01-09-2025 01:37 AM
Hello LiveComm,
I am building a use-case in which we want to update and manage the Cortex XDR EDL from the XSOAR. We do not want just to create new IOC's but rather we want to interact with the EDL so that Firewalls can access it correctly. From what I have read on the various documentation the Cortex XDR EDL is not available for API access (Management). Can someone suggest how we can build this or perhaps change the flow of this case to use the export generic indicator service and let the XDR pull what it needs to update the EDL.
Many thanks,
MR
01-09-2025 06:53 AM
Hey there,
IMHO an option would be to use XSOAR to handle the EDL completely,
so adding the XDR EDL to XSOAR as a feed and using the generic export to update the firewalls
additional you could use the XDR IOC integration to add indicators to XDR itself if needed
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
