OpenCTI - Cortex XSOAR

The OpenCTI - Cortex XSOAR integration allows you to leverage OpenCTI's cyber threat intelligence database directly within your XSOAR workflows. You can access lists of indicators associated with threats, complete with additional information to support your investigations. You can also contribute to the OpenCTI database by reporting new indicators or updating existing ones.

Key capabilities include:

• Retrieve Indicator Intelligence: Get information about indicators from the OpenCTI database, with the ability to fetch indicators by type and/or score
• Indicator Management: Report new indicators to OpenCTI, delete indicators from the database, and update indicator fields such as score and description. You can also add or remove marking definitions and labels from existing indicators
• Automated Indicator Creation: Use the included "OpenCTI Create Indicator" playbook to create indicators based on provided inputs like indicator type, score, label, external reference name and URL, and more (with only indicator type being mandatory)