Creating exclusions can also accelerate performance. The purpose of excluding these indicators is to reduce the amount internal and common indicators appearing in many incidents and showing only relevant indicators. Excluded indicators are located in the Cortex XSOAR exclusion list and are removed from all of their related incidents and future ones. The indicator query is "investigationsCount:>=X" where X is the number of related incidents to the indicator that you set. This playbooks allows you to exclude indicators according to the number of incidents the indicator is related to. Supported Cortex XSOAR versions: 6.0.0 and later.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |