Indicator Types - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-09-18
Last date published
2024-10-14
Category
Administrator Guide
Solution
Cloud
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation
Abstract

Indicator types are determined by searching for predefined regular expressions (regex) in the Cortex XSOAR War Room or by user assignment.

Indicators are categorized by indicator type, which determines the indicator layout (fields) that are displayed and which scripts are run on indicators of that type.

The following is a list of some of the indicator types.

  • IP Address

  • Domain

  • URL

  • File

  • Email

  • Host

  • CIDR

  • Attack Pattern

  • Threat Actor

  • Intrusion Set

  • Malware

  • Campaign

  • Tool

  • Report

  • Course of Action

  • Infrastructure

  • Registry Key

  • CVE CVSS Score