Add a Script in the Indicator Layout - Threat Intel Management Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Threat Intel Management Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2023-12-12
End_of_Life
EoL
Category
Threat Intel Management Guide

You can add content to the indicator Summary tab, based on an automation script. To do this, you need to add the General Purpose Dynamic Section when editing indicator layouts.

The General Purpose Dynamic Section enables you to configure a section in the Summary tab from an automation script. The automation can return simple text, markdown, or an HTML, the results of which appear in the General Purpose Dynamic Section.

You can add any required information from an automation. For example:

  • Add a mapping script that determines where an IP address originates and displays it on a map.

  • Add a custom widget to the indicator page. The procedure is similar for indicators and incidents.

  • Add the FeedRelatedIndicator script from the Automation page, which contains information about the relationship between an indicator, entity (such as malware), and other indicators (such as a MITRE ATT&CK indicator), and connects externally to those indicators, if relevant.

Before you begin, you need to create an automation script.

  1. Select the indicator type or layout you want to add to the General Purpose Dynamic Section by completing steps 1 or 2 in Customize an Indicator Type Layout.

  2. Drag and drop the General Purpose Dynamic Section onto the page.

  3. Select the General Purpose Dynamic Section, click indicator-option-pointer.png and then click Edit section settings.

  4. In the Name and Description fields, add a meaningful name and a description for the dynamic section that explains what the script displays.

  5. In the Automation script field, from the dropdown list, select the script that returns data for the dynamic section.

    Note

    Only automations to which you have added the dynamic-indicator-section tag appear in the dropdown list.

  6. Click OK.