Set the indicator extraction mode for a playbook task - Threat Intel Management Guide - Cortex XSIAM - Cortex - Security Operations

Threat intel management

Product
Cortex XSIAM
Creation date
2023-07-30
Last date published
2024-04-15
Category
Threat Intel Management Guide
Abstract

Create indicator extraction rules for a playbook task in Cortex XSIAM. Auto extract for a playbook task. Edit task. Use case indicator extraction.

You can set the indicator extraction mode for specific playbook tasks.

  1. Select the playbook where you want to add indicator extraction to a task, and click Edit.

  2. In the playbook, click a task to open the Edit Task window.

  3. Click the Advanced tab.

  4. In the indicator extraction drop-down menu, select the mode you want to use.

  5. Click OK.