Configure the Indicator Timeline - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Add a server configuration to manage the indicator timeline in Cortex XSOAR and improve indicator timeline performance.

The indicator timeline displays a list of dates and events showing changes in an indicator over time, such as change of verdict and traffic light protocol. A large number of indicators can affect the indicator timeline performance. You can configure advanced server configurations to manage the indicator timeline performance.

  1. Select Settings & InfoSettingsSystemServer SettingsServer ConfigurationAdd Server Configuration.

  2. Add the following server configurations.





    true or false

    Enables the indicator timeline in all flows. The default is true. extract.enabled

    true or false

    Enables the indicator timeline in the indicator extraction flow. The default is true.

View Indicator Timeline Entries

The indicator timeline contains two tabs:

  • Initial: Shows a table listing the first indicator timeline entries.

  • Latest: Shows a table listing the most recent indicator timeline entries. This ensures continuous monitoring of security threats and provides access to the latest activity data.

The maximum number of entries the tabs display is by default 100. The first 100 entries are displayed in both tabs. If there are more than 100 entries, the Initial table displays the first 100 entries, and the Latest table displays the 100 latest entries. For example, if there are 105 entries, the Latest table displays the five latest entries plus the 95 entries that occurred chronologically before them.