IsMaliciousIndicatorFound

Checks if the investigation found any malicious indicators (file, URL, IP address, domain, or email). It will returns "yes" if at least one malicious indicator is found.

Script Data#


NameDescription
Script Typejavascript
TagsUtility, Condition

Inputs#


Argument NameDescription
includeSuspiciousWhether to check suspicious indicators. The default is "no".
queryIndicatorsQueries all indicators in an investigation. This is relevant if it is running in a sub-playbook.
maliciousQueryOverrideWhether to override the default query for malicious indicators in Demisto (Indicators page).
includeManualWhether to check manually edited indicators. The default is "yes".

Outputs#


PathDescriptionType
yesWhether any malicious indicators were found in the investigation.Unknown
noWhether any malicious indicators were found in the investigation.Unknown