Aggregated Scripts

Details
Content
Dependencies
Version History

A pack containing all aggregated scripts.

The Aggregated Scripts pack contains scripts that execute multiple commands, significantly streamlining playbook creation and execution.

What does this pack do?

File indicator enrichment using an array file hashes.

The Aggregated Scripts pack contains scripts that execute multiple commands, significantly streamlining playbook creation and execution.

What does this pack do?

File indicator enrichment using an array file hashes.

Automations

Name	Description
block-external-ip	The script blocks a list of IP addresses in supported integrations.
get-user-data	This script gathers user data from multiple integrations and returns an Account entity with consolidated information to the context.
file-enrichment	This script gathers file reputation data from multiple integrations and returns a "FileEnrichment" object with consolidated information to the context output.
get-endpoint-data	This script gathers endpoint data from multiple integrations and returns an endpoint entity with consolidated information to the context.
clear-user-session	This script clears user sessions across multiple integrations for a list of usernames.

Automations

Name	Description
get-user-data	This script gathers user data from multiple integrations and returns an Account entity with consolidated information to the context.
get-endpoint-data	This script gathers endpoint data from multiple integrations and returns an endpoint entity with consolidated information to the context.
block-external-ip	The script blocks a list of IP addresses in supported integrations.
file-enrichment	This script gathers file reputation data from multiple integrations and returns a "FileEnrichment" object with consolidated information to the context output.
clear-user-session	This script clears user sessions across multiple integrations for a list of usernames.

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
WildFire by Palo Alto Networks	By: Cortex XSOAR

All level dependencies (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

1.0.9 - 4261213 (July 22, 2025)

Scripts

get-endpoint-data

Updated the inputs from agent_id, agent_ip and agent_hostname to endpoint_id, endpoint_ip and endpoint_hostname.
Updated the output structure.
Updated the brand support:
- Removed support for 'Cylance Protect v2', 'VMware Carbon Black EDR v2' and 'ExtraHop v2'.
- Added support for 'FireEyeHX v2'.
Updated the brands argument to support free-text input for multiple brands instead of limiting it to predefined values.

Related pull requests:
- 40691

Download

1.0.7 - 4180042 (July 15, 2025)

Documentation and Metadata improvements.

Related pull requests:
- 40581

Download

1.0.6 - 4166662 (July 14, 2025)

Scripts

get-user-data

Updated the get-user-data script to support retrieving users from Active Directory when providing a user with a domain.

Related pull requests:
- 40588

Download

1.0.5 - 4130170 (July 10, 2025)

Aggregated Scripts

Documentation and Metadata improvements.

Related pull requests:
- 40577

Download

1.0.4 - 4126849 (July 10, 2025)

Aggregated Scripts

Documentation and metadata improvements.

Related pull requests:
- 39712
- 40179

Download

1.0.3 - 4049458 (July 3, 2025)

Aggregated Scripts

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.0.2 - 4029801 (July 1, 2025)

Scripts

block-external-ip

block-external-ip moved from CommonScripts.

get-endpoint-data

get-endpoint-data moved from CommonScripts.

clear-user-session

clear-user-session moved from CommonScripts.

Related pull requests:
- 40431

Download

1.0.1 - 4023265 (July 1, 2025)

Scripts

get-user-data

get-user-data moved from CommonScripts.
Added the additional_fields argument to control whether supplementary fields are included in the script's output. Set it to true to include them.
Documentation and metadata improvements.

Related pull requests:
- 40180

Download

1.0.0 - 3980324 (June 18, 2025)

A pack containing all aggregated scripts.

Download

1.0.9 - 4261213 (July 22, 2025)

Scripts

get-endpoint-data

Updated the inputs from agent_id, agent_ip and agent_hostname to endpoint_id, endpoint_ip and endpoint_hostname.
Updated the output structure.
Updated the brand support:
- Removed support for 'Cylance Protect v2', 'VMware Carbon Black EDR v2' and 'ExtraHop v2'.
- Added support for 'FireEyeHX v2'.
Updated the brands argument to support free-text input for multiple brands instead of limiting it to predefined values.

Related pull requests:
- 40691

Download

1.0.7 - 4180042 (July 15, 2025)

Aggregated Scripts

Documentation and Metadata improvements.

Related pull requests:
- 40581

Download

1.0.6 - 4166662 (July 14, 2025)

Scripts

get-user-data

Updated the get-user-data script to support retrieving users from Active Directory when providing a user with a domain.

Related pull requests:
- 40588

Download

1.0.5 - 4130170 (July 10, 2025)

Aggregated Scripts

Documentation and Metadata improvements.

Related pull requests:
- 40577

Download

1.0.4 - 4126849 (July 10, 2025)

Aggregated Scripts

Documentation and metadata improvements.

Related pull requests:
- 39712
- 40179

Download

1.0.3 - 4049458 (July 3, 2025)

Aggregated Scripts

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.0.2 - 4029801 (July 1, 2025)

Scripts

block-external-ip

block-external-ip moved from CommonScripts.

get-endpoint-data

get-endpoint-data moved from CommonScripts.

clear-user-session

clear-user-session moved from CommonScripts.

Related pull requests:
- 40431

Download

1.0.1 - 4023265 (July 1, 2025)

Scripts

get-user-data

get-user-data moved from CommonScripts.
Added the additional_fields argument to control whether supplementary fields are included in the script's output. Set it to true to include them.
Documentation and metadata improvements.

Related pull requests:
- 40180

Download

1.0.0 - 3980324 (June 18, 2025)

A pack containing all aggregated scripts.

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	June 18, 2025
Last Release	July 22, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.