xsoar-contrib/content
Feb 2025 – Oct 2025
7 Months active
Languages Used
YAMLMarkdown
Technical Skills
Incident ManagementPlaybook DevelopmentGoogle Workspace SecurityIncident Response AutomationSOAR Playbook DevelopmentSecurity Automation
Shai Cohen Kadosh
PROFILE
Shai Cohen Kadosh
Sagi Cohen Kadosh developed and enhanced security automation playbooks in the xsoar-contrib/content repository, focusing on incident response, cloud security, and documentation quality. He engineered solutions for Azure AD and Google Workspace, automating triage, evidence collection, and remediation for privilege escalation and external access threats. Using YAML and Markdown, Sagi implemented robust error handling, input validation, and integration with cloud services to ensure reliable workflows. His work included refactoring playbooks, enriching file reputation analysis, and improving release management through clear documentation. These contributions reduced manual intervention, accelerated response times, and strengthened the reliability and maintainability of security operations automation.
Overall Statistics
Feature vs Bugs
82%Features
Repository Contributions
15Total
Bugs
2
Commits
15
Features
9
Lines of code
10,565
Activity Months7
Your Network
69 people
Work History
October 2025
5 Commits • 4 Features
Oct 1, 2025October 2025 Monthly Summary for xsoar-contrib/content: Delivered four major feature enhancements focused on documentation, playbook refactoring, and data enrichment to improve security automation and operational efficiency. Work emphasized release readiness, cloud/identity automation, file reputation enrichment, and SSO incident response playbooks, with a strong focus on maintainability and metadata quality.
5 Commits • 4 Features
Oct 1, 2025October 2025 Monthly Summary for xsoar-contrib/content: Delivered four major feature enhancements focused on documentation, playbook refactoring, and data enrichment to improve security automation and operational efficiency. Work emphasized release readiness, cloud/identity automation, file reputation enrichment, and SSO incident response playbooks, with a strong focus on maintainability and metadata quality.
October 2025
September 2025
5 Commits • 2 Features
Sep 1, 2025September 2025 monthly summary for xsoar-contrib/content: Focused on delivering business value through more reliable Cortex Response and Remediation playbooks and stronger documentation. Implemented LDAP enumeration enhancements, XQL-based investigations, Slack/MS Teams user verification, and refreshed scripts/dependencies to accelerate remediation. Completed Documentation/Metadata improvements for clear release notes and rollout. Hardened playbooks against real-world events by fixing suspicious hidden-user detection, mass-user deletion scenarios, and adding Azure authentication method. Overall impact: faster investigations, reduced manual steps, safer releases, and improved deployment hygiene.
September 2025
5 Commits • 2 Features
Sep 1, 2025September 2025 monthly summary for xsoar-contrib/content: Focused on delivering business value through more reliable Cortex Response and Remediation playbooks and stronger documentation. Implemented LDAP enumeration enhancements, XQL-based investigations, Slack/MS Teams user verification, and refreshed scripts/dependencies to accelerate remediation. Completed Documentation/Metadata improvements for clear release notes and rollout. Hardened playbooks against real-world events by fixing suspicious hidden-user detection, mass-user deletion scenarios, and adding Azure authentication method. Overall impact: faster investigations, reduced manual steps, safer releases, and improved deployment hygiene.
August 2025
1 Commits
Aug 1, 2025August 2025 focused on stabilizing external-service interactions and strengthening the reliability of the Detonate Playbook in the xsoar-contrib/content repository. The primary delivery targeted robustness by skipping ANY.RUN playbooks when unavailable, preventing errors in the Detonate URL - Generic v1.5 workflow when coordinating with external services. This change reduces flaky runs and preserves user workflows in production scenarios.
1 Commits
Aug 1, 2025August 2025 focused on stabilizing external-service interactions and strengthening the reliability of the Detonate Playbook in the xsoar-contrib/content repository. The primary delivery targeted robustness by skipping ANY.RUN playbooks when unavailable, preventing errors in the Detonate URL - Generic v1.5 workflow when coordinating with external services. This change reduces flaky runs and preserves user workflows in production scenarios.
