Abstract
In addition to the system-level indicator types, you can create custom indicator types in Cortex XSIAM.
When you create a custom indicator type, you configure fields and settings that impact how indicators of that type are enriched, how they are expired, how the verdict is calculated, etc.
Before you create a custom indicator type, you should familiarize yourself with the indicator type profile.
Select → → → → .
In the Attributes tab, add the required Indicator Type Profile parameters, such as name, regex, etc.
In the tab, map the custom indicator fields, as required.