Create an Indicator Type - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-12-05
End_of_Life
EoL
Category
Administrator Guide
Abstract

In addition to the system-level indicator types, you can create custom indicator types in Cortex XSOAR.

When you create a custom indicator type, you configure fields and settings that impact how indicators of that type are enriched, how they are expired, how the verdict is calculated, etc.

Before you create a custom indicator type, you should familiarize yourself with the Indicator Type Profile parameters.

  1. Go to SettingsOBJECTS SETUPIndicatorsTypes.

  2. Click the New Indicator Type button.

  3. In the Settings tab, add the required Indicator Type Profile parameters, such as name, regex, etc.

  4. In the Custom Fields tab, Map Custom Indicator Fields, as required.