openapi: 3.1.0 info: title: Palo Alto Networks Cortex XSOAR REST API description: >- REST API for the Cortex XSOAR (formerly Demisto) security orchestration, automation, and response (SOAR) platform. Provides programmatic access to incidents, investigations, playbooks, entries, and integrations. Enables automation of security workflows, creation and management of incidents, execution of playbooks, and integration with third-party security tools. Authentication uses an API key passed in the Authorization header. API keys are generated from the XSOAR settings under Integrations > API Keys. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/cortex/docs/xsoar/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://{xsoar-server} description: Cortex XSOAR server endpoint. variables: xsoar-server: description: Hostname or IP address of the Cortex XSOAR server. default: xsoar.example.com security: - apiKey: [] tags: - name: Entries description: Investigation entry (work note) management. - name: Incidents description: Incident creation, retrieval, search, and update operations. - name: Integrations description: Integration and instance management. - name: Investigations description: Investigation management. - name: Playbooks description: Playbook listing and execution. paths: /incident: post: operationId: createIncident summary: Palo Alto Networks Create Incident description: >- Creates a new incident in Cortex XSOAR. Incidents represent security events requiring investigation and response. Specify the incident type, severity, name, and any custom fields defined for the incident type. If an associated playbook is configured for the incident type, it starts automatically. tags: - Incidents requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateIncidentRequest' examples: CreateIncidentRequestExample: summary: Default createIncident request x-microcks-default: true value: name: Corporate Gateway 34 type: custom severity: 2 owner: example-owner occurred: '2025-12-19T01:48:14Z' details: Traffic rule network firewall endpoint incident network incident configured firewall activity. labels: &id009 - type: advanced value: example-value createInvestigation: true CustomFields: &id010 {} rawJson: example-rawJson responses: '200': description: Incident created successfully. content: application/json: schema: $ref: '#/components/schemas/Incident' examples: CreateIncident200Example: summary: Default createIncident 200 response x-microcks-default: true value: id: example-id name: Branch Firewall 02 type: custom status: 2 severity: 5 owner: example-owner created: '2026-04-27T13:10:38Z' modified: '2026-02-28T09:07:32Z' occurred: '2026-07-07T08:02:17Z' closed: '2025-06-22T23:38:50Z' closeReason: example-closeReason closeNotes: Malware firewall on activity applied investigation suspicious detected activity. labels: &id001 - type: custom value: example-value details: Suspicious firewall detected configured suspicious network detected blocked suspicious. investigationId: '720788' playbookId: '265379' sourceInstance: example-sourceInstance sourceBrand: example-sourceBrand rawJson: example-rawJson CustomFields: &id002 {} '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /incidents/search: get: operationId: searchIncidentsGet summary: Palo Alto Networks Search Incidents (GET) description: >- Returns incidents matching query criteria specified as URL query parameters. Supports filtering by keyword, status, severity, type, and time range. For complex queries use POST /incidents/search. tags: - Incidents parameters: - name: query in: query description: >- Lucene query string to filter incidents (e.g., status:Active AND severity:High). schema: type: string example: example-query - name: size in: query description: Maximum number of incidents to return. schema: type: integer default: 10 maximum: 100 example: 10 - name: fromdate in: query description: Filter incidents created after this date (ISO 8601 format). schema: type: string format: date-time example: '2025-09-17T20:14:07Z' - name: todate in: query description: Filter incidents created before this date (ISO 8601 format). schema: type: string format: date-time example: '2025-05-07T00:33:09Z' - name: page in: query description: Page number for pagination (zero-based). schema: type: integer default: 0 example: 0 responses: '200': description: Incidents returned successfully. content: application/json: schema: $ref: '#/components/schemas/IncidentSearchResponse' examples: SearchIncidentsGet200Example: summary: Default searchIncidentsGet 200 response x-microcks-default: true value: total: &id003 value: 316 relation: example-relation incidents: &id004 - id: example-id name: Branch Firewall 02 type: custom status: 2 severity: 5 owner: example-owner created: '2026-04-27T13:10:38Z' modified: '2026-02-28T09:07:32Z' occurred: '2026-07-07T08:02:17Z' closed: '2025-06-22T23:38:50Z' closeReason: