Security Operations XSOAR-Engineer Book

Integration debug messages (generated using demisto.debug) are stored in the Integration Logs table, not in the War Room or incident labels.

The Admin Guide states that all logs generated by integration code are visible through the Integration Logs section for troubleshooting.

In Cortex XSOAR’s documented Dev/Prod deployment model, thedevelopment tenantis designed to be the workspace where engineers create, modify, test, and validate content before promoting it into production. As part of this workflow, the development tenant includes the“Export all custom content”feature, which generates a structured content bundle containing custom playbooks, integrations, fields, layouts, lists, and other artifacts. This bundle is then imported into the production tenant to ensure controlled, versioned, and tested promotion of content.

The Admin Guide highlights that this export capability isrestricted to the development environmentto preserve the integrity and stability of the production tenant. Production systems are intentionally limited, allowing only the import (not export) of custom content to prevent accidental overwriting, drift, or unintended modifications.

Marketplace access (A) exists in both tenants. Custom integration instances (C) can be created in either tenant. The Content Repository page (B) is also available across both environments.

Therefore, the only feature exclusive to the development tenant isD: “Export all custom content.”This ensures a safe, repeatable Dev→Prod promotion model aligned with enterprise change-control requirements.