Tim/add description of how the indicator relationship is extracted (#40878)

MosheEichler · richardbluestone · web-flow · commit 05f113baf186 · 2025-08-11T08:19:56.000+03:00
* Tim/Taxii2Feed/Add a description of how the indicators are extracted during the fetch * RN * Apply suggestion from @richardbluestone Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com>
diff --git a/Packs/FeedTAXII/Integrations/FeedTAXII2/FeedTAXII2_description.md b/Packs/FeedTAXII/Integrations/FeedTAXII2/FeedTAXII2_description.md
@@ -9,4 +9,18 @@ In case the TAXII 2 server you're trying to connect to requires a custom authent
 Two or more Observation Expressions MAY be combined using a complex observation operator such as "AND", "OR", and "FOLLOWEDBY", e.g. `[ IP = 'b' ] AND [ URL = 'd' ]`. These relationships are not represented in CORTEX XSOAR threat intel management indicators. You can opt to create them while ignoring these relations, or you can opt to ignore these expressions - if you choose to ignore these expressions, then no indicators will be created for complex observations.
 
 ### API Roots and Collections
-Each TAXII server may contain more than one API root with different collections. If the needed API root is not the default one, set the `API Root to Use` parameter with the correct API root title.
+Each TAXII server may contain more than one API root with different collections. If the required API root is not the default one, set the `API Root to Use` parameter to the correct API root.
+
+Note!
+
+The relationships between the indicators are extracted and matched during the indicator construction process. For each indicator, only one indicator is found in the following order of precedence.
+
+- sha-256
+- file
+- IPv4-addr
+- domain-name
+- url
+- email-addr
+- mutex
+- windows-registry-key
+- all other...
diff --git a/Packs/FeedTAXII/ReleaseNotes/1_2_37.md b/Packs/FeedTAXII/ReleaseNotes/1_2_37.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### TAXII 2 Feed
+
+- Documentation and metadata improvements.
diff --git a/Packs/FeedTAXII/pack_metadata.json b/Packs/FeedTAXII/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "TAXII Feed",
     "description": "Ingest indicator feeds from TAXII 1 and TAXII 2 servers.",
     "support": "xsoar",
-    "currentVersion": "1.2.36",
+    "currentVersion": "1.2.37",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