example-closeReason closeNotes: Malware firewall on activity applied investigation suspicious detected activity. labels: *id001 details: Suspicious firewall detected configured suspicious network detected blocked suspicious. investigationId: '720788' playbookId: '265379' sourceInstance: example-sourceInstance sourceBrand: example-sourceBrand rawJson: example-rawJson CustomFields: *id002 searchResultTotal: 847 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: searchIncidentsPost summary: Palo Alto Networks Search Incidents (POST) description: >- Searches for incidents using a structured filter in the request body. Supports advanced filtering, field selection, sorting, and pagination. Preferred over GET for complex queries. tags: - Incidents requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IncidentSearchRequest' examples: SearchIncidentsPostRequestExample: summary: Default searchIncidentsPost request x-microcks-default: true value: filter: &id012 query: example-query status: - 427 sort: - field: example-field asc: true period: byFrom: '2026-11-24T23:01:39Z' byTo: '2025-06-05T03:13:28Z' fromDate: '2025-04-24T04:56:15Z' toDate: '2024-07-10T05:59:35Z' size: 10 page: 0 responses: '200': description: Incidents returned successfully. content: application/json: schema: $ref: '#/components/schemas/IncidentSearchResponse' examples: SearchIncidentsPost200Example: summary: Default searchIncidentsPost 200 response x-microcks-default: true value: total: *id003 incidents: *id004 searchResultTotal: 847 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' x-microcks-operation: delay: 0 dispatcher: FALLBACK /incident/{id}: get: operationId: getIncident summary: Palo Alto Networks Get Incident description: Returns a specific incident by its unique identifier, including all fields and metadata. tags: - Incidents parameters: - $ref: '#/components/parameters/incidentId' responses: '200': description: Incident returned successfully. content: application/json: schema: $ref: '#/components/schemas/Incident' examples: GetIncident200Example: summary: Default getIncident 200 response x-microcks-default: true value: id: example-id name: Branch Firewall 02 type: custom status: 2 severity: 5 owner: example-owner created: '2026-04-27T13:10:38Z' modified: '2026-02-28T09:07:32Z' occurred: '2026-07-07T08:02:17Z' closed: '2025-06-22T23:38:50Z' closeReason: example-closeReason closeNotes: Malware firewall on activity applied investigation suspicious detected activity. labels: *id001 details: Suspicious firewall detected configured suspicious network detected blocked suspicious. investigationId: '720788' playbookId: '265379' sourceInstance: example-sourceInstance sourceBrand: example-sourceBrand rawJson: example-rawJson CustomFields: *id002 '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK /incident/update: post: operationId: updateIncident summary: Palo Alto Networks Update Incident description: >- Updates one or more fields of an existing incident. Only the fields provided in the request body are modified. Supports updating status, severity, owner, labels, and custom fields. tags: - Incidents requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UpdateIncidentRequest' examples: UpdateIncidentRequestExample: summary: Default updateIncident request x-microcks-default: true value: id: example-id version: 134 status: 2 severity: 3 owner: example-owner details: Threat detected violation endpoint investigation traffic policy policy activity. closeReason: example-closeReason closeNotes: Rule endpoint activity detected violation malware alert on violation threat. CustomFields: &id011 {} responses: '200': description: Incident updated successfully. content: application/json: schema: $ref: '#/components/schemas/Incident' examples: UpdateIncident200Example: summary: Default updateIncident 200 response x-microcks-default: true value: id: example-id name: Branch Firewall 02 type: custom status: 2 severity: 5 owner: example-owner created: '2026-04-27T13:10:38Z' modified: '2026-02-28T09:07:32Z' occurred: '2026-07-07T08:02:17Z' closed: '2025-06-22T23:38:50Z' closeReason: example-closeReason closeNotes: Malware firewall on activity applied investigation suspicious detected activity. labels: *id001 details: Suspicious firewall detected configured suspicious network detected blocked suspicious. investigationId: '720788' playbookId: '265379' sourceInstance: example-sourceInstance sourceBrand: example-sourceBrand rawJson: example-rawJson CustomFields: *id002 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK /entry: post: operationId: addEntry summary: Palo Alto Networks Add Entry to Investigation description: >- Adds a work note or entry to an investigation's war room. Entries can be notes, commands, files, or other content types. The war room serves as the collaborative workspace for the incident investigation team. tags: - Entries requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateEntryRequest' examples: AddEntryRequestExample: summary: Default addEntry request x-microcks-default: true value: investigationId: '274080' data: example-data markdown: false tags: &id013 - critical-asset - production responses: '200': description: Entry added successfully. content: application/json: schema: $ref: '#/components/schemas/Entry' examples: AddEntry200Example: summary: Default addEntry 200 response x-microcks-default: true value: id: example-id investigationId: '215099' type: 140 user: example-user created: '2024-07-22T09:20:31Z' modified: '2025-02-16T15:12:04Z' contents: example-contents humanReadable: example-humanReadable tags: &id005 - production - pci-scope '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK /investigations/{id}: get: operationId: getInvestigation summary: Palo Alto Networks Get Investigation description: >- Returns the full details of an investigation including all war room entries, playbook status, and associated incidents. tags: - Investigations parameters: - name: id in: path required: true description: Unique identifier of the investigation. schema: type: string example: example-id responses: '200': description: Investigation returned successfully. content: application/json: schema: $ref: '#/components/schemas/Investigation' examples: GetInvestigation200Example: summary: Default getInvestigation 200 response x-microcks-default: true value: id: example-id name: Corporate Agent 49 status: 611 incidentId: '613705' created: '2025-05-10T09:56:48Z' modified: '2026-07-27T07:59:00Z' entries: &id006 - id: example-id investigationId: '215099' type: 140 user: example-user created: '2024-07-22T09:20:31Z' modified: '2025-02-16T15:12:04Z' contents: example-contents humanReadable: example-humanReadable tags: *id005 playbookId: '207029' runningPlaybooks: &id007 - example-runningPlaybooks_item - example-runningPlaybooks_item '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK /investigation/add: post: operationId: createInvestigation summary: Palo Alto Networks Create Investigation description: >- Creates a new investigation attached to an existing incident. Multiple investigations can be created for a single incident to track separate analytical threads. tags: - Investigations requestBody: required: true content: application/json: schema: type: object required: - incidentId properties: incidentId: type: string description: ID of the incident to attach the investigation to. name: type: string description: Optional name for the investigation. examples: CreateInvestigationRequestExample: summary: Default createInvestigation request x-microcks-default: true value: incidentId: '974282' name: Primary Gateway 48 responses: '200': description: Investigation created successfully. content: application/json: schema: $ref: '#/components/schemas/Investigation' examples: CreateInvestigation200Example: summary: Default createInvestigation 200 response x-microcks-default: true value: id: example-id name: Corporate Agent 49 status: 611 incidentId: '613705' created: '2025-05-10T09:56:48Z' modified: '2026-07-27T07:59:00Z' entries: *id006 playbookId: '207029' runningPlaybooks: *id007 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' x-microcks-operation: delay: 0 dispatcher: FALLBACK /playbook: get: operationId: listPlaybooks summary: Palo Alto Networks List Playbooks description: >- Returns all playbooks available in the Cortex XSOAR instance. Playbooks define automated response workflows that execute tasks, run integrations, and perform actions in response to incident conditions. tags: - Playbooks parameters: - name: query in: query description: Filter playbooks by name or keyword. schema: type: string example: example-query responses: '200': description: Playbooks returned successfully. content: application/json: schema: type: array items: $ref: '#/components/schemas/Playbook' examples: ListPlaybooks200Example: summary: Default listPlaybooks 200 response x-microcks-default: true value: - id: example-id name: Production Policy 92 version: 797 description: Incident blocked suspicious policy violation malware on alert blocked on firewall. tags: &id014 - production - pci-scope fromVersion: 6.6.6 toVersion: 9.3.8 deprecated: true '401': $ref: '#/components/responses/Unauthorized' x-microcks-operation: delay: 0 dispatcher: FALLBACK /playbook/run: post: operationId: runPlaybook summary: Palo Alto Networks Run Playbook description: >- Executes a playbook against a specified incident. The playbook runs asynchronously and its progress can be monitored through the investigation's war room entries. tags: - Playbooks requestBody: required: true content: application/json: schema: type: object required: - incidentId - playbookId properties: incidentId: type: string description: ID of the incident to run the playbook on. playbookId: type: string description: ID of the playbook to execute. version: type: integer description: Specific playbook version to run (defaults to latest). examples: RunPlaybookRequestExample: summary: Default runPlaybook request x-microcks-default: true value: incidentId: '421176' playbookId: '832935' version: 741 responses: '200': description: Playbook execution initiated successfully. content: application/json: schema: type: object properties: id: type: string description: Playbook run ID. status: type: string enum: - running - completed - failed - waiting examples: RunPlaybook200Example: summary: Default runPlaybook 200 response x-microcks-default: true value: id: example-id status: failed '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK /integration/search: get: operationId: searchIntegrations summary: Palo Alto Networks Search Integrations description: >- Returns a list of available integration packs installed in the Cortex XSOAR instance. Integrations provide connectivity to third-party security tools and platforms. tags: - Integrations parameters: - name: query in: query description: Search query to filter integrations by name or category. schema: type: string example: example-query - name: page in: query schema: type: integer default: 0 example: 0 - name: size in: query schema: type: integer default: 50 example: 50 responses: '200': description: Integrations returned successfully. content: application/json: schema: type: object properties: configurations: type: array items: $ref: '#/components/schemas/Integration' total: type: integer examples: SearchIntegrations200Example: summary: Default searchIntegrations 200 response x-microcks-default: true value: configurations: - id: example-id name: Corporate Policy 44 display: example-display category: standard description: Malware malware threat suspicious alert alert violation incident activity detected policy rule. version: 338 fromVersion: 10.3.1 deprecated: false beta: true - id: example-id name: Corporate Policy 44 display: example-display category: standard description: Malware malware threat suspicious alert alert violation incident activity detected policy rule. version: 338 fromVersion: 10.3.1 deprecated: false beta: true total: 906 '401': $ref: '#/components/responses/Unauthorized' x-microcks-operation: delay: 0 dispatcher: FALLBACK /settings/integration/search: post: operationId: searchIntegrationInstances summary: Palo Alto Networks Search Integration Instances description: >- Returns a list of configured integration instances. Each instance represents a configured connection to a specific tool using a particular integration pack. Supports filtering by integration name and enabled status. tags: - Integrations requestBody: required: true content: application/json: schema: type: object properties: query: type: string description: Search query to filter instances by name or brand. page: type: integer default: 0 size: type: integer default: 50 examples: SearchIntegrationInstancesRequestExample: summary: Default searchIntegrationInstances request x-microcks-default: true value: query: example-query page: 0 size: 50 responses: '200': description: Integration instances returned successfully. content: application/json: schema: type: object properties: instances: type: array items: $ref: '#/components/schemas/IntegrationInstance' total: type: integer examples: SearchIntegrationInstances200Example: summary: Default searchIntegrationInstances 200 response x-microcks-default: true value: instances: - id: example-id name: Staging Firewall 25 brand: example-brand enabled: 'false' isIntegrationScript: true incomingMapperId: '599642' mappingId: '597859' configuration: &id008 {} - id: example-id name: Staging Firewall 25 brand: example-brand enabled: 'false' isIntegrationScript: true incomingMapperId: '599642' mappingId: '597859' configuration: *id008 total: 629 '401': $ref: '#/components/responses/Unauthorized' x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: apiKey: type: apiKey in: header name: Authorization description: >- Cortex XSOAR API key. Generate from Settings > Integrations > API Keys in the XSOAR console. Pass the key directly as the Authorization header value (no Bearer prefix required for standard API keys). parameters: incidentId: name: id in: path required: true description: Unique identifier of the incident. schema: type: string responses: BadRequest: description: Malformed request or invalid parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Unauthorized: description: Missing or invalid API key. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' NotFound: description: The requested resource was not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' InternalServerError: description: An internal server error occurred. