# Cortex XSOAR (formerly Demisto) Integration [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/xsoar) is the industry’s only extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intelligence management to transform every stage of the alert lifecycle. Teams can manage alerts across all sources, standardize processes with playbooks, take action on threat intelligence and automate response for any security use case, resulting in significantly faster responses that require less manual review. ## In ilert: Create a Cortex XSOAR alert source 1. Go to **Alert sources** --> **Alert sources** and click on **Create new alert source**

2. Search for **Cortex XSOAR** in the search field, click on the Cortex XSOAR tile and click on **Next**.

3. Give your alert source a name, optionally assign teams and click **Next**. 4. Select an **escalation policy** by creating a new one or assigning an existing one.

5. Select you [Alert grouping](https://docs.ilert.com/alerting/configure-alerting/alert-sources#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.

6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on **Finish setup** for now. 7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

## In Cortex XSOAR Server: Add Integration 1. Go to Cortex XSOAR, then to **Settings -> Integrations**, search for **iLert** integration and click on the **Add instance** button ![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MXcRF_ZLDWn90Wof7i5%2F-MXcSm7wT4_rqDAHvW4W%2FSettings.png?alt=media\&token=e1552476-487e-4605-bc71-30057d8d352f) 2. On the modal window, name the instance, paste the ilert **API Key** that that you generated in ilert and click on the **Save & exit** button ![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MXcRF_ZLDWn90Wof7i5%2F-MXcTejijQCUjrYdRgTE%2FSettings.png?alt=media\&token=0eda63e2-67f6-4ce0-967a-5f358a67009b) 3. Type some available ilert command to test the integration, e.g. ```bash !iLert-submit-event summary="Test alert" ``` ![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MXcRF_ZLDWn90Wof7i5%2F-MXcUxbEtZQ8DVZTHB30%2FSettings.png?alt=media\&token=83c24535-90bf-44fc-8a23-27c330f0a86e) ## FAQ **Can I connect Cortex XSOAR with multiple alert sources from ilert?** Yes, simply add more integration instances in Cortex XSOAR. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ilert.com/integrations/inbound-integrations/cortex-xsoar.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.