Farewell to 2021! A Look Back on the Cortex XSOAR Marketplace

Jan 19, 2022
10 minutes
... views

As we enter the new year, it’s important to celebrate the progress we have made. When we launched the Cortex XSOAR Marketplace in August 2020, we couldn’t have guessed how big it would become. 2021 brought new collaborators and hundreds of content packs. Today, we have over 830 content packs created both internally and externally. 

As an innovator in the security market, it is our goal to provide security teams with the features and content they need to protect their organization and maintain operations no matter what comes their way. Cortex XSOAR has launched over 500 content packs to provide utility to our customers in many different ways. Additionally, over 100 partners have provided seamless integrations between their products and XSOAR to help security teams craft the perfect system. Also in 2021, we launched our externally facing Marketplace to allow people to explore all the offerings outside of the XSOAR platform. 

The vision we have for the XSOAR Marketplace is becoming reality. As our community grows, we’re beginning to see new packs from professionals in all walks of cybersecurity. From expert companies to individual contributors, we have so many people to thank for the growth over the last year. 

New Marketplace content packs from July 2021 to December 2021

We released 116 new content packs between July and December to provide our customers with the capabilities they need. The XSOAR Marketplace covers a wide range of security automation use cases including authentication, case management, endpoint security, email gateways, threat intel, messaging, network security, SIEM, and more. Check out the content packs we’ve released over the last 6 months: 

Analytics & SIEM

  • Armorblox - Stops targeted email attacks, protects sensitive data, and automates incident response.
  • Altipeak - Integration with Safewalk identity management and report service.
  • Logsign SIEM - Collect and store unlimited data, investigate and detect threats, and respond automatically. 
  • MicroFocus SMAX - Fetch SMAX incidents/requests and automate different sorts of actions.
  • SOCRadar - Streamline remediation of alerts and incidents.

Attack Surface Management

  • ArcusTeam - Identify and manage vulnerabilities found on IoT devices.
  • SecurityTrails - Integration with SecurityTrails platform. 


  • FireMon Security Manager - Create a Policy Planner Ticket and Verify Pre Changes Assessment for Rule Requirement.
  • FortiAuthenticator - Manage user configuration.
  • SafeNet Trusted Access - Access management solution that allows organizations to centrally manage and secure access to business applications. 
  • ThycoticDSV - Retrieve the data stored in the Thycotic DevOps Storage Vault and use it in other integrations.

Case Management

  • PenfieldAI - A human-machine intelligence platform to model Cybersecurity Analysts actions and processes in real-time.

Data Enrichment & Threat Intelligence

  • Abnormal Security - Detects the whole spectrum of email attacks. 
  • ArcannaAI - Provides AI assistance to IT & Cybersecurity teams.
  • Cybersixgill Actionable Alerts - Automatically retrieve Cybersixgill's actionable alerts based on organization assets.
  • Cybersixgill-DVE - Enables users to track threats from vulnerabilities that others define as irrelevant but could be exploited.
  • FlashPointFeed - Access IOCs and technical data across Flashpoint datasets and those included in Finished Intelligence Reports.
  • HYAS Protect - Get the verdict information for FQDN, IP Address and NameServer.
  • HYAS Insight - A threat investigation and attribution solution that uses exclusive data sources and non-traditional mechanisms.
  • KELA RaDark - Supports full integration with KELA’s RaDark platform.
  • IP-API - Enriches IP addresses with data about geolocation and association with mobile devices, hosts, or proxies.
  • MalwareBazaar - Download malware samples, comment malware samples, and obtain intel based on file hash, tag, signature, file type, etc.
  • MISP - Fetches attributes from MISP and creates indicators from them.
  • NucleonCyber - Integrate NucleonCyber indicators, including IP, URL, and files.
  • Qintel - Integrate Qintel products, including Patch Management Intelligence (PMI), QSentry, and QWatch.
  • RSS Feed -Access updates and articles on websites in a standardized, computer-readable format. 
  • SOCRadar Threat Feed - Obtain indicators to gain knowledge about the malicious activities.
  • Unit 42 Intel - Fetch a list of threat intel objects provided by Palo Alto Network’s Unit 42 threat researchers. 


Forensics & Malware Analysis

Identity & Access Management

  • AWS-ILM - Execute CRUD and Group operations for employee lifecycle processes.
  • Clarizen IAM - Perform operations in the employee lifecycle processes.
  • Envoy - An enterprise workplace visitor management software platform.
  • Exceed LMS - A specialized LMS and Phishing Simulator created to manage security awareness content.
  • OracleIAM - Execute CRUD and Group operations for employee lifecycle processes.
  • PingIdentity - Utilize PingOne cloud identity and access management services for different triggering events.
  • SalesForce Fusion - Execute CRUD operations for employee lifecycle processes.
  • SAP-IAM - Execute CRUD operations for employee lifecycle processes in SAP.


  • UBIRCH - Verify data authenticity and integrity and correctness of sequence.

IT Services

Network Security

  • Cloud-IDS - Next-generation advanced intrusion detection service.
  • PicusAutomation - Run commands on Picus and automate security validation with playbooks.
  • SaaS Security (Prisma) - Provides unparalleled visibility and precise control of SaaS applications using an extensive library of application signatures.
  • Social Engineer Domain Analysis - Enrich and compare domains against your organizations registered domain.