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' schemas: Incident: type: object description: A Cortex XSOAR incident representing a security event under investigation. properties: id: type: string description: Unique incident identifier. readOnly: true example: example-id name: type: string description: Incident name or title. example: Branch Firewall 02 type: type: string description: Incident type (maps to an incident type definition). example: custom status: type: integer description: >- Incident status code: 0 (Pending), 1 (Active), 2 (Done), 3 (Archive). enum: - 0 - 1 - 2 - 3 example: 2 severity: type: integer description: >- Severity level: 0 (Unknown), 1 (Informational), 2 (Low), 3 (Medium), 4 (High), 5 (Critical). enum: - 0 - 1 - 2 - 3 - 4 - 5 example: 5 owner: type: string description: Username of the analyst assigned to this incident. example: example-owner created: type: string format: date-time description: Incident creation timestamp. readOnly: true example: '2026-04-27T13:10:38Z' modified: type: string format: date-time description: Last modification timestamp. readOnly: true example: '2026-02-28T09:07:32Z' occurred: type: string format: date-time description: Timestamp when the security event occurred. example: '2026-07-07T08:02:17Z' closed: type: string format: date-time description: Incident closure timestamp. example: '2025-06-22T23:38:50Z' closeReason: type: string description: Reason for closing the incident. example: example-closeReason closeNotes: type: string description: Notes added when closing the incident. example: Malware firewall on activity applied investigation suspicious detected activity. labels: type: array items: type: object properties: type: type: string example: standard value: type: string example: example-value description: Key-value label pairs attached to the incident. example: *id001 details: type: string description: Incident details or description. example: Suspicious firewall detected configured suspicious network detected blocked suspicious. investigationId: type: string description: Associated investigation ID. readOnly: true example: '720788' playbookId: type: string description: Playbook assigned to this incident. example: '265379' sourceInstance: type: string description: Integration instance that created this incident. example: example-sourceInstance sourceBrand: type: string description: Integration brand that created this incident. example: example-sourceBrand rawJson: type: string description: Raw JSON payload from the originating event. example: example-rawJson CustomFields: type: object description: Custom field values specific to the incident type. additionalProperties: true example: *id002 CreateIncidentRequest: type: object required: - name properties: name: type: string description: Incident name. example: Corporate Gateway 34 type: type: string description: Incident type name. example: custom severity: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 example: 2 owner: type: string example: example-owner occurred: type: string format: date-time example: '2025-12-19T01:48:14Z' details: type: string example: Traffic rule network firewall endpoint incident network incident configured firewall activity. labels: type: array items: type: object properties: type: type: string example: advanced value: type: string example: example-value example: *id009 createInvestigation: type: boolean default: true description: Whether to automatically create an investigation for this incident. example: true CustomFields: type: object additionalProperties: true example: *id010 rawJson: type: string example: example-rawJson UpdateIncidentRequest: type: object required: - id properties: id: type: string description: ID of the incident to update. example: example-id version: type: integer description: >- Incident version for optimistic locking. Retrieve from a prior GET request. example: 134 status: type: integer enum: - 0 - 1 - 2 - 3 example: 2 severity: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 example: 3 owner: type: string example: example-owner details: type: string example: Threat detected violation endpoint investigation traffic policy policy activity. closeReason: type: string example: example-closeReason closeNotes: type: string example: Rule endpoint activity detected violation malware alert on violation threat. CustomFields: type: object additionalProperties: true example: *id011 IncidentSearchRequest: type: object properties: filter: type: object description: Structured filter criteria for the incident search. properties: query: type: string description: Lucene query string (e.g., status:Active severity:High). example: example-query status: type: array items: type: integer example: - 553 - 65 sort: type: array items: type: object properties: field: type: string example: example-field asc: type: boolean example: true example: - field: example-field asc: true period: type: object properties: byFrom: type: string format: date-time example: '2025-10-15T10:06:27Z' byTo: