Skip to main content

IsMaliciousIndicatorFound

Checks if the investigation found any malicious indicators (file, URL, IP address, domain, or email). It will returns "yes" if at least one malicious indicator is found.

Script Data#


NameDescription
Script Typejavascript
TagsUtility, Condition

Inputs#


Argument NameDescription
includeSuspiciousWhether to check suspicious indicators. The default is "no".
queryIndicatorsQueries all indicators in an investigation. This is relevant if it is running in a sub-playbook.
maliciousQueryOverrideWhether to override the default query for malicious indicators in Cortex XSOAR (Indicators page).
includeManualWhether to check manually edited indicators. The default is "yes".

Outputs#


PathDescriptionType
yesWhether any malicious indicators were found in the investigation.Unknown
noWhether any malicious indicators were found in the investigation.Unknown