Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm.
Base
- Details
- Content
- Dependencies
- Version History
The base pack for Cortex XSOAR.
Name | Description |
---|---|
DBotSuggestClassifierMapping | |
DBotShowClusteringModelInfo | Show clustering model information - model summary and incidents in specific cluster. |
CommonServer | Common code that will be merged into each server script when it runs. |
DBotPredictPhishingWords | Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly
|
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions.
|
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
DBotTrainTextClassifierV2 | Train a machine learning text classifier. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs. |
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
StixParser | Parse STIX files to Cortex XSOAR indicators by clicking the Upload STIX File button. |
DBotFindSimilarIncidents | Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
HighlightWords | Highlight words inside a given text. |
DBotTrainClustering | This script helps organizes and groups incidents based on their similarities using clustering algorithms. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DrawRelatedIncidentsCanvas | Draw incidents and indicators on the canvas to map and visualize their connections. |
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it. |
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
Name | Description |
---|---|
System Health |
Name | Description |
---|---|
CommonServerPython | Common code that will be merged into each server script when it runs. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
CommonServer | Common code that will be merged into each server script when it runs. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly
|
FindSimilarAlertsByText | Deprecated. Use DBotFindSimilarAlerts instead. This automation runs using the default Limited User role, unless you explicitly
|
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
StixParser | Parse STIX files to Cortex indicators by clicking the Upload STIX File button. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DBotFindSimilarAlertsByIndicators | Finds similar alerts based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
DBotTrainClustering | This script helps organizes and groups incidents based on their similarities using clustering algorithms. |
DBotFindSimilarIncidents | Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
DBotFindSimilarAlerts | Finds past similar alerts based on alert fields' similarity. Includes an option to also display indicators similarity. |
HighlightWords | Highlight words inside a given text. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions.
|
GetAlertsByQuery | Gets a list of alert objects and the associated alert outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions.
|
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it. |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Scripts
CommonServerPython
Enhanced the argToBoolean function to support additional boolean string values ('y', 'yes', 't', 'true', 'on', '1' for true; 'n', 'no', 'f', 'false', 'off', '0' for false) to replace the deprecated distutils.util.strtobool function and ensure Python 3.12 compatibility.
- 40759
Download
Dashboards
System Health
Documentation and metadata improvements.
Scripts
CommonServerPython
- Updated the CommonServerPython script with new commands arg_to_boolean_or_null.
- Added the QuickActionPreview which serves as a method to standardize outputs when previewing a ticket.
- Added the MirrorObject which serves to standardize outputs for mirrors.
- 40523
Download
Scripts
DBotShowClusteringModelInfo
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
- 40221
Download
Scripts
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/sklearn:1.0.0.3150306.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/sklearn:1.0.0.3150306.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
DBotTrainTextClassifierV2
Breaking changes: Before using this version, make sure to update the Machine Learning pack to the latest version. If the Machine Learning pack is not installed, this message can be safely ignored.
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
- 38644
Download
Scripts
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
HighlightWords
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
- 39931
Download
Scripts
DeleteIndicatorRelationships
- Metadata and documentation improvements.
GetIncidentsByQuery
- Metadata and documentation improvements.
DBotPredictPhishingWords
- Metadata and documentation improvements.
DBotBuildPhishingClassifier
- Metadata and documentation improvements.
CreateIndicatorRelationship
- Metadata and documentation improvements.
DBotTrainTextClassifierV2
- Metadata and documentation improvements.
DBotFindSimilarIncidentsByIndicators
- Metadata and documentation improvements.
GetIndicatorsByQuery
- Metadata and documentation improvements.
DBotTrainClustering
- Metadata and documentation improvements.
StixParser
- Metadata and documentation improvements.
ValidateContent
- Metadata and documentation improvements.
DrawRelatedIncidentsCanvas
- Metadata and documentation improvements.
HighlightWords
- Metadata and documentation improvements.
GetMLModelEvaluation
- Metadata and documentation improvements.
DBotPreProcessTextData
- Metadata and documentation improvements.
DBotShowClusteringModelInfo
- Metadata and documentation improvements.
DBotFindSimilarIncidents
- Metadata and documentation improvements.
SanePdfReports
- Metadata and documentation improvements.
- Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3010215.
SearchIndicatorRelationships
- Metadata and documentation improvements.
CheckDockerImageAvailable
- Metadata and documentation improvements.
- 39349
Download
Scripts
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
- 37950
Download
Scripts
CommonServerPython
- Fixed an issue where the new decorator for debugging purposes failed to retrieve the result file from scripts that timeout.
- Added the Tactic indicator object.
FindSimilarIncidentsByText
- Documentation and metadata improvements.
GetIncidentsByQuery
- Documentation and metadata improvements.
- Updated the Docker image to: demisto/python3:3.11.10.116949.
CreateIndicatorRelationship
- Documentation and metadata improvements.
- Updated the Docker image to: demisto/python3:3.11.10.116949.
- 37760
Download
Scripts
CommonServerPython
- Added the is_integration_instance_running_on_engine function which determines whether the current integration instance
runs on an xsoar engine. - Added the get_engine_base_url function which gets an engine ID and returns its base URL.
