Adds an observable to Palo Alto Cortex as an indicator of compromise. Valid IOC types include: HASH (MD5 or SHA-256 only), IP (IPv4 only), DOMAIN_NAME, and FILENAME. Please refer to the Cortex documentation for information about required licenses and permissions.

Target: Palo Alto Cortex integration target or HTTP Endpoint for "api-your-instance.xdr.region.paloaltonetworks.com" with a path of "/public_api/v1"

Account Key: None if using an integration-provided target, API key and API key ID if using an HTTP Endpoint target

Steps:
[]> Build the authorization headers and request payload
[]> Request the new indicator be added
[]> Check if the request was successful:
[]> If it was, set the output variable
[]> If it wasn't, output an error

More information about this API: https://cortex-panw.stoplight.io/docs/cortex-xdr/24e778d89726d-insert-simple-indicators-json

Palo Alto Cortex - Create IOC