Abstract
Create indicator extraction rules for a playbook task in Cortex XSIAM. Auto extract for a playbook task. Edit task. Use case indicator extraction.
By default, system-wide indicator extraction is disabled. You can set the indicator extraction mode for specific playbook tasks.
Select the playbook where you want to add indicator extraction to a task, and click Edit.
In the playbook, click a task to open the Edit Task window.
Click the Advanced tab.
In the indicator extraction drop-down menu, select the mode you want to use.
Click OK.