v2.2.1

GoCortex Git (GCGit) v2.2.1: Expanded Content Types, Improved Pagination Support, Expanded YAML Sorting + New Project Logo.

Overview

Go Cortex Git is a Rust-based command-line interface (CLI) tool designed to serve as a lightweight abstraction layer between local Git operations and the Cortex XSIAM REST API. Its purpose is to enable security teams to version-control and deploy Cortex XSIAM configuration objects—such as Correlation Searches, Dashboards, BIOCs, and Scripts - without requiring a full-scale CI/CD pipeline or remote Git hosting.

New in GCGit v2.2.1

Updates:

• Expanded XSIAM from 6 to 9 content types by adding:
  • scheduled_queries (XQL scheduled queries via scheduled_queries/list)
  • xql_library (reusable XQL query library via ../xql_library/get)
  • rbac_users (role-based access control users via rbac/get_users)
• Expanded Cortex Cloud (AppSec) from 5 to 7 content types by adding:
  • application_configuration (business application configuration)
  • application_criteria (business application filtering criteria)
• Changed project licence from MIT to AGPL-3.0-or-later

Improvements:

• Switched AppSec repositories from JsonCollection to OffsetPaginated
• Added recursive string array sorting in the YAML serialisation layer to prevent false Git diffs caused by arbitrary API array ordering (e.g. RELATIONS field values returned in different order each pull)
• When primary configuration values are empty, gcgit checks fallback environment variables for cross-project compatibility:
  • fqdn falls back to DEMISTO_BASE_URL (https:// prefix and trailing slash are stripped automatically)
  • api_key falls back to DEMISTO_API_KEY
  • api_key_id falls back to XSIAM_AUTH_ID

This release includes binaries for multiple architectures:

Recommended (Static builds, no GLIBC dependency):

• linux-musl-x86_64: Universal Linux 64-bit (static, works on any Linux distribution)
• linux-musl-aarch64: Universal Linux ARM64 (static, works on any Linux distribution)

macOS builds:

• macos-x86_64: macOS Intel 64-bit
• macos-aarch64: macOS Apple Silicon (M1/M2)

Installation

For maximum compatibility (recommended):

# Download universal static binary (works on any Linux distribution)
wget https://github.com/gocortex/gcgit/releases/download/v2.2.1/gcgit-v2.2.1-linux-musl-x86_64.tar.gz
tar -xzf gcgit-v2.2.1-linux-musl-x86_64.tar.gz
sudo mv gcgit-v2.2.1-linux-musl-x86_64 /usr/local/bin/gcgit

For macOS:

# For Apple Silicon (M1/M2)
wget https://github.com/gocortex/gcgit/releases/download/v2.2.1/gcgit-v2.2.1-macos-aarch64.tar.gz
tar -xzf gcgit-v2.2.1-macos-aarch64.tar.gz
sudo mv gcgit-v2.2.1-macos-aarch64 /usr/local/bin/gcgit

Usage

# Initialise a new XSIAM instance
gcgit init --instance myinstance

# Pull configurations from XSIAM
gcgit xsiam pull --instance myinstance

# Check status
gcgit xsiam status --instance myinstance

# Test connectivity
gcgit xsiam test --instance myinstance

# Get help
gcgit --help

Technical Details

• Built with Rust: High performance and memory safety
• XSIAM Integration: Native support for all five content types
• Cross-platform: Multiple operating systems and architectures supported
• Git Integration: Local version control with automated change detection

Full Changelog: v2.1.9...v2.2.1

v2.1.9

gcgit v2.1.9 - Git for Cortex XSIAM

Go Cortex Git is a Rust-based command-line interface (CLI) tool designed to serve as a lightweight abstraction layer between local Git operations and the Cortex XSIAM REST API. Its purpose is to enable security teams to version-control and deploy Cortex XSIAM configuration objects—such as Correlation Searches, Dashboards, BIOCs, and Scripts—without requiring a full-scale CI/CD pipeline or remote Git hosting.

This major release completes the transition from the v1.x single-module architecture to a fully modular, plugin-based system supporting multiple Cortex platform modules.

