Export Indicators to the Shared Index - Multi-Tenant Guide - 6.12 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Multi-Tenant Guide

Product
Cortex XSOAR
Version
6.12
Creation date
2023-04-30
Last date published
2023-12-18
Category
Multi-Tenant Guide

Use the Cortex XSOAR Indicators Share integration to define which indicators to export to the shared index.

  1. Access the tenant account from which you want to share indicators.

  2. Go to SettingsINTEGRATIONSInstances.

  3. Search for Cortex XSOAR Indicators Share.

  4. Configure the integration instance.

    Parameter

    Description

    Example

    Name

    A meaningful name for the integration instance.

    indicators-share_domains_ips

    Fetch indicators

    Make sure you select this option if you want this integration instance to export indicators to the shared index.

    N/A

    Fetch interval

    How often to export indicators from this tenant to the shared index. You can specify the interval in days, hours, or minutes.

    5 minutes

    Indicators Query

    The query that defines which indicators to send to the shared index. The query is in Elasticsearch syntax.

    type:Domain or type:IP

The tenant’s indicators are exported to the shared index, at the specified interval, and are available for other tenants to ingest.