Configure the Indicator Timeline - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-05-22
End_of_Life
EoL
Category
Administrator Guide
Abstract

Add a server configuration to manage the indicator timeline in Cortex XSOAR and improve indicator timeline performance.

A large number of indicators can affect performance of the indicator timeline. The indicator timeline displays a list of dates and events that affect the timeline, such as change of verdict, traffic light protocol, etc. There are several advanced server configurations you can implement to manage the indicator timeline performance.

  1. Go to SettingsABOUTTroubleshooting.

  2. In the Server Configuration section, click Add Server Configuration.

    Key

    Value

    Description

    indicator.timeline.enabled

    true or false

    Enables the indicator timeline in all flows. The default is true.

    indicator.timeline.enabled.type.<indicatorType>

    true or false

    Enables the indicator timeline for a specific indicator type. This configuration overrides the indicator.timeline.enabled configuration.

    For example: indicator.timeline.enabled.type.ip

    indicator.timeline.auto.extract.enabled

    true or false

    Enables the indicator timeline in the indicator extraction flow. The default is true.

    indicator.timeline.max.size

    Number

    The maximum number of indicator comments (timeline and regular). The default is 100.

    indicator.timeline.worker.enabled

    true or false

    Enables you to add timeline comments through content integrations.