Skip to main content


This Script is part of the Common Scripts Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Searches Cortex XSOAR Indicators.

Search for XSOAR Indicators and returns the id, indicator_type, value, and score/verdict.

You can add additional fields from the indicators using the add_field_to_context argument.

Script Data#

Script Typepython3


Argument NameDescription
queryQuery to use to find the Indicators, same as you'd use on the Threat Intel page.
sizeThe number of indicators to return, defaults to a max of 25.
add_fields_to_contextA comma seperated list of fields to return to the context, (default: id,indicator_type,value,score,verdict))


foundIndicators.idThe id of the indicator in the XSOAR database.Unknown
foundIndicators.indicator_typeThe type of Indicator (i.e. IP, Domain, URL, etc)Unknown
foundIndicators.valueThe value of the IndicatorUnknown
foundIndicators.scoreThe numeric score of the indicator (0 = Unknown, 1 = Good, 2 = Suspicious, 3 = Malicious)Unknown
foundIndicators.verdictThe human readable score/verdict of the Indicator.Unknown