Export Indicators Integrations - Administrator Guide - Cortex XSIAM - Cortex

Export Indicators Integrations - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product

Cortex XSIAM

Creation date

2024-02-26

Last date published

2024-04-21

Category

Administrator Guide

Abstract

There are several outbound-feed integrations that exports indicators to a file or list from Cortex XSIAM.

You can export indicators by using the Generic Export Indicators Service integration. Exported indicators can be used for firewall block lists, allow lists, monitoring, and analysis in Splunk, etc.

The Generic Export Indicators Service can be configured to export specific fields in different output formats. Multiple instances of the integration can be configured for different indicator queries, and the output can be customized to work with a variety of third-party services.

Additional information can be found here:

Manage External Dynamic Lists
Forward Requests to Long Running Integrations