IocObject

Cortex XSOAR API

IocObject - represents an Ioc (or simply an indicator) object
CustomFields
optional
The keys should be the field's display name all lower and without spaces. For example: Scan IP -> scanip To get the actual key name you can also go to Cortex XSOAR CLI and run /incident_add and look for the key that you would like to update
account
optional
aggregatedReliability
optional
cacheVersn
optional
format: int64
calculatedTime
optional
Do not set the fields bellow this line format: date-time
comment
optional
comments
optional
array[Comment]
created
optional
format: date-time
deletedFeedFetchTime
optional
format: date-time
expiration
optional
format: date-time
expirationSource
optional
ExpirationSource
expirationStatus
optional
firstSeen
optional
format: date-time
firstSeenEntryID
optional
highlight
optional
id
optional
indexName
optional
indicator_type
optional
insightCache
optional
InsightCache
investigationIDs
optional
isDetectable
optional
isPreventable
optional
isShared
optional
lastReputationRun
optional
format: date-time
lastSeen
optional
format: date-time
lastSeenEntryID
optional
manualExpirationTime
optional
format: date-time
manualScore
optional
manualSetTime
optional
format: date-time
manuallyEditedFields
optional
modified
optional
format: date-time
modifiedTime
optional
format: date-time
moduleToFeedMap
optional
map[String, FeedIndicator]
numericId
optional
format: int64
primaryTerm
optional
format: int64
relatedIncCount
optional
format: int64
score
optional
format: int64
sequenceNumber
optional
format: int64
setBy
optional
sizeInBytes
optional
format: int64
sortValues
optional
source
optional
sourceBrands
optional
sourceInstances
optional
syncHash
optional
timestamp
optional
format: date-time
value
optional
version
optional
format: int64