Indicator Types - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Indicator types are determined by searching for predefined regular expressions (regex) in the Cortex XSIAM War Room or by user assignment.

Indicators are categorized by indicator type, which determines the indicator layout (fields) that are displayed and which scripts are run on indicators of that type. To view and customize indicator types, go to SettingsConfigurationsObject SetupIndicatorsTypes.

Indicator types include:

  • IP Address

  • Domain

  • URL

  • File

  • Email

  • Host

  • CIDR

  • Malware

You can edit, create, export and import indicator types, disable and enable indicator types. For example, you may want to disable the File indicator and enable separate indicator types for File MD5, File SHA-1, etc. For more information, see File Indicators.