Create Indicator
Create an indicator for a possible breach.
Basic Parameters
| Parameter | Description |
|---|---|
| Action | The type of action to apply to detections based on the indicator. |
| Applied Globally | Check to apply the indicator globally across your account. NOTE: If this field is not checked, Host Groups must be provided. |
| Comment | An audit log comment to add to the creation of the indicator. |
| Description | A description for the created indicator. |
| Expiration Date | An expiration date for the created indicator. |
| Filename | Specify to direct the indicator to a single file by its name. |
| Host Groups | A comma-separated list of host groups to apply the indicator to. NOTE: If the indicator is not applied globally, this field must be provided. |
| Mobile Action | Add a mobile action to be initiated in response to detections of this indicator. |
| Platforms | A comma-separated list of platforms to apply the indicator to. |
| Severity | The severity of incidents created based on the created indicator. |
| Source | A source for the indicator. |
| Tags | A comma-separated list of tags for the created indicator. |
| Type | The type of indicator. |
| Value | The value of the indicator. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Ignore Warnings | Check to ignore warnings. |
| Submit To RetroDetects | Whether to submit to RetroDetects. |
Example Output
{
"meta": {
"query_time": 0.221400576,
"pagination": {
"limit": 0,
"total": 1
},
"powered_by": "ioc-manager",
"trace_id": "36df899c-5a2e-460d-90e9-3fc5f3df2e8e"
},
"errors": null,
"resources": [
{
"id": "f8b284e1369a799ab5e124202f208c6e135967505c16a7cab5e93f0c74fb14e6",
"type": "sha256",
"value": "96f16ec81b26451956cc8ebedf7e3d03ec692b9c6ed80dc01c1cb5e26b1d403c",
"action": "prevent",
"severity": "medium",
"metadata": {
"signed": false,
"av_hits": -1
},
"platforms": [
"mac"
],
"expired": false,
"deleted": false,
"applied_globally": true,
"from_parent": false,
"created_on": "2023-03-28T17:38:32.888048982Z",
"created_by": "399e9f5c5cea49c4a5c30eb1467d6880",
"modified_on": "2023-03-28T17:38:32.888048982Z",
"modified_by": "399e9f5c5cea49c4a5c30eb1467d6880"
}
]
}
Workflow Library Example
Create Indicator with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop