TIM - Process Indicators - Fully Automated
This Playbook is part of the TIM - Indicator Auto-Processing Pack.#
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook tags indicators ingested from high reliability feeds. The playbook is triggered due to a Cortex XSOAR job. The indicators are tagged as approved_allow, approved_block, approved_watchlist. The tagged indicators will be ready for consumption for 3rd party systems such as SIEM, EDR etc.
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
- TIM - Indicator Auto Processing
Integrations#
This playbook does not use any integrations.
Scripts#
This playbook does not use any scripts.
Commands#
- appendIndicatorField
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| Indicator Query | Indicators matching the indicator query will be used as playbook input | Optional |
Playbook Outputs#
There are no outputs for this playbook.
Playbook Image#
