End-of-Life (EoL)

Understand Indicators

Information about indicators, and how indicators are detected and ingested.
Indicators are artifacts associated with incidents, and are an essential part of the incident management and remediation process.
They help correlate incidents, create hunting operations, and enable you to easily analyze incidents and reduce Mean Time to Response (MTTR).
Detect and ingest indicators
There are several methods by which indicators are detected and ingested in Cortex XSOAR.
Method
Description
Integration
  • Feed: integrations that fetch indicators from a feed, for example TAXII, AutoFocus, Office 365, and so on.
  • Enricher: integrations that enhance the indicator, giving it more context and information, for example AutoFocus, VirusTotal, Ipinfo, and so on.
Indicators are extracted from every incident that flows into Cortex XSOAR, for example from a SIEM integration.
Manual
  • Command line
  • Mark: User marks a piece of data as an indicator.
  • STIX file: Manually upload a STIX file on the Indicators page.

Recommended For You