Ingest Indicators from the Shared Indicators Index

Access the tenant account for which to share the indicators.

Go to

Settings

Integrations

Instances

.

Search for

Elasticsearch Feed

.

Configure the integration instance.

Parameter	Description	Example
Name	A meaningful name for the integration instance.	Elasticsearch_Feed_domains_ips
Fetch indicators	Make sure you select this option if you want this integration instance to export indicators to the shared index.	N/A
Feed Type	Predefined configuration of indexes to fetch from. For sharing indicators, it should be Cortex XSOAR MT Shared Feed .	Cortex XSOAR MT Shared Feed
Server URL	The URL of the Elasticsearch server. Note : If Elasticsearch is installed in the same machine as the Cortex XSOAR instance, the following system configuration should be added to the tenant configuration under Settings About Troubleshooting : key: python.pass.extra.keys and value: --network=host .	http://elasticsearch.< companyA >.com
Fetch interval	How often to fetch indicators from this tenant and export them to the shared index. You can specify the interval in days, hours, or minutes.	5 minutes
Indicator Reputation	The reputation to apply to indicators ingested from this integration instance.	Suspicious
Source Reliability	The reliability of the source providing the intelligence data, which affects how this indicator's fields and reputation are populated.	B - Usually reliable
Indicator Expiration Method	The method by which indicators from this instance are expired.	Never Expire
Bypass exclusion list	When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.	N/A