topic How to push Bulk IOC list in file format to Cortex XDR (IP address,Malicious URLS,Malicious Hashes ) via from XSOAR in Cortex XSOAR Discussions https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-to-push-bulk-ioc-list-in-file-format-to-cortex-xdr-ip/m-p/590921#M3420 <P>Hi Team,</P> <P>&nbsp;</P> <P>I have integrated the Instance&nbsp;<SPAN>Cortex XDR - IOC content pack:&nbsp;Cortex XDR by Palo Alto Networks</SPAN></P> <P>&nbsp;</P> <P><SPAN>kindly help me, below which command to push bulk update IOC indicators to Cortex XDR if am wrong kindly guide me.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Instance = <STRONG>Cortex XDR - IOC </STRONG></SPAN></P> <P>&nbsp;</P> <TABLE width="939"> <TBODY> <TR> <TD width="297">Cortex XDR-IOC</TD> <TD width="642">&nbsp;</TD> </TR> <TR> <TD>xdr-iocs-create-sync-file</TD> <TD width="642">Creates the sync file for the manual process. Run this command when instructed by the XDR support team.</TD> </TR> <TR> <TD>xdr-iocs-disable</TD> <TD width="642">Disables IOCs in the XDR server.</TD> </TR> <TR> <TD>xdr-iocs-enable</TD> <TD width="642">Enables IOCs in the XDR server.</TD> </TR> <TR> <TD>xdr-iocs-push</TD> <TD width="642">Push modified IOCs to Cortex XDR.</TD> </TR> <TR> <TD>xdr-iocs-set-sync-time (Deprecated)</TD> <TD width="642">Set sync time manually. (Do not use this command unless you understand the consequences.)</TD> </TR> <TR> <TD>xdr-iocs-sync</TD> <TD width="642">Sync your IOC with Cortex XDR and delete the old.</TD> </TR> <TR> <TD>xdr-iocs-to-keep-file</TD> <TD width="642">Create a file with all the IOCs that are going to sync to Cortex XDR.</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 02 Jul 2024 12:14:23 GMT cV V 2024-07-02T12:14:23Z How to push Bulk IOC list in file format to Cortex XDR (IP address,Malicious URLS,Malicious Hashes ) via from XSOAR https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-to-push-bulk-ioc-list-in-file-format-to-cortex-xdr-ip/m-p/590921#M3420 <P>Hi Team,</P> <P>&nbsp;</P> <P>I have integrated the Instance&nbsp;<SPAN>Cortex XDR - IOC content pack:&nbsp;Cortex XDR by Palo Alto Networks</SPAN></P> <P>&nbsp;</P> <P><SPAN>kindly help me, below which command to push bulk update IOC indicators to Cortex XDR if am wrong kindly guide me.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Instance = <STRONG>Cortex XDR - IOC </STRONG></SPAN></P> <P>&nbsp;</P> <TABLE width="939"> <TBODY> <TR> <TD width="297">Cortex XDR-IOC</TD> <TD width="642">&nbsp;</TD> </TR> <TR> <TD>xdr-iocs-create-sync-file</TD> <TD width="642">Creates the sync file for the manual process. Run this command when instructed by the XDR support team.</TD> </TR> <TR> <TD>xdr-iocs-disable</TD> <TD width="642">Disables IOCs in the XDR server.</TD> </TR> <TR> <TD>xdr-iocs-enable</TD> <TD width="642">Enables IOCs in the XDR server.</TD> </TR> <TR> <TD>xdr-iocs-push</TD> <TD width="642">Push modified IOCs to Cortex XDR.</TD> </TR> <TR> <TD>xdr-iocs-set-sync-time (Deprecated)</TD> <TD width="642">Set sync time manually. (Do not use this command unless you understand the consequences.)</TD> </TR> <TR> <TD>xdr-iocs-sync</TD> <TD width="642">Sync your IOC with Cortex XDR and delete the old.</TD> </TR> <TR> <TD>xdr-iocs-to-keep-file</TD> <TD width="642">Create a file with all the IOCs that are going to sync to Cortex XDR.