Create an Indicator - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide
Product
Cortex XSOAR
Version
8
Creation date
2024-02-14
Last date published
2024-04-24
Category
Administrator Guide
Solution
Cloud
Abstract

Create incident manually, from an integration feed, or by adding Unit 42 data.

Indicators can be created manually, from an integration feed, or by adding Unit 42 data.

  • Create an indicator manually.

    1. Select Threat IntelNew Indicator.

    2. Add the Basic information.

      In the Verdict section you can either select a verdict, or leave it unset in order to calculate it later by clicking Save & Enrich for the indicator.

    3. Add any custom indicator fields.

    4. Save the indicator, or use Save & Enrich to update the indicator from enrichment sources.

  • Fetch indicators from Feed Integrations.

  • (TIM only) Add Unit 42 Intel Data to Cortex XSOAR.