- Reverted the logging changes in the Demisto class merthods.
- 37538
Download
Scripts
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.105874.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.105874.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.105874.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.105874.
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.105874.
CommonServerPowerShell
- Updated the Docker image to: demisto/powershell:7.4.2.103657.
- 37214
- 37193
Download
Scripts
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.115186.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.115186.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.115186.
HighlightWords
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.11.10.115186.
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139
Download
Scripts
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.112949.
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.112949.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.112949.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.112949.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.112949.
- 37162
- 37154
Download
Scripts
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.113941.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.113941.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.11.10.113941.
DBotShowClusteringModelInfo
- Updated the Docker image to: demisto/python3:3.11.10.113941.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.11.10.113941.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.113941.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.113941.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.11.10.113941.
HighlightWords
- Updated the Docker image to: demisto/python3:3.11.10.113941.
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997
Download
Scripts
CommonServerPython
Enhanced the argToBoolean function to support additional boolean string values ('y', 'yes', 't', 'true', 'on', '1' for true; 'n', 'no', 'f', 'false', 'off', '0' for false) to replace the deprecated distutils.util.strtobool function and ensure Python 3.12 compatibility.
- 40759
Download
Scripts
CommonServerPython
- Updated the CommonServerPython script with new commands arg_to_boolean_or_null.
- 39632
- 39514
- 39503
- 39331
- 39517
- 39516
- 39504
- 39239
- 39499
- 39399
- 39507
- 39518
- 39528
- 39534
- 39536
- 39538
- 39412
- 39422
- 39546
- 39547
- 39549
- 39544
- 39557
- 39523
- 39234
- 39262
- 39564
- 39397
- 39252
- 39558
- 39559
- 39567
- 39404
- 40024
- 40103
- 40105
- 39914
- 39973
- 40106
- 40049
- 40104
- 39644
- 40086
- 40120
- 40017
- 40119
- 40113
- 40107
- 39972
- 40118
- 40117
- 40112
- 40048
- 40124
- 40102
- 39324
- 40038
- 40095
- 40132
- 39535
- 40133
- 40153
- 40154
- 40127
- 40028
- 40162
- 40160
- 40157
- 40134
- 40088
- 40166
- 40111
- 40168
- 40169
- 40167
- 40057
Download
Scripts
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
- 40221
Download
Scripts
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/sklearn:1.0.0.3150306.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/sklearn:1.0.0.3150306.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
- 38644
Download
Scripts
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
HighlightWords
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
- 39931
Download
Scripts
DeleteIndicatorRelationships
- Metadata and documentation improvements.
GetIncidentsByQuery
- Metadata and documentation improvements.
DBotBuildPhishingClassifier
- Metadata and documentation improvements.
CreateIndicatorRelationship
- Metadata and documentation improvements.
DBotFindSimilarIncidentsByIndicators
- Metadata and documentation improvements.
GetIndicatorsByQuery
- Metadata and documentation improvements.
DBotTrainClustering
- Metadata and documentation improvements.
StixParser
- Metadata and documentation improvements.
ValidateContent
- Metadata and documentation improvements.
HighlightWords
- Metadata and documentation improvements.
GetMLModelEvaluation
- Metadata and documentation improvements.
DBotPreProcessTextData
- Metadata and documentation improvements.
DBotFindSimilarIncidents
- Metadata and documentation improvements.
SanePdfReports
- Metadata and documentation improvements.
- Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3010215.
SearchIndicatorRelationships
- Metadata and documentation improvements.
CheckDockerImageAvailable
- Metadata and documentation improvements.
- 39349
Download
Scripts
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
- 37950
Download
Scripts
CommonServerPython
- Fixed an issue where the new decorator for debugging purposes failed to retrieve the result file from scripts that timeout.
- Added the Tactic indicator object.
FindSimilarIncidentsByText
- Documentation and metadata improvements.
GetIncidentsByQuery
- Documentation and metadata improvements.
- Updated the Docker image to: demisto/python3:3.11.10.116949.
CreateIndicatorRelationship
- Documentation and metadata improvements.
- Updated the Docker image to: demisto/python3:3.11.10.116949.
- 37760
Download
Scripts
CommonServerPython
- Added the is_integration_instance_running_on_engine function which determines whether the current integration instance
runs on an xsoar engine. - Added the get_engine_base_url function which gets an engine ID and returns its base URL.
- Reverted the logging changes in the Demisto class merthods.
- 37538
Download
Scripts
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.105874.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.105874.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.105874.
CommonServerPowerShell
- Updated the Docker image to: demisto/powershell:7.4.2.103657.
- 37214
- 37193
Download
Scripts
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.115186.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.115186.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.115186.
HighlightWords
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.11.10.115186.
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139
Download
Scripts
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.113941.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.113941.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.11.10.113941.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.11.10.113941.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.113941.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.113941.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.11.10.113941.
HighlightWords
- Updated the Docker image to: demisto/python3:3.11.10.113941.
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997
Download
PUBLISHER
PLATFORMS
INFO
Certification | Certified | Read more |
Supported By | Cortex | |
Created | August 2, 2020 | |
Last Release | August 27, 2025 |