The Indicator Exclusion List feature in XSOAR is designed to prevent certain IOCs (file hashes, IPs, domains, etc.) from being processed by the platform. The Admin Guide explains that once an indicator is added to the exclusion list, XSOARdoes not extract, enrich, score, or apply verdictsto that indicator during ingestion or field-change extraction. This ensures that benign internal hashes, test indicators, or noisy artifacts do not trigger incidents, enrichments, or correlation rules.
Option B does not reflect platform behavior—XSOAR does not create exclusion tags requiring manual review; instead, itcompletely bypasses extraction and enrichment. Option C is incorrect because excluded indicators do not undergo enrichment or verdict assignment at all. Option D incorrectly suggests that exclusion depends on feed reliability; the exclusion list applies globally and unconditionally.
Therefore, the correct interpretation per the documentation is thatexcluded indicators are never extracted or processed, aligning precisely with optionA.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit