Indicator Fields - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-04-11
Category
Administrator Guide
Solution
Cloud
Abstract

Add information to indicators using indicator fields. Create custom indicator fields, map them to indicator types, and add indicator field trigger scripts.

Indicator fields are used to add specific indicator information to indicators. When you create a custom indicator field, you can add it to the indicator layout to which you associate the field. You can then Map Custom Indicator Fields to the relevant indicator type. You can also add an indicator field trigger script that checks for field changes and enables you to automatically take action.

Note

Cortex XSOAR IOC fields are based on the STIX 2.1 specifications. For more information, see Indicator Fields Structure.