Cortex API to access all the core services and capabilities of the Cortex platform.

Endpoint · Core

Configuration parameters

  • timeout — HTTP Timeout

Commands (40)

  • core-add-assessment-profile

    Create new assessment profile.

  • core-appsec-remediate-issue

    Create automated pull requests to fix multiple security issues in a single bulk operation.

  • core-create-appsec-policy

    Creates a new AppSec policy in Cortex Platform with defined conditions, scope, and triggers for application security governance.

  • core-create-endpoint-policy

    Creates a new endpoint policy and applies it to specified endpoints. Automatically handles priority conflicts by shifting existing policies when needed.

  • core-create-windows-exploit-profile

    Creates a new Windows exploit profile.

  • core-create-windows-malware-profile

    Creates a new windows malware profile.

  • core-delete-endpoint-policy

    Deletes one or more existing endpoint policies from the policy table.

  • core-delete-profile

    Deletes the provided profiles.

  • core-enable-scanners

    Enable or disable scanners with the specified configuration.

  • core-get-ai-model-activity

    Retrieves AI model activity information including usage statistics and inactive status.

  • core-get-appsec-issues

    Retrieves application security issues based on specified filters.

  • core-get-asset-coverage

    Retrieves a list of assets (e.g., Repositories, CI/CD Pipelines, Container Image Repositories) along with their scan coverage status.

  • core-get-asset-coverage-histogram

    Calculates the distribution of values (counts and percentages) for specified categorical fields.

  • core-get-asset-details

    Get asset information.

  • core-get-case-extra-data

    Get extra data fields of a specific case, including issues and key artifacts.

  • core-get-case-resolution-statuses

    Retrieves resolution status information for a specific case.

  • core-get-cases

    Get case information based on the specified filters.

  • core-get-endpoint-support-file

    Retrieves endpoint support files based on specified endpoint IDs.

  • core-get-endpoint-update-version

    Retrieves endpoint update versions for the provided endpoint IDs.

  • core-get-issue-recommendations

    Get comprehensive recommendations for an issue, including remediation steps, playbook suggestions, and recommended actions.

  • core-get-issues

    Returns a list of issues and their metadata, which you can filter by built-in arguments or use the custom_filter to input a JSON filter object. Multiple filter arguments will be concatenated using the AND operator, while arguments that support a comma-separated list of values will use an OR operator between each value.

  • core-get-vulnerabilities

    Retrieves vulnerabilities based on specified filters.

  • core-list-brokers

    Retrieves information about broker VMs configured on the system.

  • core-list-compliance-standards

    Create new assessment profile.

  • core-list-endpoints

    Retrieves endpoints based on the provided filters.

  • core-list-exception-rules

    Returns a list of exception rules and their metadata, which you can filter by built-in arguments. Multiple filter arguments will be concatenated using the AND operator, while arguments that support a comma-separated list of values will use an OR operator between each value.

  • core-list-findings

    Retrieves findings from the Cortex platform.

  • core-list-scripts

    Gets a list of scripts available in the scripts library.

  • core-list-system-users

    Returns a list users and their core properties within the system. Results are limited to 50.

  • core-run-playbook

    Runs a playbook on specific issue IDs.

  • core-run-script-agentix

    Run a script on endpoints.

  • core-search-asset-groups

    Searches for asset groups from the Cortex platform using one or more filter criteria.

  • core-search-assets

    Retrieves asset from the Cortex platform using optional filter criteria.

  • core-send-endpoint-heartbeat

    Sends endpoint heartbeat.

  • core-update-case

    Updates the properties of a case.

  • core-update-endpoint-version

    Updates the version of the given endpoint to the target version supplied.

  • core-update-issue

    Updates the properties of an issue. This command does not provide an explicit indication of success.

  • core-update-windows-exploit-profile

    Updates the specified Windows exploit profile.

  • core-update-windows-malware-profile

    Updates the specified Windows malware profile.

  • core-xql-generic-query-platform

    Execute an XQL query and retrieve a link to the query in the query center. If set to wait for results, the command will be executed every 10 seconds until results are retrieved or until the timeout is reached.