Disable Indicator Extraction for Scripts or Integrations - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-02-28
Category
Administrator Guide
Abstract

Disable indicator extraction for a specific script or integration in Cortex XSOAR.

This procedure describes how to disable indicator extraction for a specific script or an integration.

  • Do one of the following:

    • To disable indicator extraction for a script, add the IgnoreAutoExtract entry with the value of true, when returning an entry.

      For example:

      entry = {
      	'Type': entryTypes['note'],
      	'Contents': {
      	'Echo' : demisto.args()['echo']
      	    },
      	'ContentsFormat': formats['json'],
      	'ReadableContentsFormat': formats['markdown'],
      	'HumanReadable': hr,
      	'IgnoreAutoExtract' : True
         }
    • To disable indicator extraction for an integration, add the ‘IgnoreAutoExtract’ entry with the value of true, when returning an entry.

      For example in the ServiceNow integration:

      entry = {
              'Type': entryTypes['note'],
              'Contents': result,
              'ContentsFormat': formats['json'],
              'ReadableContentsFormat': formats['markdown'],
              'HumanReadable': tableToMarkdown('ServiceNow ticket', hr, headers=headers, removeNull=True),
              'EntryContext': {
                  'Ticket(val.ID===obj.ID)': context,
                  'ServiceNow.Ticket(val.ID===obj.ID)': context
              },
              'IgnoreAutoExtract': True
          }
          entries.append(entry)
          return entries

    For more information about command results in Python, see Python code conventions for CommandResults.