After you have customized indicators and started ingesting indicators into Cortex XSOAR, you can create indicators, add indicators, extract indicators, export indicators, etc. If you have a TIM license you can use Threat Intel Reports and use the Unit 42 feature.
The Threat Intel page displays a table or summary view of all indicators, and enables you to perform several indicator actions. If you do not have a TIM license, the page is called Indicators.
You can perform the following actions on the Indicators page.
Create a new indicator
Manually create a new indicator in the system.
Create an incident from the selected indicators and populate relevant incident fields with indicator data.
Edit a single indicator or select multiple indicators to perform a bulk edit.
Delete and Exclude
Delete and exclude one or more indicators from all indicator types or from a subset of indicator types.
If you select the Do not add to exclusion list checkbox, the selected indicators are only deleted.
Export the selected indicators to a CSV file. You can also Export an Indicator to CSV Using the UTF8-BOM Format.
Export the selected indicators to a STIX file.
Upload a STIX file
Upload a STIX file and add the indicators from the file to the system.
You can search for indicators using any of the available search fields. This is a partial list of the available search fields.
You can use a wildcard query, which finds indicators containing terms that match the specified wildcard. For example, the
* pattern matches any sequence of 0 or more characters, and
? matches any single character. For a regex query, use the following value: