Manage External Dynamic Lists - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Configure and manage your external dynamic lists in Cortex XSOAR.

An External Dynamic List (EDL) is a hosted text file. In Cortex XSOAR, you can configure an EDL to share a list of Cortex XSOAR indicators with other products in your network, such as a firewall or SIEM. For example, your Palo Alto Networks firewall can add IP address and domain data from the EDL to block or allow lists.

You can set up Cortex XSOAR to export internal data to an EDL using an EDL integration installed either on the Cortex XSOAR tenant or on an engine. An EDL integration is a type of long running integration.

For details on exporting internal data to an EDL, see Forward Requests to Long Running Integrations.

On-Demand Mode

When running the EDL export in on-demand mode, make sure you run the !export-indicators-list-update command for the first time to initialize the export process.