</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 02 Jul 2024 12:14:23 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-to-push-bulk-ioc-list-in-file-format-to-cortex-xdr-ip/m-p/590921#M3420 cV V 2024-07-02T12:14:23Z Re: How to push Bulk IOC list in file format to Cortex XDR (IP address,Malicious URLS,Malicious Hashes ) via from XSOAR https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-to-push-bulk-ioc-list-in-file-format-to-cortex-xdr-ip/m-p/590929#M3421 <DIV class="row entry-parent"> <DIV class="floated left aligned sixteen wide mobile six wide tablet sixteen wide computer column"> <DIV class="entry-metadata"> <P class="entry-task-command"><FONT face="arial,helvetica,sans-serif" size="2">I run the below command for IOC push to XDR but show an error expiration time invalid and date cannot be in the past.</FONT></P> <P class="entry-task-command">&nbsp;</P> <P class="entry-task-command"><FONT face="arial,helvetica,sans-serif" size="2">Kindly help me to resolve this error and need to push ioc's to XDR, error screenshot attached for your reference please help me.</FONT></P> <P class="entry-task-command">&nbsp;</P> <P class="entry-task-command"><FONT face="arial,helvetica,sans-serif" size="2"><STRONG><SPAN>Command:</SPAN></STRONG>&nbsp;</FONT></P> <DIV class="display-parent-entry"><FONT face="arial,helvetica,sans-serif" size="2"><STRONG><SPAN class="parent-entry-label ellipsis show-as-link" title="!xdr-iocs-push indicator=&quot;1.179.247.182,45.141.148.220&quot; using=&quot;Cortex XDR - IOC_instance_1&quot; (Cortex XDR - IOC[Cortex XDR - IOC_instance_1])">!xdr-iocs-push indicator="1.179.247.182,45.141.148.220" using="Cortex XDR - IOC_instance_1"</SPAN></STRONG></FONT></DIV> <DIV class="display-parent-entry">&nbsp;</DIV> </DIV> </DIV> </DIV> <DIV class="entry-view vertical-strech"> <DIV class="vertical-strech demisto-data"> <DIV> <DIV class="entry-note-view" data-test-id="entry-note-text"> <DIV> <P class="entry-text-view"><FONT face="arial,helvetica,sans-serif" size="2"><SPAN class="">The following IOCs were not pushed due to following errors: 1.179.247.182: Expiration time 1716529790609 is invalid; expiration date cannot be in the past. 45.141.148.220: Expiration time 1716529790609 is invalid; expiration date cannot be in the past.</SPAN></FONT></P> </DIV> </DIV> </DIV> </DIV> </DIV> Thu, 04 Jul 2024 11:13:51 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-to-push-bulk-ioc-list-in-file-format-to-cortex-xdr-ip/m-p/590929#M3421 cV V 2024-07-04T11:13:51Z Re: How to push Bulk IOC list in file format to Cortex XDR (IP address,Malicious URLS,Malicious Hashes ) via from XSOAR https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-to-push-bulk-ioc-list-in-file-format-to-cortex-xdr-ip/m-p/591192#M3435 <P>Hi Team,</P> <P>&nbsp;</P> <P>For bulk of IOC Lists i.e 100 no's IP's, Hashes, Domain names. how to push from XSOAR to XDR as a file or any form? does anyone worked this usecase scenario, kindly share!</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>For Single or Limit of 10 no's (IP , hashes, Domains Name ) the below command was working.</P> <P>!xdr-iocs-enable indicator="172.15.1.50"&nbsp;</P> <P>!xdr-iocs-push indicator="172.15.1.50"&nbsp;</P> <P>&nbsp;</P> <P>!xdr-iocs-push indicator="fea456b3a78e87c2c99c5997b7255f553495a06a29bd7d4096cf72bfcbe1ed9b"</P> <P>&nbsp;</P> <P>!xdr-iocs-enable indicator="vmtoolsd.exe"</P> <P>&nbsp;</P> <P>Regards,</P> <P>Chiranjeevi</P> Thu, 04 Jul 2024 09:31:29 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/how-to-push-bulk-ioc-list-in-file-format-to-cortex-xdr-ip/m-p/591192#M3435 cV V 2024-07-04T09:31:29Z