Ingest Indicators from the Shared Indicators Index

Configure the Elasticsearch v2 integration on a tenant account to ingest indicators from the shared indexes.
When you configure the Elasticsearch v2 integration to fetch indicators for a tenant, all indicators are fetched from the shared indexes. You can not define a subset of indicators for the tenant to ingest.
  1. Access the tenant account for which to share the indicators.
  2. Go to
    Servers & Services
  3. Search for
    Elasticsearch v2
  4. Configure the integration instance.
    A meaningful name for the integration instance.
    Elasticsearch v2_domains_ips
    Fetch indicators
    Make sure you select this option if you want this integration instance to export indicators to the shared index.
    Server URL
    The URL of the Elasticsearch server.
    Fetch interval
    How often to fetch indicators from this tenant and export them to the shared index. You can specify the interval in days, hours, or minutes.
    5 minutes
    Indicator Reputation
    The reputation to apply to indicators ingested from this integration instance.
    Source Reliability
    The reliability of the source providing the intelligence data, which affects how this indicator's fields and reputation are populated.
    B - Usually reliable
    Indicator Expiration Method
    The method by which indicators from this instance are expired.
    Never Expire
    Bypass exclusion list
    When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.

