Customize Threat Intel Report Types - Threat Intel Management Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Threat Intel Management Guide

Cortex XSOAR
Creation date
Last date published
Threat Intel Management Guide

When creating a threat intel report, you can use one of the out-of-the-box report types, customize an out-of-the-box report type, or create your own report type.

Each report type has an associated layout, containing relevant fields.

Before you begin setting up and customizing threat intel reports, consider the following elements involved in creating report types:




Decide which report types your organization needs. Each type has an associated layout. You choose a type when you create a report.


Use as placeholders to manually populate a report with relevant data after a report is created. Fields are included with, and can be added to, report layouts.


Customize your layouts for each report type to make sure the most relevant information is shown for each type.


By default, when editing the following inline values in a threat intel report, the changes are not saved until you confirm your changes (clicking the checkmark icon in the value field).

These icons are designed to let you have an additional level of security before you make changes to the fields in threat intel reports, incidents, and indicators.

To change the default behavior set the inline.edit.on.blur server configuration to true, which enables you to make changes to inline fields without clicking the checkmark. The changes are automatically saved when clicking anywhere on the page or when navigating to another page. For text values you can also click anywhere in the value field to edit.