Major Architectural Changes (v2)

Module System Infrastructure

• Implemented a Module trait system for self-contained module implementations
• Added a ModuleRegistry for automatic module discovery and registration
• Created three reusable pull strategies:
  • JsonCollection
  • Paginated
  • ZipArtifact
• Refactored the API client from XSIAM-specific to module-agnostic (ModuleClient)
• Updated directory structure to:

  instance/module/content_type/
  

  (previously instance/content_type/)
• Introduced a multi-module configuration format with:
  • [modules.xsiam]
  • [modules.appsec] blocks

New Features (v2)

Application Security Module

• First additional module demonstrating plugin architecture scalability
• Includes five AppSec content types:
  • applications
  • policies
  • rules
  • repositories
  • integrations
• Uses paginated pull strategy for large datasets
• Supports module-specific API endpoints and response parsing

XSIAM Module Updates

• Added scripts content type with ZIP artifact support
• Now includes six total content types:
  • dashboards
  • biocs
  • correlation_searches
  • widgets
  • authentication_settings
  • scripts

This release includes binaries for multiple architectures:

Recommended (Static builds, no GLIBC dependency):

• linux-musl-x86_64: Universal Linux 64-bit (static, works on any Linux distribution)
• linux-musl-aarch64: Universal Linux ARM64 (static, works on any Linux distribution)

macOS builds:

• macos-x86_64: macOS Intel 64-bit
• macos-aarch64: macOS Apple Silicon (M1/M2)

Installation

For maximum compatibility (recommended):

# Download universal static binary (works on any Linux distribution)
wget https://github.com/gocortex/gcgit/releases/download/v2.1.9/gcgit-v2.1.9-linux-musl-x86_64.tar.gz
tar -xzf gcgit-v2.1.9-linux-musl-x86_64.tar.gz
sudo mv gcgit-v2.1.9-linux-musl-x86_64 /usr/local/bin/gcgit

For macOS:

# For Apple Silicon (M1/M2)
wget https://github.com/gocortex/gcgit/releases/download/v2.1.9/gcgit-v2.1.9-macos-aarch64.tar.gz
tar -xzf gcgit-v2.1.9-macos-aarch64.tar.gz
sudo mv gcgit-v2.1.9-macos-aarch64 /usr/local/bin/gcgit

Usage

# Initialise a new XSIAM instance
gcgit init --instance myinstance

# Pull configurations from XSIAM
gcgit xsiam pull --instance myinstance

# Check status
gcgit xsiam status --instance myinstance

# Test connectivity
gcgit xsiam test --instance myinstance

# Get help
gcgit --help

Technical Details

• Built with Rust: High performance and memory safety
• XSIAM Integration: Native support for all five content types
• Cross-platform: Multiple operating systems and architectures supported
• Git Integration: Local version control with automated change detection

Full Changelog: v2.1.8...v2.1.9

v2.1.8

gcgit v2.1.8 - Git for Cortex XSIAM

Go Cortex Git is a Rust-based command-line interface (CLI) tool designed to serve as a lightweight abstraction layer between local Git operations and the Cortex XSIAM REST API. Its purpose is to enable security teams to version-control and deploy Cortex XSIAM configuration objects—such as Correlation Searches, Dashboards, BIOCs, and Scripts—without requiring a full-scale CI/CD pipeline or remote Git hosting.

This major release completes the transition from the v1.x single-module architecture to a fully modular, plugin-based system supporting multiple Cortex platform modules.

Major Architectural Changes (v2)

Module System Infrastructure

• Implemented a Module trait system for self-contained module implementations
• Added a ModuleRegistry for automatic module discovery and registration
• Created three reusable pull strategies:
  • JsonCollection
  • Paginated
  • ZipArtifact
• Refactored the API client from XSIAM-specific to module-agnostic (ModuleClient)
• Updated directory structure to:

  instance/module/content_type/
  

  (previously instance/content_type/)
• Introduced a multi-module configuration format with:
  • [modules.xsiam]
  • [modules.appsec] blocks

New Features (v2)

Application Security Module

• First additional module demonstrating plugin architecture scalability
• Includes five AppSec content types:
  • applications
  • policies
  • rules
  • repositories
  • integrations
• Uses paginated pull strategy for large datasets
• Supports module-specific API endpoints and response parsing

XSIAM Module Updates

• Added scripts content type with ZIP artifact support
• Now includes six total content types:
  • dashboards
  • biocs
  • correlation_searches
  • widgets
  • authentication_settings
  • scripts

This release includes binaries for multiple architectures:

Recommended (Static builds, no GLIBC dependency):

