Add Unit 42 Intel Data

Add indicator data from Unit 42 Intel into Cortex XSOAR.
When you add indicators to the Cortex XSOAR threat intel library from Unit 42 Intel, the indicators are available for use in automations and playbooks.
Unit 42 Intel data is not automatically added to the Cortex XSOAR indicator database. When you query for an indicator on the
Threat Intel
page, in some cases the indicator is not in the Cortex XSOAR threat intel library, but exists in Unit 42 Intel. In other cases, the indicator may already be in the Cortex XSOAR threat intel library, but more in depth information is available from Unit 42 Intel.
  1. If the indicator does not exist in Cortex XSOAR, there are two options when adding the data from Unit 42 Intel.
    • Click on
      Add to XSOAR
      The indicator is added to Cortex XSOAR. If the indicator is related to one or more Unit 42 threat intel objects already in Cortex XSOAR (brought in through the Unit 42 Feed integration), relationships are created in the database between the Unit 42 threat intel objects and the file indicator. No third party enrichments are run on the indicator. We recommend using this option if, for security reasons, you do not want to expose the indicator to any third party services.
    • Click on
      Add to XSOAR & Enrich
      The indicator is added to Cortex XSOAR. If the indicator is related to one or more Unit 42 threat intel objects already in Cortex XSOAR (brought in through the Unit 42 Feed integration), relationships are created in the database between the Unit 42 threat intel objects and the file indicator. Your configured third party enrichments are run on the indicator.

Update Indicator with Unit 42 Intel

  1. If the indicator already exists in Cortex XSOAR, but more information is available from Unit 42 Intel, the following options are available:
    • Click on
      Update
      Updated Unit 42 Intel for the indicator is added to Cortex XSOAR. If the indicator is related to one or more Unit 42 threat intel objects already in Cortex XSOAR (brought in through the Unit 42 Feed integration), relationships are created in the database between the Unit 42 threat intel objects and the file indicator. No third party enrichments are run on the indicator. We recommend using this option if, for security reasons, you do not want to expose the indicator to any third party services.
    • Click on
      Update & Enrich
      Updated Unit 42 Intel for the indicator is added to Cortex XSOAR. If the indicator is related to one or more Unit 42 threat intel objects already in Cortex XSOAR (brought in through the Unit 42 Feed integration), relationships are created in the database between the Unit 42 threat intel objects and the file indicator. Your configured third party enrichments are run on the indicator.

Recommended For You