Configure Threat Intel Report Fields
How to configure threat intel report fields.
Use fields to manually populate a report with relevant data. Fields are included with, and can be added to, report layouts.
Create a Custom Threat Intel Report Field
You can add custom threat intel report fields that don’t exist in Cortex XSOAR out-of-the-box, and then add them to threat intel report layouts.
- Go to.SettingsOBJECTS SETUPThreat Intel ReportsFields
- Add aNew Field.
- Configure the basic settings.FieldDescriptionField NameA meaningful display name for the field. After you type a name, you will see below the field that theMachine nameis automatically populated. The field’s machine name is applicable for searching and the CLI.TooltipAn optional tooltip for the field.Field TypeDetermines the acceptable values for the field. You can add the following field types:Boolean (checkbox)Date pickerGrid (table): Include an interactive, editable grid.HTML: Create and view HTML content, which can be used in any type of indicator. By default, HTML fields do not use Cortex XSOAR theme styles, but can be configured to use existing user themes.Long text: Long text is analyzed and tokenized, and entries are indexed as individual words, enabling you to perform advanced searches and use wildcards. Long text fields cannot be sorted and cannot be used in graphical dashboard widgets. While editing a long text field, pressing enter will create a newline. Case insensitive.Markdown: Add markdown-formatted text as aTemplatewhich will be displayed to users in the field after the report is created. Markdown lets you add basic formatting to text to provide a better end-user experience. A user-friendly Markdown Editor is available when you inline edit the field, which lets you easily apply styles.Multi select / Array: Includes two options a) Multi select from a pre-filled list b) An empty array field for the user to add one or more values as a comma separated list.Number: Can contain any number. Default is 0.Role: Role assigned to the threat intel report, determines which users (by role) can view the report.Short text: Short text is treated as a single unit of text, and is not indexed by word. Advanced search, including wildcards, is not supported. Short text fields are case sensitive by default, but can be changed to case insensitive when creating the field. While editing a short text field, pressing enter will save and close. Maximum length 60,000 characters. Recommended use is one word entries. Examples: username, email address, etc.Single selectTagsTimer/SLAURLUser: A user in the system.Case SensitiveIf selected, the field is case sensitive, which affects how the search results for this field are returned in Cortex XSOAR.MandatoryIf selected, this field is mandatory when used in a form.PlaceholderOptional text to display in the field when it is empty. This text will appear in the layout, but not in the created report. Available for Short text, Long text, Multi select / Array, Tags.
- Configure the attributes.NameDescriptionScript to run when field value changesThe script that dynamically changes the field value when script conditions are met. For a script to be available for use here, it must have thefield-change-triggered-ThreatIntelReporttag, which is added when defining an automation.Run triggered script after Threat Intel Report is modifiedExecutes after the threat intel report is modified, instead of before. By default, the triggered script executes before report modification.Add to all Threat Intel Report typesDetermines for which threat intel report types this field is available. By default, fields are available to all types. To change this, clear the checkbox and select the specific types to which the field is available.Make data available for searchDetermines if the values in these fields are available when searching. By default, this is enabled.
Recommended For You
Recommended videos not found.