BP-2274: Add Cortex XSOAR integration admin and user guides #138
Conversation
|
Warning Rate limit exceeded@jeff-matthews has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 12 minutes and 56 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (1)
WalkthroughAdds Cortex XSOAR documentation: a new navigation group and overview card, plus two MDX pages documenting configuration and usage; also fixes a missing CSS brace and hides the Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes
Possibly related PRs
Suggested reviewers
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 6
🧹 Nitpick comments (1)
docs/integrations/cortex-xsoar/configure.mdx (1)
1-120: Consider adding a note about the PR title typo.The PR title contains a typo: "Cortext XSOAR" should be "Cortex XSOAR". While this doesn't affect the documentation content itself, you may want to update the PR title for clarity.
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (10)
docs/images/integrations/cortex-soar/add-bhe-instance.pngis excluded by!**/*.pngdocs/images/integrations/cortex-soar/dbot-panel.pngis excluded by!**/*.pngdocs/images/integrations/cortex-soar/incident-details.pngis excluded by!**/*.pngdocs/images/integrations/cortex-soar/manage-or-disable.pngis excluded by!**/*.pngdocs/images/integrations/cortex-soar/monitor-logs.pngis excluded by!**/*.pngdocs/images/integrations/cortex-soar/open-instances.pngis excluded by!**/*.pngdocs/images/integrations/cortex-soar/schedule.pngis excluded by!**/*.pngdocs/images/integrations/cortex-soar/test-connection.pngis excluded by!**/*.pngdocs/images/integrations/cortex-soar/view-incidents.pngis excluded by!**/*.pngdocs/images/integrations/cortex-soar/workplan-playbook.pngis excluded by!**/*.png
📒 Files selected for processing (4)
docs/docs.json(1 hunks)docs/integrations/cortex-xsoar/configure.mdx(1 hunks)docs/integrations/cortex-xsoar/use.mdx(1 hunks)docs/integrations/overview.mdx(1 hunks)
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: StephenHinck
Repo: SpecterOps/bloodhound-docs PR: 67
File: docs/collect-data/enterprise-collection/privileged-collection.mdx:7-7
Timestamp: 2025-10-02T18:01:39.059Z
Learning: In the BloodHound documentation repository, "BloodHound" as a standalone name refers to the entire product family and is appropriate to use when content applies to all products in the family (Enterprise and Community Edition). "BloodHound Enterprise" should be used only when referring specifically to Enterprise-only features or capabilities.
📚 Learning: 2025-10-02T18:01:39.059Z
Learnt from: StephenHinck
Repo: SpecterOps/bloodhound-docs PR: 67
File: docs/collect-data/enterprise-collection/privileged-collection.mdx:7-7
Timestamp: 2025-10-02T18:01:39.059Z
Learning: In the BloodHound documentation repository, "BloodHound" as a standalone name refers to the entire product family and is appropriate to use when content applies to all products in the family (Enterprise and Community Edition). "BloodHound Enterprise" should be used only when referring specifically to Enterprise-only features or capabilities.
Applied to files:
docs/integrations/cortex-xsoar/use.mdx
📚 Learning: 2025-08-22T22:40:24.105Z
Learnt from: StephenHinck
Repo: SpecterOps/bloodhound-docs PR: 53
File: docs/analyze-data/posture-page.mdx:33-41
Timestamp: 2025-08-22T22:40:24.105Z
Learning: BloodHound Enterprise has exactly four severity levels for attack paths: CRITICAL (95%–100%), HIGH (80%–94%), MODERATE (40%–79%), and LOW (0%–39%). There is no "NONE" or similar severity level for 0% exposure.
Applied to files:
docs/integrations/cortex-xsoar/use.mdx
🔇 Additional comments (2)
docs/docs.json (1)
203-209: LGTM!The navigation structure for the Cortex XSOAR integration is properly configured and follows the same pattern as the existing Splunk integration.
docs/integrations/cortex-xsoar/use.mdx (1)
9-9: Inconsistent product naming: "Cortex SOAR" vs "Cortex XSOAR".The text refers to "Cortex SOAR" but the product name throughout the documentation is "Cortex XSOAR". This inconsistency may confuse readers.
