Skip to main content

Add IOCs - Cofense Vision

This Playbook is part of the Cofense Vision Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

Add or update IOCs in Cofense Vision.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • Cofense Vision


  • Set
  • ConvertDictOfListToListOfDict


  • cofense-iocs-update

Playbook Inputs#

NameDescriptionDefault ValueRequired
sourceA single IOC source value, to fetch the IOCs added or modified by that particular source. The value for source can contain uppercase letters, lowercase letters, numbers, and certain special characters ("." , "-" , "_" , "~").

Example: “Traige-1” or “IOC_Source-2”.
threat_typeType of the IOC.

Supported values: Domain, MD5, Sender, SHA256, Subject, or URL.
threat_valueThe actual value of the IOC match in the email.Required
threat_levelThe severity of the IOC.Required
created_atThe UTC date and time, the IOC source included the IOC for the first time.Required
updated_atThe UTC date and time, the IOC source last updated the IOC.Optional
source_idThe unique identifier assigned by the IOC source.Required
requested_expirationThe expected UTC expiration date and time. The IOC repository
calculates an expiration date and time for the new IOC by default 14 days after the IOC is delivered to the IOC repository.

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Add IOCs - Cofense Vision