Hi ,
It looks like you're wanting to upload a list IOCs to Cortex XDR. Please see the sceenshot below for a look at the steps to Upload a File for IOC Rules.
I downloaded the example file to get an idea of what it should look like. You can see the sample file below.
IOCs come in the form of Full Path, File Name, Domain, Destination IP, and MD5 or SHA256 Hash. In your text (.txt) file you should place each IOC on it's own line. Cortex XDR has the ability to parse these IOCs and add them appropriately without any additional steps on your end.
When uploading your IOC file you'll be given to the option of what type of IOCs you've entered. You can do a 'Mixed' list as Cortex XDR has the ability to parse these IOCs and add them appropriately without any additional steps on your end. Or a upload a list that only contains 1 type of IOC i.e. File Name. Cortex XDR has the ability to parse these IOCs and add them appropriately without any additional steps on your end.
Uploading an IOC list also has one additional required selection which is severity. From there you can choose any of the options below depending on your individual needs.
Above I described the manual way to add IOCs to Cortex XDR by uploading a file. If you’re looking to do this process programmatically it would require use of the Cortex XDR API.
If the route you want to go is using the API I’m going to leave some resources down below. There are several ways you can interact with the API including writing your own script in Python, Powershell, cURL, or Postman. It really comes down to what you’re comfortable with. Take a look at these resources and if you have any more questions please let me know.
Cortex XDR Postman API Collection
I hope you find this information helpful.
