TIM - Process Indicators - Fully Automated

This playbook tags indicators ingested from high reliability feeds. The playbook is triggered due to a Cortex XSOAR job. The indicators are tagged as approved_white, approved_black, approved_watchlist. The tagged indicators will be ready for consumption for 3rd party systems such as SIEM, EDR etc.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • TIM - Indicator Auto Processing


This playbook does not use any integrations.


This playbook does not use any scripts.


  • appendIndicatorField

Playbook Inputs

NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional

Playbook Outputs

There are no outputs for this playbook.

Playbook Image

Playbook Image