Server configurations for indicators.
Key | Description | Default |
---|---|---|
| Whether to limit the period of time to fetch indicators. |
|
| The period of time (hours) within which to limit indicators that can be fetched. |
|
| The maximum number of indicators that can be fetched within the time period defined in the following server configuration: |
|
| Whether to limit the total number of indicators that can be fetched. |
|
| The maximum number of total indicators that can be fetched by default. |
|
| The percentage of indicators fetched, calculated from |
|
| Whether to disable War Room notifications for related indicators. For more information, see War Room Overview. |
|
| The reliability of the score from a reputation script. For more information, see Indicator Type Profile. |
|
| Whether to export an incident to CSV using the UTF8-BOM format. |
|
| To change the maximum size in KB to display the HTML field. If you increase the limit substantially, it may slow performance. For more information, see Configure the HTML Field. |
|
| If HTML is missing some styles add missing styles. For more information, see Configure the HTML Field. | N/a |
| Enables the indicator timeline in the indicator extraction flow. For more information, see Configure the Indicator Timeline. |
|
| Enables the indicator timeline in all flows. For more information, see Configure the Indicator Timeline. |
|
| Enables the indicator timeline for a specific indicator type. For more information, see Configure the Indicator Timeline. |
|
| The maximum number of indicator comments (timeline and regular). For more information, see Configure the Indicator Timeline. |
|
| Enables you to add timeline comments through content integrations. For more information, see Configure the Indicator Timeline. |
|
| Indicates whether to send warning messages to defined users. This is an alternative to the previous set of configurations which sets the limit according to the total number and the defined time period. |
|
| Applies to the result of the task. You can change the value when editing a task, which overrides the system configuration for this task. For more information, see Indicator Extraction Modes. |
|
| Sets the indicator extraction mode for incident creation. Also troubleshoot where playbooks take a long time to start.
For more information, see Indicator Extraction Modes. |
|
| Sets the indicator extraction mode for incident field change. You can change the value when editing an incident type, which overrides this system configuration for this incident type. For more information, see Indicator Extraction Modes. |
|
| Applies to commands triggered from the CLI. You can change the value when using the auto-extract parameter, which overrides the system configuration for this command. For more information, see Indicator Extraction Modes. |
|
| The Maximum notification of reputation indicators in a batch update. |
|
| Grants read-only access-only access to Threat Intel reports. Value: List of comma separated users. | N/a |
| Grands read and write access to Threat Intel Reports. Value: List of comma separated users. | N/a |
| Whether to use Cortex XSOAR theme styles. For more information, see Configure the HTML Field. |
|
| Customizes the default landing page within the incident view. Values:
|
|
| Whether to hide empty fields in the incident summary tab. For more information, see Indicator Layouts. |
|