Configure What Auto Extract Executes

configure auto extract, configure auto-extract
When Auto Extract is used, it extracts all indicators that match the regex defined in an indicator type, and enriches those indicators using its commands. For example, out-of-the-box, the URL indicator is enriched using the !url command. You can decide to further enrich IP indicators by using a script that calls multiple integrations, such as urlscan.io and URLhaus.
  1. Navigate to
    Settings
    Advanced
    Indicator Types
    .
  2. Select the indicator type for which you want to configure the command or script and click
    Edit
    .
    For out of the box indicators, the Name and Regex fields are disabled.
  3. Under
    Reputation command
    , enter the command to execute when auto extracting indicators of this type.
  4. Under
    Exclude these integrations for the reputation command
    , select which integrations should not be used when executing the reputation command.
  5. Under
    Reputation Script
    , select the script to run when enriching indicators of this indicator type. The scripts override the reputation command.
  6. Click
    Save
    .

Recommended For You