diff --git a/README.md b/README.md
index 4118d999..48e7bd73 100644
--- a/README.md
+++ b/README.md
@@ -49,7 +49,7 @@ Github issues and feature requests welcomed.
| Logging | sentryio |
| MacOS | airport
macchanger
wdutil |
| Python | logging
requests |
-| SOAR | swimlane
splunk soar |
+| SOAR | swimlane
splunk soar
xsoar |
| Recon | nmap |
| Test Automation | selenium |
diff --git a/automon/integrations/xsoar/__init__.py b/automon/integrations/xsoar/__init__.py
new file mode 100644
index 00000000..6a965d12
--- /dev/null
+++ b/automon/integrations/xsoar/__init__.py
@@ -0,0 +1,2 @@
+from .client import XSOARClient
+from .config import XSOARConfig
diff --git a/automon/integrations/xsoar/client.py b/automon/integrations/xsoar/client.py
new file mode 100644
index 00000000..25ad650d
--- /dev/null
+++ b/automon/integrations/xsoar/client.py
@@ -0,0 +1,16 @@
+from .config import XSOARConfig
+
+
+class XSOARClient(object):
+ """XSOAR REST API client
+
+ referenc: https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/kjn2q21a7yrbm-get-started-with-cortex-xsoar-8-ap-is
+ """
+
+ def __init__(self, host: str = None, token: str = None, config: XSOARConfig = None):
+ self.config = config or XSOARConfig(host=host, token=token)
+
+ def is_ready(self):
+ if self.config.is_ready():
+ return True
+ return False
diff --git a/automon/integrations/xsoar/config.py b/automon/integrations/xsoar/config.py
new file mode 100644
index 00000000..fef21444
--- /dev/null
+++ b/automon/integrations/xsoar/config.py
@@ -0,0 +1,21 @@
+from automon import environ
+
+
+class XSOARConfig(object):
+ """XSOAR REST API client config"""
+
+ def __init__(self, host: str = None, api_key: str = None, api_key_id: str = None):
+ self.host = host or environ('XSOAR_FQDN')
+ self.api_key = api_key or environ('XSOAR_API_KEY')
+ self.api_key_id = api_key_id or environ('XSOAR_API_KEY_ID')
+
+ def is_ready(self) -> bool:
+ if self.host and self.api_key and self.api_key_id:
+ return True
+ return False
+
+ def headers(self):
+ return {
+ '': f'Authorization:{self.api_key}',
+ '': f'x-xdr-auth-id:{self.api_key_id}'
+ }
diff --git a/automon/integrations/xsoar/tests/__init__.py b/automon/integrations/xsoar/tests/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/automon/integrations/xsoar/tests/test_client_auth.py b/automon/integrations/xsoar/tests/test_client_auth.py
new file mode 100644
index 00000000..693b2e72
--- /dev/null
+++ b/automon/integrations/xsoar/tests/test_client_auth.py
@@ -0,0 +1,15 @@
+import unittest
+
+from automon.integrations.xsoar import XSOARClient
+
+
+class MyTestCase(unittest.TestCase):
+ test = XSOARClient()
+
+ if test.is_ready():
+ def test_auth(self):
+ self.assertTrue(self.test.is_ready())
+
+
+if __name__ == '__main__':
+ unittest.main()
diff --git a/automon/integrations/xsoar/tests/test_config.py b/automon/integrations/xsoar/tests/test_config.py
new file mode 100644
index 00000000..e496be05
--- /dev/null
+++ b/automon/integrations/xsoar/tests/test_config.py
@@ -0,0 +1,15 @@
+import unittest
+
+from automon.integrations.xsoar import XSOARConfig
+
+
+class MyTestCase(unittest.TestCase):
+ test = XSOARConfig()
+
+ if test.is_ready():
+ def test_config(self):
+ self.assertTrue(self.test.is_ready())
+
+
+if __name__ == '__main__':
+ unittest.main()
diff --git a/env-example.sh b/env-example.sh
index 0be017cb..fb6ec32d 100644
--- a/env-example.sh
+++ b/env-example.sh
@@ -147,3 +147,8 @@ VDS_PASSWORD=
# Wdutil
WDUTIL_PASSWORD=
+
+# XSOAR
+XSOAR_FQDN=
+XSOAR_API_KEY=
+XSOAR_API_KEY_ID=