Add a Script in the Indicator Layout - Threat Intel Management Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Threat Intel Management Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-03-25
Category
Threat Intel Management Guide
Solution
Cloud
Abstract

Add automation script based content to an indicator in Cortex XSOAR. Add a script in the indicator layout using the Dynamic Section layout builder.

You can add content to the indicator Summary tab, based on a script. To to this, you need to add the General Purpose Dynamic Section when editing indicator layouts.

The General Purpose Dynamic Section enables you to configure a section in the Summary tab from an automation script. The automation can return simple text, markdown, or an HTML, the results of which appear in the General Purpose Dynamic Section.

You can add any required information from an automation. For example:

  • Add a mapping script that determines where an IP address originates and displays it on a map.

  • Add a custom widget to the indicator page. The procedure is similar for indicators and incidents.

  • Add the FeedRelatedIndicator script from the Automation page, which contains information about the relationship between an indicator, entity (such as malware), and other indicators (such as a MITRE ATT&CK indicator), and connects externally to those indicators, if relevant.

Before you begin, you need to create an automation script.

  1. Go to Settings & InfoSettingsObjects SetupIndicatorsLayouts.

  2. Click on the indicator layout you want to edit.

    The layout must either be custom content (a layout you created), a layout duplicated from a content pack layout, or a detached layout from a content pack. You cannot edit a layout that is attached. To detach an attached layout, select the indicator layout and click Detach. The layout must either be custom content (a layout you created) or a detached layout from a content pack. You cannot edit a layout that is attached.

  3. Drag and drop the General Purpose Dynamic Section onto the page.

  4. Select the General Purpose Dynamic Section, click indicator-option-pointer.png and then click Edit section settings.

  5. In the Name and Description fields, add a meaningful name and a description for the dynamic section that explains what the script displays.

  6. In the Automation script field, from the dropdown list, select the script that returns data for the dynamic section.

    Note

    Only automations to which you have added the dynamic-indicator-section tag appear in the dropdown list.

  7. Click OK.