Disable indicator extraction for scripts or integrations - Administrator Guide - Threat Intel Management Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-07-17
Category
Administrator Guide
Solution
Cloud
Abstract

Disable indicator extraction for a specific script or integration in Cortex XSOAR.

This procedure describes how to disable indicator extraction for a specific script or an integration.

  • To disable indicator extraction for a script, add the IgnoreAutoExtract entry with the value of true, when returning an entry.

    For example:

    entry = {
    	'Type': entryTypes['note'],
    	'Contents': {
    	'Echo' : demisto.args()['echo']
    	    },
    	'ContentsFormat': formats['json'],
    	'ReadableContentsFormat': formats['markdown'],
    	'HumanReadable': hr,
    	'IgnoreAutoExtract' : True
       }
  • To disable indicator extraction for an integration, add the 'IgnoreAutoExtract' entry with the value of true, when returning an entry.

    For example in the ServiceNow integration:

    entry = {
            'Type': entryTypes['note'],
            'Contents': result,
            'ContentsFormat': formats['json'],
            'ReadableContentsFormat': formats['markdown'],
            'HumanReadable': tableToMarkdown('ServiceNow ticket', hr, headers=headers, removeNull=True),
            'EntryContext': {
                'Ticket(val.ID===obj.ID)': context,
                'ServiceNow.Ticket(val.ID===obj.ID)': context
            },
            'IgnoreAutoExtract': True
        }
        entries.append(entry)
        return entries

For more information about command results in Python, see Python code conventions for CommandResults.