🔎 Apply this diff to fix the naming:
-After you configure the integration, Cortex XSOAR begins fetching BloodHound Enterprise attack path findings as incidents. Use the sections below to monitor ingestion, view incidents, and inspect details. +After you configure the integration, Cortex XSOAR begins fetching BloodHound Enterprise attack path findings as incidents. Use the sections below to monitor ingestion, view incidents, and inspect details.⛔ Skipped due to learnings
Learnt from: StephenHinck Repo: SpecterOps/bloodhound-docs PR: 67 File: docs/collect-data/enterprise-collection/privileged-collection.mdx:7-7 Timestamp: 2025-10-02T18:01:39.059Z Learning: In the BloodHound documentation repository, "BloodHound" as a standalone name refers to the entire product family and is appropriate to use when content applies to all products in the family (Enterprise and Community Edition). "BloodHound Enterprise" should be used only when referring specifically to Enterprise-only features or capabilities.Learnt from: StephenHinck Repo: SpecterOps/bloodhound-docs PR: 53 File: docs/analyze-data/posture-page.mdx:33-41 Timestamp: 2025-08-22T22:40:24.105Z Learning: BloodHound Enterprise has exactly four severity levels for attack paths: CRITICAL (95%–100%), HIGH (80%–94%), MODERATE (40%–79%), and LOW (0%–39%). There is no "NONE" or similar severity level for 0% exposure.
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
docs/integrations/splunk/install.mdx (1)
95-95: Fix inconsistent link target for non-personal API key.Line 95 has the same inconsistency that was corrected on line 21: the text says "non-personal API key/ID pair" but the link points to
#create-a-personal-api-key-and-id-pair(the personal key section).🔎 Apply this diff to fix the link:
- <Note>We recommend a [non-personal API key/ID pair](/integrations/bloodhound-api/working-with-api#create-a-personal-api-key-and-id-pair) with the **Auditor** role for the Splunk integration.</Note> + <Note>We recommend a [non-personal API key/ID pair](/integrations/bloodhound-api/working-with-api#create-a-non-personal-api-key%2Fid-pair) with the **Auditor** role for the Splunk integration.</Note>
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
docs/integrations/cortex-xsoar/configure.mdx(1 hunks)docs/integrations/cortex-xsoar/use.mdx(1 hunks)docs/integrations/overview.mdx(1 hunks)docs/integrations/splunk/install.mdx(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
- docs/integrations/cortex-xsoar/use.mdx
- docs/integrations/overview.mdx
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: StephenHinck
Repo: SpecterOps/bloodhound-docs PR: 67
File: docs/collect-data/enterprise-collection/privileged-collection.mdx:7-7
Timestamp: 2025-10-02T18:01:39.059Z
Learning: In the BloodHound documentation repository, "BloodHound" as a standalone name refers to the entire product family and is appropriate to use when content applies to all products in the family (Enterprise and Community Edition). "BloodHound Enterprise" should be used only when referring specifically to Enterprise-only features or capabilities.
📚 Learning: 2025-10-02T18:01:39.059Z
Learnt from: StephenHinck
Repo: SpecterOps/bloodhound-docs PR: 67
File: docs/collect-data/enterprise-collection/privileged-collection.mdx:7-7
Timestamp: 2025-10-02T18:01:39.059Z
Learning: In the BloodHound documentation repository, "BloodHound" as a standalone name refers to the entire product family and is appropriate to use when content applies to all products in the family (Enterprise and Community Edition). "BloodHound Enterprise" should be used only when referring specifically to Enterprise-only features or capabilities.
Applied to files:
docs/integrations/splunk/install.mdxdocs/integrations/cortex-xsoar/configure.mdx
🔇 Additional comments (1)
docs/integrations/splunk/install.mdx (1)
21-21: LGTM! Link correctly points to non-personal API key section.The updated link target now correctly matches the text "non-personal API key/ID pair" and points to the appropriate documentation section.
Purpose
This pull request (PR) adds admin and user docs for the Cortex XSOAR integration for BloodHound Enterprise.
Staging
Summary by CodeRabbit
Documentation
Style
✏️ Tip: You can customize this high-level summary in your review settings.