Skip to main content

Cyware Intel Exchange for Cortex XSOAR v8

Notice

Upgrade Notes: If you are upgrading from a version earlier than v8, direct upgrades are not supported. For detailed instructions, see Upgrade Notes.

The Cyware Intel Exchange integration enabled you to connect Intel Exchange threat intelligence workflows with Cortex XSOAR. Using this integration, you can retrieve threat intelligence from Intel Exchange and use it in investigation and response workflows within Cortex XSOAR.

The integration enables security teams to ingest threat intelligence, enrich investigations, and automate actions using Cortex XSOAR playbooks and workflows.

The Cyware Intel Exchange integration in Cortex XSOAR supports the following actions, which you can use in the CLI or Cortex XSOAR playbooks:

  • Add or remove indicators from the allowed list.

  • Search allowed indicators using defined query parameters.

  • Add, remove, and list tags associated with indicators.

  • Search indicators using indicator attributes and source information.

  • Fetch threat data from Cyware Intel Exchange based on configured criteria.

  • Retrieve detailed information for specific indicators.

  • Search STIX Domain Objects (SDOs) available in Cyware Intel Exchange.

  • Fetch saved result sets created from the Intel Exchange rules.

  • List configured sources, source collections, and enrichment tools.

  • Mark indicators for false positive or manual review.

  • Deprecate indicators that are no longer valid.

  • Fetch reports periodically from Cyware Intel Exchange and ingest them as incidents in Cortex XSOAR.

After you configure the integration, Cortex XSOAR begins fetching threat intelligence from Cyware Intel Exchange based on the configured settings. The integration retrieves indicators, incidents, and other intelligence data and makes them available in Cortex XSOAR for investigation, enrichment, and response workflows.

To get started with the integration, see the following actions:

  • Configure Integration: Set up the Cyware Intel Exchange integration in Cortex XSOAR to enable the retrieval of threat intelligence. For more information, see Configure the Intel Exchange App.

  • Use Actions: Run integration commands to search indicators, manage tags, update indicator status, and perform other intelligence- related actions within Cortex XSOAR playbooks or the CLI. For more information, see Manage Indicators and Incidents Using Actions.

  • View Data: View indicators, incidents, and other intelligence retrieved from Cyware Intel Exchange within Cortex XSOAR. For more information, see View Intel Exchange Data in Cortex XSOAR.

Upgrade Notes

Review the following points before upgrading to Cortex XSOAR v8:

  • Incident Field Retention: If you upgrade from an earlier version of Cortex XSOAR, existing incident fields are retained and continue to capture data from Intel Exchange. For new Cortex XSOAR v8 deployments, configure the required incident fields manually. For more information, see View Intel Exchange Data in Cortex XSOAR .

  • Action Mapping Updates: The response format for some actions may change in Cortex XSOAR v8. If you use the output of one action as the input of another, review and update the action configurations in your playbooks to ensure that fields are mapped correctly.