Phishing / Email 

  • Cyren Inbox Security - Protect Office 365 mailboxes from evasive phishing, business email compromise, and fraud.
  • Ironscales - A self-learning email security platform, automatically responding to malicious emails.
  • PhishER - Automatic prioritization lets teams cut through the inbox noise and respond to the most dangerous threats more quickly.
  • PhishingAlerts - Retrieve, process, and analyze email files to manage phishing alert incidents.


  • Atlassian Confluence Cloud - Interact with Confluence entities and manage space permissions.
  • AppendIfNotEmpty - Append items to the end of a list if they are not empty.
  • CircleCI - A modern continuous integration and continuous delivery (CI/CD) platform that automates building, testing, and deploying software.
  • CiscoWSA - To retrieve and modify Cisco Web Security Gateway features.
  • Cofense Intelligence v2 - Human-verified phishing intelligence for actionable defense and strategic planning.
  • Content Installation - Enables easy installation of content packs.
  • Content Management - Orchestrate your XSOAR system configuration.
  • ConvertTimezoneFromUTC - Utilities: Transformer (Date) to Convert UTC to another Timezone. 
  • CreateHash - Convert a text input into a hash from the Python library. 
  • CreatePlbkDoc - Produce docx file detailing the tasks in the given playbook.
  • CyberChef - Integrate with your CyberChef server.
  • DeduplicateValuesbyKey - Give a list of objects and a key and receive a list of unique values.
  • Dig - Run Dig automation to get 'A' and 'PTR' records.
  • DNSOverHttps - Make DNS queries over HTTPS to Cloudflare or Google DoH service.
  • Dynamic Sections Report - Display indicator and incident information easily on custom layouts.
  • Forward XSOAR Audit Logs to Splunk HEC - Use the XSOAR API to get the audit logs and push them to Splunk HEC.
  • Google Maps - Use the geocoding API to return the coordinates of a given address.
  • Hey - Utilities: Use rakyll/hey to test a web application with a load of requests.
  • InvertEveryTwoItems - This transformer will invert every two items in an array.
  • IsArrayItemInList - Comparing array(list) data of context to existing lists.
  • JsonUnescape - Recursively un-escapes JSON strings found in a JSON object. 
  • LINENotify - Utilities: Sends messages to LINE Group.
  • MergeDictArray - Each entry in an array is merged into the existing array if the keyed-value matches.
  • MS-ISAC - Fetch MS-ISAC events and alert details.
  • Network Calculator - Automate network data calculations.
  • Nexthink - Helps IT teams deliver on the promise of the modern digital workplace.
  • ParseHTMLTables - Find tables inside HTML and extract the contents into objects.
  • Powershell Remoting - Remotely connect to Windows hosts to execute Powershell commands.
  • Publish List - Publish XSOAR lists for external consumption.
  • Redact/Defang Indicators - Redact, defang, or obfuscate indicators before sharing.
  • RemoveEmpty - Remove empty items from the array.
  • Schedule Task and Poll - Schedule a specified command and monitor for completion by looking for output in context.
  • SplunkCIMFields - Convert Splunk CIM Dynamic Fields into their values.
  • Strip Accent Marks from String - Strip accent marks (diacritics) from a given string.
  • System Diagnostics and Health Check - Automatically review the current server and content for issues and best practices. 
  • Twitter - Perform searches on twitter for tweets, users, and user information.
  • Team Management - Playbooks and automation scripts to help with the management of team members within an incident.
  • Web Scraper - An automation script to web scrape a URL or HTML page.
  • XSOAR Content Update Notifications - Shows all installed content packs and whether or not they have an update.

Vulnerability Management

  • Cohesity Helios - Performs actions based on alerts raised in Cohesity Helios
  • CVE-2021-44228 - Log4j RCE - Patches a critical 0-day exploit in the Java library log4j.
  • CVE-2021-40444 - MSHTML RCE - Addresses vulnerabilities in the MSHTML engine.
  • Edgescan - Cloud-based continuous vulnerability management and penetration testing solution.
  • HackerOne - A vulnerability coordination and bug bounty platform.
  • PingCastle - Audit the risk level of your AD infrastructure and check for vulnerable practices.
  • SecurityScorecard - Provides security scorecards and alerts for domains.
  • ShiftLeft CORE - See high risk vulnerabilities in your application before they go into production.

View the full release notes for the featured packs listed above:

21.7.0, 21.7.1, 21.8.0, 21.8.1, 21.8.2, 21.9.0, 21.9.1, 21.10.0, 21.10.1, 21.1.0, 21.11.1, 21.12.0, 21.12.1

Visit the XSOAR Marketplace to browse the available content packs and integrations. 

New to Cortex XSOAR? Download the Community Edition to try the out of the box capabilities today or sign up for the next guided Hands on Workshop.

Join us for 2022

Cortex XSOAR remains dedicated to our customers by releasing capabilities and content packs to cover the gaps in your security. We have some exciting enhancements coming to the Marketplace in the very near future, so be sure to keep an eye out!  On behalf of the XSOAR team, I’d like to thank all of the customers and partners that made 2021 so great.

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.