Elasticsearch Feed

Details
Content
Dependencies
Version History

Indicators feed from Elasticsearch database

Integrations

Name	Description
Elasticsearch Feed	Fetches indicators stored in an Elasticsearch database.

Integrations

Name	Description
Elasticsearch Feed	Fetches indicators stored in an Elasticsearch database.

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

1.1.15 - 6180830 (December 7, 2025)

Integrations

Elasticsearch Feed

Fixed an issue where indicator IDs were not properly extracted from Elasticsearch document metadata when missing from the document source.
Updated documentation to include a known limitation regarding indicator type case sensitivity.
Updated the Docker image to: demisto/elasticsearch:1.0.0.5954979.

Related pull requests:
- 41871

Download

1.1.14 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.1.13 - R5469292 (October 20, 2025)

Integrations

Elasticsearch Feed

Metadata and documentation improvements.

Related pull requests:
- 39133

Download

1.1.12 - R2988527 (March 26, 2025)

Integrations

Elasticsearch Feed

Enhanced the feed to mark indicators as enrichment excluded when the tlp color is red.

Related pull requests:
- 38308

Download

1.1.11 - 1931958 (January 6, 2025)

Integrations

Elasticsearch Feed

Updated the Docker image to: demisto/elasticsearch:1.0.0.117175.

Related pull requests:
- 37920

Download

1.1.10 - R1741355 (December 3, 2024)

Integrations

Elasticsearch Feed

Added support for Elasticsearch server version 8.
Updated the Docker image to: demisto/elasticsearch:1.0.0.115427.

Related pull requests:
- 36849

Download

1.1.9 - 1557782 (October 28, 2024)

Integrations

Elasticsearch Feed

Fixed an issue where indicators weren't fetched for Generic Feed Type.
Documentation improvements.

Related pull requests:
- 36745

Download

1.1.8 - 1457639 (October 1, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 36445

Download

1.1.7 - 1363131 (September 9, 2024)

Integrations

Elasticsearch Feed

Added incremental feed indication to yml file.

Related pull requests:
- 35937

Download

1.1.6 - R1324639 (August 29, 2024)

Integrations

Elasticsearch Feed

Removed the When removed from the feed option from the Indicator Expiration Method parameter.

Related pull requests:
- 35353

Download

1.1.5 - 841209 (February 20, 2024)

Integrations

Elasticsearch Feed

Fixed an issue where the fetch-indicators time calculation was inaccurate.

Related pull requests:
- 32778

Download

1.1.4 - 839519 (February 20, 2024)

Integrations

Elasticsearch Feed

Updated the Docker image to: demisto/elasticsearch:1.0.0.87483.

Related pull requests:
- 32995

Download

1.1.3 - 7153835 (December 13, 2023)

Integrations

Elasticsearch Feed

Added fetch-limit parameter to fetch indicators in batches.
Updated the Docker image to: demisto/elasticsearch:1.0.0.83352.

Related pull requests:
- 31377

Download

1.1.2 - 6624640 (October 17, 2023)

Integrations

Elasticsearch Feed

Updated the Docker image to: demisto/elasticsearch:1.0.0.77444.

Related pull requests:
- 30205

Download

1.1.1 - R5866730 (July 25, 2023)

Integrations

Elasticsearch Feed

Fixed an issue where API key based authentication failed due to lack differentiation between authentication methods.
Updated the Docker image to: demisto/py3-tools:1.0.0.64131.

Related pull requests:
- 27614

Download

1.1.0 - 5612872 (June 25, 2023)

Integrations

Elasticsearch Feed

Updated the Docker image to: demisto/py3-tools:1.0.0.64131.
Added support for the Opensearch client.

Related pull requests:
- 27623
- 27333

Download

1.0.32 - R5450895 (June 5, 2023)

Integrations

Elasticsearch Feed

Updated the Docker image to: demisto/py3-tools:1.0.0.45904.

Related pull requests:
- 24139

Download

1.1.15 - 6180830 (December 7, 2025)

Integrations

Elasticsearch Feed

Fixed an issue where indicator IDs were not properly extracted from Elasticsearch document metadata when missing from the document source.
Updated documentation to include a known limitation regarding indicator type case sensitivity.
Updated the Docker image to: demisto/elasticsearch:1.0.0.5954979.

Related pull requests:
- 41871

Download

1.1.14 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.1.13 - R5469292 (October 20, 2025)

Integrations

Elasticsearch Feed

Metadata and documentation improvements.

Related pull requests:
- 39133

Download

1.1.12 - R2988527 (March 26, 2025)

Integrations

Elasticsearch Feed

Enhanced the feed to mark indicators as enrichment excluded when the tlp color is red.

Related pull requests:
- 38308

Download

1.1.11 - 1931958 (January 6, 2025)

Integrations

Elasticsearch Feed

Updated the Docker image to: demisto/elasticsearch:1.0.0.117175.

Related pull requests:
- 37920

Download

1.1.10 - R1741355 (December 3, 2024)

Integrations

Elasticsearch Feed

Added support for Elasticsearch server version 8.
Updated the Docker image to: demisto/elasticsearch:1.0.0.115427.

Related pull requests:
- 36849

Download

1.1.9 - 1557782 (October 28, 2024)

Integrations

Elasticsearch Feed

Fixed an issue where indicators weren't fetched for Generic Feed Type.
Documentation improvements.

Related pull requests:
- 36745

Download

1.1.8 - 1457639 (October 1, 2024)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 36445

Download

1.1.7 - 1363131 (September 9, 2024)

Integrations

Elasticsearch Feed

Added incremental feed indication to yml file.

Related pull requests:
- 35937

Download

1.1.6 - R1324639 (August 29, 2024)

Integrations

Elasticsearch Feed

Removed the When removed from the feed option from the Indicator Expiration Method parameter.

Related pull requests:
- 35353

Download

1.1.5 - 841209 (February 20, 2024)

Integrations

Elasticsearch Feed

Fixed an issue where the fetch-indicators time calculation was inaccurate.

Related pull requests:
- 32778

Download

1.1.4 - 839519 (February 20, 2024)

Integrations

Elasticsearch Feed

Updated the Docker image to: demisto/elasticsearch:1.0.0.87483.

Related pull requests:
- 32995

Download

1.1.3 - 7153835 (December 13, 2023)

Integrations

Elasticsearch Feed

Added fetch-limit parameter to fetch indicators in batches.
Updated the Docker image to: demisto/elasticsearch:1.0.0.83352.

Related pull requests:
- 31377

Download

1.1.2 - 6624640 (October 17, 2023)

Integrations

Elasticsearch Feed

Updated the Docker image to: demisto/elasticsearch:1.0.0.77444.

Related pull requests:
- 30205

Download

1.1.1 - R5866730 (July 25, 2023)

Integrations

Elasticsearch Feed

Fixed an issue where API key based authentication failed due to lack differentiation between authentication methods.
Updated the Docker image to: demisto/py3-tools:1.0.0.64131.

Related pull requests:
- 27614

Download

1.1.0 - 5618116 (June 26, 2023)

Integrations

Elasticsearch Feed

Updated the Docker image to: demisto/py3-tools:1.0.0.64131.
Added support for the Opensearch client.

Related pull requests:
- 27623
- 27333

Download

1.0.32 - R5170573 (May 2, 2023)

Integrations

Elasticsearch Feed

Updated the Docker image to: demisto/py3-tools:1.0.0.45904.

Related pull requests:
- 24139

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	July 20, 2020
Last Release	December 7, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.