• linux-musl-x86_64: Universal Linux 64-bit (static, works on any Linux distribution)
• linux-musl-aarch64: Universal Linux ARM64 (static, works on any Linux distribution)

macOS builds:

• macos-x86_64: macOS Intel 64-bit
• macos-aarch64: macOS Apple Silicon (M1/M2)

Installation

For maximum compatibility (recommended):

# Download universal static binary (works on any Linux distribution)
wget https://github.com/gocortex/gcgit/releases/download/v2.1.8/gcgit-v2.1.8-linux-musl-x86_64.tar.gz
tar -xzf gcgit-v2.1.8-linux-musl-x86_64.tar.gz
sudo mv gcgit-v2.1.8-linux-musl-x86_64 /usr/local/bin/gcgit

For macOS:

# For Apple Silicon (M1/M2)
wget https://github.com/gocortex/gcgit/releases/download/v2.1.8/gcgit-v2.1.8-macos-aarch64.tar.gz
tar -xzf gcgit-v2.1.8-macos-aarch64.tar.gz
sudo mv gcgit-v2.1.8-macos-aarch64 /usr/local/bin/gcgit

Usage

# Initialise a new XSIAM instance
gcgit init --instance myinstance

# Pull configurations from XSIAM
gcgit xsiam pull --instance myinstance

# Check status
gcgit xsiam status --instance myinstance

# Test connectivity
gcgit xsiam test --instance myinstance

# Get help
gcgit --help

Technical Details

• Built with Rust: High performance and memory safety
• XSIAM Integration: Native support for all five content types
• Cross-platform: Multiple operating systems and architectures supported
• Git Integration: Local version control with automated change detection

Full Changelog: v1.1.0...v2.1.8

v1.1.0

gcgit v1.1.0 - Git for Cortex XSIAM

Go Cortex Git is a Rust-based command-line interface (CLI) tool designed to serve as a lightweight abstraction layer between local Git operations and the Cortex XSIAM REST API. Its purpose is to enable security teams to version-control and deploy Cortex XSIAM configuration objects—such as Correlation Searches, Dashboards, BIOCs, and Scripts—without requiring a full-scale CI/CD pipeline or remote Git hosting.

New in this release

• Migrate build system to MUSL for static Linux binaries
• Update git2 and openssl dependencies for static linking
• Updated builds gcgit-VERSION-TARGET.tar.gz (e.g., gcgit-1.1.0-linux-musl-x86_64.tar.gz)
• Added automatic version extraction using cargo metadata and jq
• Standardised target names: linux-musl-x86_64, linux-musl-aarch64, macos-x86_64, macos-aarch64

This release includes binaries for multiple architectures:

Recommended (Static builds, no GLIBC dependency):

• linux-musl-x86_64: Universal Linux 64-bit (static, works on any Linux distribution)
• linux-musl-aarch64: Universal Linux ARM64 (static, works on any Linux distribution)

macOS builds:

• macos-x86_64: macOS Intel 64-bit
• macos-aarch64: macOS Apple Silicon (M1/M2)

Installation

For maximum compatibility (recommended):

# Download universal static binary (works on any Linux distribution)
wget https://github.com/gocortex/gcgit/releases/download/v1.1.0/gcgit-v1.1.0-linux-musl-x86_64.tar.gz
tar -xzf gcgit-v1.1.0-linux-musl-x86_64.tar.gz
sudo mv gcgit-v1.1.0-linux-musl-x86_64 /usr/local/bin/gcgit

For macOS:

# For Apple Silicon (M1/M2)
wget https://github.com/gocortex/gcgit/releases/download/v1.1.0/gcgit-v1.1.0-macos-aarch64.tar.gz
tar -xzf gcgit-v1.1.0-macos-aarch64.tar.gz
sudo mv gcgit-v1.1.0-macos-aarch64 /usr/local/bin/gcgit

Usage

# Initialise a new XSIAM instance
gcgit init --instance myinstance

# Pull configurations from XSIAM
gcgit xsiam pull --instance myinstance

# Check status
gcgit xsiam status --instance myinstance

# Test connectivity
gcgit xsiam test --instance myinstance

# Get help
gcgit --help

Technical Details

• Built with Rust: High performance and memory safety
• XSIAM Integration: Native support for all five content types
• Cross-platform: Multiple operating systems and architectures supported
• Git Integration: Local version control with automated change detection

Full Changelog: https://github.com/gocortexio/gcgit/commits/v1.1.0