Skip to content

Latest commit

 

History

History
54 lines (31 loc) · 1.67 KB

File metadata and controls

54 lines (31 loc) · 1.67 KB
Home

Usage

You can exclude indicators from the extraction process within your FortiSOAR environment by running the Indicator Extraction Configuration wizard.

Following indicator types are available for you to review and edit:

  • IP Addresses
  • URLs
  • Domains
  • Ports
  • Files
  • CIDR Ranges

Launch Configuration Wizard

The Indicator Extraction Configuration widget is available under the Setup Guide Streamline Indicator Extraction Configuration.

  1. Launch Setup Guide.

    setup-guide-launch-point

  2. Click to expand the Streamline section.

    setup-guide-launch-point

  3. Click to expand the Indicator Extraction Configuration section.

    setup-guide-launch-point

  4. Click on Configure Exclude List button under Indicator Extraction Configuration section

    setup-guide-launch-point

Edit Configuration Settings

  1. Review configuration settings and make edits as required. To add an indicator as a colored pill, enter the indicator value and press Enter or Tab on the keyboard.

    setup-guide-launch-point

  2. Click Save to apply and save the changes.

NOTE By default, all these fields are loaded from the Key Store records starting with sfsp-extraction-.