August 2025
July 2025
1 Commits • 1 Features
Jul 1, 2025Month 2025-07: Delivered an automation playbook to strengthen external access controls for SaaS files in the xsoar-contrib/content repository. Key deliverable: External Access Anonymous Link Response Playbook, which automates triage, investigation, and remediation for alerts about external users accessing sensitive SaaS files via anonymous links. The playbook integrates with cloud services and security tools to identify risks and take actions, enabling faster and more consistent responses.
July 2025
1 Commits • 1 Features
Jul 1, 2025Month 2025-07: Delivered an automation playbook to strengthen external access controls for SaaS files in the xsoar-contrib/content repository. Key deliverable: External Access Anonymous Link Response Playbook, which automates triage, investigation, and remediation for alerts about external users accessing sensitive SaaS files via anonymous links. The playbook integrates with cloud services and security tools to identify risks and take actions, enabling faster and more consistent responses.
June 2025
1 Commits • 1 Features
Jun 1, 2025June 2025 highlights: Implemented a new Azure AD Suspicious Role Assignment Response Playbook under xsoar-contrib/content to automate containment and remediation of privileged access threats. The playbook triages incidents, gathers evidence, and assesses user/IP reputation to decide remediation steps (revoke sessions, remove role assignments, or disable users) with an emphasis on reducing mean time to containment for privilege-escalation events.
1 Commits • 1 Features
Jun 1, 2025June 2025 highlights: Implemented a new Azure AD Suspicious Role Assignment Response Playbook under xsoar-contrib/content to automate containment and remediation of privileged access threats. The playbook triages incidents, gathers evidence, and assesses user/IP reputation to decide remediation steps (revoke sessions, remove role assignments, or disable users) with an emphasis on reducing mean time to containment for privilege-escalation events.
June 2025
March 2025
1 Commits • 1 Features
Mar 1, 2025March 2025: Delivered Google Workspace Playbook Enhancements in xsoar-contrib/content, focusing on reliability, evidence collection, detection of malicious indicators, and containment actions. Improvements include handling missing integrations, enhanced error handling, and clearer release notes. No major bugs fixed this month; the work emphasized feature delivery and incident-response readiness.
March 2025
1 Commits • 1 Features
Mar 1, 2025March 2025: Delivered Google Workspace Playbook Enhancements in xsoar-contrib/content, focusing on reliability, evidence collection, detection of malicious indicators, and containment actions. Improvements include handling missing integrations, enhanced error handling, and clearer release notes. No major bugs fixed this month; the work emphasized feature delivery and incident-response readiness.
February 2025
1 Commits
Feb 1, 2025February 2025 monthly summary for xsoar-contrib/content: Hardened the ServiceNow Create Ticket Playbook by adding a conditional check to handle missing InstanceName. This change routes ticket creation to the primary/default ServiceNow instance when InstanceName is not provided, improving reliability across instances and reducing ticket creation failures. Delivered as part of the Feb 2025 work, anchored by commit 05c89b1efcda2478ba8df2c6d7b2647d38419289 (Fix ServiceNow Create Ticket Playbook (#38627)).
1 Commits
Feb 1, 2025February 2025 monthly summary for xsoar-contrib/content: Hardened the ServiceNow Create Ticket Playbook by adding a conditional check to handle missing InstanceName. This change routes ticket creation to the primary/default ServiceNow instance when InstanceName is not provided, improving reliability across instances and reducing ticket creation failures. Delivered as part of the Feb 2025 work, anchored by commit 05c89b1efcda2478ba8df2c6d7b2647d38419289 (Fix ServiceNow Create Ticket Playbook (#38627)).
February 2025
Activity
Loading activity data...
Quality Metrics
Correctness86.0%
Maintainability85.4%
Architecture76.0%
Performance72.0%
AI Usage20.0%
Skills & Technologies
Programming Languages
MarkdownYAML
Technical Skills
AutomationAzure AD SecurityBug FixingCloud SecurityDocumentationGoogle Workspace SecurityIncident ManagementIncident ResponseIncident Response AutomationPlaybook DevelopmentRelease ManagementResponse (SOAR)SOAR Playbook DevelopmentSecurity AutomationSecurity Orchestration
Repositories Contributed To
Overview of all repositories you've contributed to across your timeline