TIM - Process Indicators - Fully Automated

This playbook tags indicators ingested from high reliability feeds. The playbook is triggered due to a Cortex XSOAR job. The indicators are tagged as approved_white, approved_black, approved_watchlist. The tagged indicators will be ready for consumption for 3rd party systems such as SIEM, EDR etc.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • TIM - Indicator Auto Processing

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

  • appendIndicatorField

Playbook Inputs


NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Playbook Image