https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578276#M3100 <P>Greetings to everyone,</P> <P>With the help of an automation, I extract indicators from incoming incidents. I do this by running commands that createNewIndicator and then enrichIndicator. But these are not written to the context. I need to write them to the context, find out if it is Malicious or Suspicious and send it as an email. When I search with the searchIndicator command, most of the time, it searches without the indicator and the result is misleading.</P> <P>How can I do this in the simplest way?</P> <P>In short, how can I find out whether the indicators I extract are Malicious or not in the simplest way? (I do all of this in automation. But I will create a separate task in the playbook for the "Send mail if malicious" part).</P> Sun, 25 Feb 2024 22:22:18 GMT YilmazDincer 2024-02-25T22:22:18Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578276#M3100 <P>Greetings to everyone,</P> <P>With the help of an automation, I extract indicators from incoming incidents. I do this by running commands that createNewIndicator and then enrichIndicator. But these are not written to the context. I need to write them to the context, find out if it is Malicious or Suspicious and send it as an email. When I search with the searchIndicator command, most of the time, it searches without the indicator and the result is misleading.</P> <P>How can I do this in the simplest way?</P> <P>In short, how can I find out whether the indicators I extract are Malicious or not in the simplest way? (I do all of this in automation. But I will create a separate task in the playbook for the "Send mail if malicious" part).</P> Sun, 25 Feb 2024 22:22:18 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578276#M3100 YilmazDincer 2024-02-25T22:22:18Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578279#M3101 <P>What I really want is to write the DBotScore key in the content. But I don't know how to write it.</P> <P>If I can write it to the context, I can send the scores one by one from there. </P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dbotcontext.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/57847i40B803AFFD96984A/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="dbotcontext.png" alt="dbotcontext.png" /></span></P> Sun, 25 Feb 2024 22:50:19 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578279#M3101 YilmazDincer 2024-02-25T22:50:19Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578387#M3106 <P>Hi,&nbsp;</P> <P>&nbsp;</P> <P>When you run <STRONG>!createNewIndicator</STRONG>, the indicator will be written to context along with the score under the context key <STRONG>CreatedIndicator</STRONG> in your context data. Are you not seeing that behavior?<BR /><BR /></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="jqamruddin_0-1708977353828.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/57861iC39A358402F5CC7D/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="jqamruddin_0-1708977353828.png" alt="jqamruddin_0-1708977353828.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thank you!&nbsp;</P> Mon, 26 Feb 2024 19:56:03 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578387#M3106 jqamruddin 2024-02-26T19:56:03Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578435#M3108 <P>Yes, it doesn't show results. I do this in a custom automation with the command "demisto.executeCommand('createNewIndicator', pseudo, pseudo)".</P> Tue, 27 Feb 2024 08:48:35 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578435#M3108 YilmazDincer 2024-02-27T08:48:35Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578513#M3109 <P>Hi,&nbsp;</P> <P>&nbsp;</P> <P>You will need to use <STRONG>CommandResults</STRONG> class to return the outputs to context in a custom automation. <BR />Here is some documentation on that:&nbsp;<BR /><A href="https://xsoar.pan.dev/docs/integrations/code-conventions#commandresults" target="_blank">https://xsoar.pan.dev/docs/integrations/code-conventions#commandresults</A>&nbsp;</P> <P>&nbsp;</P> <P>Hope that helps!</P> Tue, 27 Feb 2024 16:20:05 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-can-i-get-the-scores-of-the-indicators-i-extract-with/m-p/578513#M3109 jqamruddin 2024-02-27T16:20:05Z