Updating Cortex XDR EDL from XSOAR

michaelsysec242 — Thu, 09 Jan 2025 09:37:40 GMT

Hello LiveComm,

I am building a use-case in which we want to update and manage the Cortex XDR EDL from the XSOAR. We do not want just to create new IOC's but rather we want to interact with the EDL so that Firewalls can access it correctly. From what I have read on the various documentation the Cortex XDR EDL is not available for API access (Management). Can someone suggest how we can build this or perhaps change the flow of this case to use the export generic indicator service and let the XDR pull what it needs to update the EDL.

Many thanks,

Re: Updating Cortex XDR EDL from XSOAR

JStephan — Thu, 09 Jan 2025 14:53:37 GMT

Hey there,

IMHO an option would be to use XSOAR to handle the EDL completely,

so adding the XDR EDL to XSOAR as a feed and using the generic export to update the firewalls

additional you could use the XDR IOC integration to add indicators to XDR itself if needed

topic Updating Cortex XDR EDL from XSOAR in Cortex XSOAR Discussions

Updating Cortex XDR EDL from XSOAR

Re: Updating Cortex XDR EDL from XSOAR