Create a Custom Indicator Field

Follow these instructions to create a custom indicator field in the Fields tab.
Indicator Fields are used to add specific indicator information to incidents.When you create an indicator field, you can associate the field to a specific incident type or to all incident types.
  1. Go to
    Settings
    Advanced
    Fields
    .
  2. From the drop-down menu, select
    Indicator
    .
  3. Click
    New Field
    .
  4. Configure the basic settings.
    Field
    Description
    Field Type
    Determines the acceptable values for the field.
    Case Sensitive
    If selected, the field is case sensitive, which affects searching for the field in Cortex XSOAR.
    Mandatory
    If selected, this field is mandatory when used in a form.
    Field Name
    A meaningful display name for the field. After you type a name, you will see below the field that the
    Machine name
    is automatically populated. The field’s machine name is applicable for searching and the CLI.
    Tooltip
    An optional tooltip for the field.
    Placeholder
    Optional text to display in the field when it is empty.
  5. Configure the attributes.
    Field
    Description
    Add to indicator types
    By default, the
    Associate to all
    option is selected, which means this field will be available to use in all incident types.
    Clear the check box to associate this field to a subset of indicator types.
    Make data available for search
    The values for this field can be returned in searches.
  6. Click
    Save
    .

Recommended For You