type: string format: date-time example: '2025-07-01T06:45:06Z' example: byFrom: '2026-06-15T05:32:46Z' byTo: '2026-02-15T17:36:40Z' example: *id012 fromDate: type: string format: date-time example: '2025-04-24T04:56:15Z' toDate: type: string format: date-time example: '2024-07-10T05:59:35Z' size: type: integer default: 10 maximum: 100 example: 10 page: type: integer default: 0 example: 0 IncidentSearchResponse: type: object properties: total: type: object properties: value: type: integer example: 915 relation: type: string example: example-relation example: *id003 incidents: type: array items: $ref: '#/components/schemas/Incident' example: *id004 searchResultTotal: type: integer example: 847 Entry: type: object description: A war room entry in a Cortex XSOAR investigation. properties: id: type: string readOnly: true example: example-id investigationId: type: string example: '215099' type: type: integer description: >- Entry type: 1 (Note), 2 (Download), 3 (File), 4 (Error), 5 (Pinned), 6 (UserManagement), 7 (Image), 8 (PlaygroundCommand), 9 (PlaybookStatusNote), 10 (Canvas), 11 (Widget), 12 (Summary), 13 (Section), 14 (Table). example: 140 user: type: string description: Username of the user who created the entry. example: example-user created: type: string format: date-time example: '2024-07-22T09:20:31Z' modified: type: string format: date-time example: '2025-02-16T15:12:04Z' contents: type: string description: Entry content text. example: example-contents humanReadable: type: string description: Human-readable formatted content. example: example-humanReadable tags: type: array items: type: string example: *id005 CreateEntryRequest: type: object required: - investigationId - data properties: investigationId: type: string description: ID of the investigation to add the entry to. example: '274080' data: type: string description: Entry content text or command to execute. example: example-data markdown: type: boolean description: Whether to render the content as Markdown. default: false example: false tags: type: array items: type: string example: *id013 Investigation: type: object description: A Cortex XSOAR investigation containing war room entries and playbook state. properties: id: type: string readOnly: true example: example-id name: type: string example: Corporate Agent 49 status: type: integer example: 611 incidentId: type: string example: '613705' created: type: string format: date-time example: '2025-05-10T09:56:48Z' modified: type: string format: date-time example: '2026-07-27T07:59:00Z' entries: type: array items: $ref: '#/components/schemas/Entry' example: *id006 playbookId: type: string example: '207029' runningPlaybooks: type: array items: type: string example: *id007 Playbook: type: object description: A Cortex XSOAR playbook defining an automated response workflow. properties: id: type: string readOnly: true example: example-id name: type: string example: Production Policy 92 version: type: integer example: 797 description: type: string example: Incident blocked suspicious policy violation malware on alert blocked on firewall. tags: type: array items: type: string example: *id014 fromVersion: type: string description: Minimum XSOAR version required. example: 6.6.6 toVersion: type: string example: 9.3.8 deprecated: type: boolean example: true Integration: type: object description: A Cortex XSOAR integration pack providing connectivity to a third-party tool. properties: id: type: string example: example-id name: type: string example: Corporate Policy 44 display: type: string description: Human-readable display name. example: example-display category: type: string description: Integration category (e.g., Endpoint, Firewall, SIEM). example: standard description: type: string example: Malware malware threat suspicious alert alert violation incident activity detected policy rule. version: type: integer example: 338 fromVersion: type: string example: 10.3.1 deprecated: type: boolean example: false beta: type: boolean example: true IntegrationInstance: type: object description: A configured instance of an integration in Cortex XSOAR. properties: id: type: string example: example-id name: type: string description: Unique name of this instance. example: Staging Firewall 25 brand: type: string description: Integration brand name. example: example-brand enabled: type: string enum: - 'true' - 'false' example: 'false' isIntegrationScript: type: boolean example: true incomingMapperId: type: string example: '599642' mappingId: type: string example: '597859' configuration: type: object description: Integration configuration parameters. example: *id008 ErrorResponse: type: object properties: id: type: string example: example-id status: type: integer example: 19 title: type: string example: Corporate Gateway 74 detail: type: string example: example-detail error: type: string example: example-error