Development overview
At a minimum, an app accesses data from the SOAR Platform.
- Access data from the SOAR Platform.
- Send data to the SOAR Platform.
- Present data directly to a user, such as a security analyst, in a custom field or data table.
- Facilitate communication between the SOAR Platform and a security program.
- Set up your development environment, which includes installing the SDK.
- Log in to the SOAR Platform and create the functions and other playbook components that are needed for your app.
- Use the codegen utility provided by the SDK to export those components into your development environment and create a Python module.
- Edit the .py file in the components directory to customize the app. The information in the .py file is the function processor.
- Test the app, which includes connecting to the SOAR Platform and running the rule or playbook that uses the function. Make sure to code for and test the error conditions.
- Update your app as needed.
- Use the docgen utility provided by the SDK to create documentation for your app.
- Package your app. Make sure to update the icons in the package and review the permission settings.
- Publish your app.
An app is available in two formats. One format supports the App Host Kubernetes-based container environments. The other format supports the previously available integration format that would run on an Integration Server. The container-based format uses containers for improved usability, manageability, and security. An app in this format is installed directly to the App Host, which is paired to the SOAR Platform. An app in the extension format requires that the extension is loaded on to an integration server then deployed to the SOAR Platform. Earlier releases of the SOAR Platform support only integrations that run on the Integration Server.
The process of packaging your app creates the app in both formats.