Abstract
Indicator types are determined by searching for predefined regular expressions (regex) in the Cortex XSOAR War Room or by user assignment.
Indicators are categorized by indicator type, which determines the indicator layout (fields) that are displayed and which scripts are run on indicators of that type.
The following is a list of some of the indicator types.
IP Address
Domain
URL
Email
Host
CIDR
Attack Pattern
Threat Actor
Intrusion Set
Malware
Campaign
Tool
Report
Course of Action
Infrastructure
Registry Key
CVE CVSS Score