Cortex Core - Platform
This integration uses the Cortex API to access all the core services and capabilities of the Cortex platform.
Endpoint · Core
Configuration parameters
timeout— HTTP Timeout
Commands (40)
-
core-add-assessment-profileCreate new assessment profile.
-
core-appsec-remediate-issueCreate automated pull requests to fix multiple security issues in a single bulk operation.
-
core-create-appsec-policyCreates a new AppSec policy in Cortex Platform with defined conditions, scope, and triggers for application security governance.
-
core-create-endpoint-policyCreates a new endpoint policy and applies it to specified endpoints. Automatically handles priority conflicts by shifting existing policies when needed.
-
core-create-windows-exploit-profileCreates a new Windows exploit profile.
-
core-create-windows-malware-profileCreates a new windows malware profile.
-
core-delete-endpoint-policyDeletes one or more existing endpoint policies from the policy table.
-
core-delete-profileDeletes the provided profiles.
-
core-enable-scannersEnable or disable scanners with the specified configuration.
-
core-get-ai-model-activityRetrieves AI model activity information including usage statistics and inactive status.
-
core-get-appsec-issuesRetrieves application security issues based on specified filters.
-
core-get-asset-coverageRetrieves a list of assets (e.g., Repositories, CI/CD Pipelines, Container Image Repositories) along with their scan coverage status.
-
core-get-asset-coverage-histogramCalculates the distribution of values (counts and percentages) for specified categorical fields.
-
core-get-asset-detailsGet asset information.
-
core-get-case-extra-dataGet extra data fields of a specific case, including issues and key artifacts.
-
core-get-case-resolution-statusesRetrieves resolution status information for a specific case.
-
core-get-casesGet case information based on the specified filters.
-
core-get-endpoint-support-fileRetrieves endpoint support files based on specified endpoint IDs.
-
core-get-endpoint-update-versionRetrieves endpoint update versions for the provided endpoint IDs.
-
core-get-issue-recommendationsGet comprehensive recommendations for an issue, including remediation steps, playbook suggestions, and recommended actions.
-
core-get-issuesReturns a list of issues and their metadata, which you can filter by built-in arguments or use the custom_filter to input a JSON filter object. Multiple filter arguments will be concatenated using the AND operator, while arguments that support a comma-separated list of values will use an OR operator between each value.
-
core-get-vulnerabilitiesRetrieves vulnerabilities based on specified filters.
-
core-list-brokersRetrieves information about broker VMs configured on the system.
-
core-list-compliance-standardsCreate new assessment profile.
-
core-list-endpointsRetrieves endpoints based on the provided filters.
-
core-list-exception-rulesReturns a list of exception rules and their metadata, which you can filter by built-in arguments. Multiple filter arguments will be concatenated using the AND operator, while arguments that support a comma-separated list of values will use an OR operator between each value.
-
core-list-findingsRetrieves findings from the Cortex platform.
-
core-list-scriptsGets a list of scripts available in the scripts library.
-
core-list-system-usersReturns a list users and their core properties within the system. Results are limited to 50.
-
core-run-playbookRuns a playbook on specific issue IDs.
-
core-run-script-agentixRun a script on endpoints.
-
core-search-asset-groupsSearches for asset groups from the Cortex platform using one or more filter criteria.
-
core-search-assetsRetrieves asset from the Cortex platform using optional filter criteria.
-
core-send-endpoint-heartbeatSends endpoint heartbeat.
-
core-update-caseUpdates the properties of a case.
-
core-update-endpoint-versionUpdates the version of the given endpoint to the target version supplied.
-
core-update-issueUpdates the properties of an issue. This command does not provide an explicit indication of success.
-
core-update-windows-exploit-profileUpdates the specified Windows exploit profile.
-
core-update-windows-malware-profileUpdates the specified Windows malware profile.
-
core-xql-generic-query-platformExecute an XQL query and retrieve a link to the query in the query center. If set to wait for results, the command will be executed every 10 seconds until results are retrieved or until the timeout is reached.