Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook uses several sub playbooks to process and tag indicators, which is used to identify indicators that shouldn't be blacklisted. For example IP indicators that belong to business partners or important hashes we wish to not process. Additional sub playbooks can be added for improving the business logic and tagging according to the user's needs. This playbook doesn't have its own indicator query as it processes indicators provided by the parent playbook query. To enable the playbook, provide the relevant list names in the sub playbook indicators, such as the ApprovedHashList, OrganizationsExternalIPListName, BusinessPartnersIPListName, etc. Also be sure to append the results of additional sub playbooks to Set indicators to Process Indicators for the additional playbooks results to be in the outputs.
This playbook uses the following sub-playbooks, integrations, and scripts.
- TIM - Process File Indicators With File Hash Type
- TIM - Process Indicators Against Business Partners Domains List
- TIM - Process CIDR Indicators By Size
- TIM - Process Domains With Whois
- TIM - Process Indicators Against Business Partners URL List
- TIM - Process Indicators Against Business Partners IP List
- TIM - Process Indicators Against Approved Hash List
- TIM - Process Indicators Against Organizations External IP List
This playbook does not use any integrations.
This playbook does not use any commands.
There are no inputs for this playbook.
|ProcessedIndicators||The outputs of this playbook are tagged for manual review in the parent playbook or tagged using approved black, approved white etc.||string|