Indicator Fields - Threat Intel Management Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Threat Intel Management Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-03-05
End_of_Life
EoL
Category
Threat Intel Management Guide
Abstract

Indicator Fields are used to add specific indicator information to indicators. Associate fields to a specific indicator type or all indicator types in Cortex XSOAR.

Indicator fields are used to add specific indicator information to indicators. When you create a custom indicator field, you can add it to the indicator layout to which you associate the field. You can then Map Custom Indicator Fields to the relevant indicator type. You can also add an Indicator Field Trigger Script that checks for field changes and enables you to automatically take action.

Note

Cortex XSOAR IOC fields are based on the STIX 2.1 specifications. For more information, see Indicator Fields Structure.