1. Home
    2. Security Operations
    3. Cortex XSOAR
    4. Cortex XSOAR Multi-Tenant Guide
    5. Share Indicators
    6. Share Indicators Overview

    Share Indicators Overview

    Share indicators between tenant accounts by exporting a tenant’s indicators to a shared index and configuring tenants to ingest from shared index. XSOAR
    The share indicators feature requires a Cortex XSOAR Threat Intel Management license and that Cortex XSOAR runs using Elasticsearch.
    Each tenant account has a dedicated shared index in Elasticsearch. When you export a tenant’s indicators, either manually or using the Share Indicators integration, the indicators are stored in the index. This is the index from which other tenants ingest the shared indicators.
    There are two steps when sharing indicators. First, you export a tenant’s local indicators to a shared index. Second, you configure the other tenants to ingest indicators from the shared indexes. There are several ways that tenant accounts ingest, or receive, indicators from the shared index.
    The Share Indicators integration serves two functions in the share indicators flow.
    • When configured on a tenant account, the Share Indicators integration defines which local indicators to export to the shared indicator index.
    • When configured on the main account, the Share Indicators integration defines which indicators to push (share) to tenant accounts. Indicators are shared according to the propagation labels that you apply to the tenant accounts.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo