Create a Custom Indicator Field
Create a custom indicator field in the Fields tab in Cortex XSOAR. Add specific indicator information to incidents.
Indicator Fields are used to add specific indicator information to incidents. When you create an indicator field, you can associate the field to a specific indicator type or to all indicator types.
- Go to.SettingsAdvancedFields
- From the drop-down menu, selectIndicator.
- ClickNew Field.
- Configure the basic settings.FieldDescriptionField TypeDetermines the acceptable values for the field. You can add the following field types:Boolean (checkbox)Date pickerGrid (table): Include an interactive, editable grid.HTML: Create and view HTML content, which can be used in any type of indicator. By default, HTML fields do not use Cortex XSOAR theme styles, but can be configured to use existing user themes.Long text: Long text is analyzed and tokenized, and entries are indexed as individual words, enabling you to perform advanced searches and use wildcards. Long text fields cannot be sorted and cannot be used in graphical dashboard widgets. While editing a long text field, pressing enter will create a newline. Case insensitive.MarkdownMulti selectNumber: Can contain any number. Default is 0.Role: Role assigned to the indicator, determines which users (by role) can view the indicator.Short text: Short text is treated as a single unit of text, and is not indexed by word. Advanced search, including wildcards, is not supported. Short text fields are case sensitive by default, but can be changed to case insensitive when creating the field. While editing a short text field, pressing enter will save and close. Maximum length 60,000 characters. Recommended use is one word entries. Examples: username, email address, etc.Single selectTagsURLUser: A user in the system.Case SensitiveIf selected, the field is case sensitive, which affects how the search results for this field are returned in Cortex XSOAR.MandatoryIf selected, this field is mandatory when used in a form.Field NameA meaningful display name for the field. After you type a name, you will see below the field that theMachine nameis automatically populated. The field’s machine name is applicable for searching and the CLI.TooltipAn optional tooltip for the field.PlaceholderOptional text to display in the field when it is empty.
- Configure the attributes.FieldDescriptionAdd to indicator typesBy default, theAssociate to alloption is selected, which means this field will be available to use in all incident types.Clear the check box to associate this field to a subset of indicator types.Make data available for searchThe values for this field can be returned in searches.
Recommended For You
Recommended videos not found.