Set the indicator extraction mode for a playbook task - Threat Intel Management Guide - Cortex XSIAM - Cortex - Security Operations

Threat intel management

Cortex XSIAM
Creation date
Last date published
Threat Intel Management Guide

Create indicator extraction rules for a playbook task in Cortex XSIAM. Auto extract for a playbook task. Edit task. Use case indicator extraction.

You can set the indicator extraction mode for specific playbook tasks.

  1. Select the playbook where you want to add indicator extraction to a task, and click Edit.

  2. In the playbook, click a task to open the Edit Task window.

  3. Click the Advanced tab.

  4. In the indicator extraction drop-down menu, select the mode you want to use.

  5. Click OK.