When you configure the Elasticsearch Feed integration to fetch indicators for a tenant, all indicators are fetched from the shared indexes. You cannot define a subset of indicators for the tenant to ingest.
Access the tenant account for which to share the indicators.
Go to→ → .
Configure the integration instance.
A meaningful name for the integration instance.
Make sure you select this option if you want this integration instance to fetch indicators from the shared index.
Predefined configuration of indexes to fetch from. For sharing indicators, it should be
Cortex XSOAR MT Shared Feed.
Cortex XSOAR MT Shared Feed
The URL of the Elasticsearch server. Note: If Elasticsearch is installed on the same machine as the Cortex XSOAR instance, the following system configuration should be added to the tenant configuration under → → : key:
How often to fetch indicators from the shared index. You can specify the interval in days, hours, or minutes.
The reputation to apply to indicators ingested from the shared index.
The reliability of the source providing the intelligence data, which affects how this indicator's fields and reputation are populated.
B - Usually reliable
Indicator Expiration Method
The method by which indicators from this instance are expired.
Bypass exclusion list
When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.