Manage External Dynamic Lists - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-02-14
Last date published
2024-04-21
Category
Administrator Guide
Solution
Cloud
Abstract

Configure and manage your external dynamic lists in Cortex XSOAR.

An External Dynamic List (EDL) is a hosted text file. In Cortex XSOAR, you can configure an EDL to share a list of Cortex XSOAR indicators with other products in your network, such as a firewall or SIEM. For example, your Palo Alto Networks firewall can add IP address and domain data from the EDL to block or allow lists.

You can set up Cortex XSOAR to export internal data to an EDL using an EDL integration installed either on the Cortex XSOAR tenant or on an engine. An EDL integration is a type of long running integration.

For details on exporting internal data to an EDL, see Forward Requests to Long Running Integrations.

On-Demand Mode

When running the EDL export in on-demand mode, make sure you run the !export-indicators-list-update command for the first time to initialize the export process.