GoCortex Git (GCGit) v2.2.1: Expanded Content Types, Improved Pagination Support, Expanded YAML Sorting + New Project Logo.
Overview
Go Cortex Git is a Rust-based command-line interface (CLI) tool designed to serve as a lightweight abstraction layer between local Git operations and the Cortex XSIAM REST API. Its purpose is to enable security teams to version-control and deploy Cortex XSIAM configuration objects—such as Correlation Searches, Dashboards, BIOCs, and Scripts - without requiring a full-scale CI/CD pipeline or remote Git hosting.
New in GCGit v2.2.1
Updates:
- Expanded XSIAM from 6 to 9 content types by adding:
- scheduled_queries (XQL scheduled queries via scheduled_queries/list)
- xql_library (reusable XQL query library via ../xql_library/get)
- rbac_users (role-based access control users via rbac/get_users)
- Expanded Cortex Cloud (AppSec) from 5 to 7 content types by adding:
- application_configuration (business application configuration)
- application_criteria (business application filtering criteria)
- Changed project licence from MIT to AGPL-3.0-or-later
Improvements:
- Switched AppSec repositories from JsonCollection to OffsetPaginated
- Added recursive string array sorting in the YAML serialisation layer to prevent false Git diffs caused by arbitrary API array ordering (e.g. RELATIONS field values returned in different order each pull)
- When primary configuration values are empty, gcgit checks fallback environment variables for cross-project compatibility:
- fqdn falls back to DEMISTO_BASE_URL (https:// prefix and trailing slash are stripped automatically)
- api_key falls back to DEMISTO_API_KEY
- api_key_id falls back to XSIAM_AUTH_ID
This release includes binaries for multiple architectures:
Recommended (Static builds, no GLIBC dependency):
linux-musl-x86_64: Universal Linux 64-bit (static, works on any Linux distribution)linux-musl-aarch64: Universal Linux ARM64 (static, works on any Linux distribution)
macOS builds:
macos-x86_64: macOS Intel 64-bitmacos-aarch64: macOS Apple Silicon (M1/M2)
Installation
For maximum compatibility (recommended):
# Download universal static binary (works on any Linux distribution)
wget https://github.com/gocortex/gcgit/releases/download/v2.2.1/gcgit-v2.2.1-linux-musl-x86_64.tar.gz
tar -xzf gcgit-v2.2.1-linux-musl-x86_64.tar.gz
sudo mv gcgit-v2.2.1-linux-musl-x86_64 /usr/local/bin/gcgitFor macOS:
# For Apple Silicon (M1/M2)
wget https://github.com/gocortex/gcgit/releases/download/v2.2.1/gcgit-v2.2.1-macos-aarch64.tar.gz
tar -xzf gcgit-v2.2.1-macos-aarch64.tar.gz
sudo mv gcgit-v2.2.1-macos-aarch64 /usr/local/bin/gcgitUsage
# Initialise a new XSIAM instance
gcgit init --instance myinstance
# Pull configurations from XSIAM
gcgit xsiam pull --instance myinstance
# Check status
gcgit xsiam status --instance myinstance
# Test connectivity
gcgit xsiam test --instance myinstance
# Get help
gcgit --helpTechnical Details
- Built with Rust: High performance and memory safety
- XSIAM Integration: Native support for all five content types
- Cross-platform: Multiple operating systems and architectures supported
- Git Integration: Local version control with automated change detection
Full Changelog: v2.1.9...v2.2.1