IsMaliciousIndicatorFound

Checks if the investigation found any malicious indicators (file, URL, IP address, domain, or email). It will returns "yes" if at least one malicious indicator is found.

Script Data


NameDescription
Script Typejavascript
TagsUtility, Condition

Inputs


Argument NameDescription
includeSuspiciousWhether to check suspicious indicators. The default is "no".
queryIndicatorsQueries all indicators in an investigation. This is relevant if it is running in a sub-playbook.
maliciousQueryOverrideWhether to override the default query for malicious indicators in Demisto (Indicators page).
includeManualWhether to check manually edited indicators. The default is "yes".

Outputs


PathDescriptionType
yesWhether any malicious indicators were found in the investigation.Unknown
noWhether any malicious indicators were found in the investigation.Unknown