Create a threat intel report from a type/layout.
You can create a threat intel report by choosing a type and defining other basic report information. To customize the threat Intel report such as creating new types, layouts, etc., see Threat Intel Customization.
When you create a report, Cortex XSOAR creates a blank report based on the type you choose. Once created, edit the report to populate it with relevant content before generating or sharing a report.
The core of the report is the Summary, which is used to enter freeform text. After report creation, you can edit any predefined template text in this section and replace it with your content. Using the Markdown Editor, you can apply rich formatting options to the body text, including text sizing, coloring, formatting, pictures/icons, and section headers.
Select
→ →Enter a Name and , and configure any other relevant fields. See Create Threat Intel Report Types
In the Permissions section, assign the that you want to grant read/write access to the report. See RBAC for Reports
Note
If you don’t assign any roles to a report, all roles will have read/write access for the report.
Create new Threat Intel Report.
The report is automatically in draft report status.
From the Summary tab, you can edit report fields as needed and add any information about the specific report.
(Optional) Change the status as required.
When the review is completed, you can share or generate a report.