Finds a threshold for ML model, and performs an evaluation based on it.
Base
- Details
- Content
- Dependencies
- Version History
The base pack for Cortex XSOAR.
| Name | Description |
|---|---|
| GetMLModelEvaluation | |
| CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
| DrawRelatedIncidentsCanvas | Draw incidents and indicators on the canvas to map and visualize their connections. |
| DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
| DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
| DBotFindSimilarIncidents | Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
| DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
| FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly
|
| SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
| StixParser | Parse STIX files to Cortex XSOAR indicators by clicking the Upload STIX File button. |
| SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
| ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs. |
| DBotShowClusteringModelInfo | Show clustering model information - model summary and incidents in specific cluster. |
| DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
| CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
| DBotPredictPhishingWords | Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision. |
| DBotTrainClustering | This script helps organizes and groups incidents based on their similarities using clustering algorithms. |
| DBotTrainTextClassifierV2 | Train a machine learning text classifier. |
CommonServer | Common code that will be merged into each server script when it runs. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
| GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
| GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions.
|
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
| HighlightWords | Highlight words inside a given text. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
| Name | Description |
|---|---|
System Health |
| Name | Description |
|---|---|
| SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
| DBotTrainClustering | This script helps organizes and groups incidents based on their similarities using clustering algorithms. |
| HighlightWords | Highlight words inside a given text. |
| DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
CommonServer | Common code that will be merged into each server script when it runs. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs. |
| StixParser | Parse STIX files to Cortex indicators by clicking the Upload STIX File button. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
| ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
| SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
| CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
| DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
| GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
| DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DBotFindSimilarAlertsByIndicators | Finds similar alerts based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
| GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
| CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
| DBotFindSimilarIncidents | Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
DBotFindSimilarAlerts | Finds past similar alerts based on alert fields' similarity. Includes an option to also display indicators similarity. |
| GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions.
|
GetAlertsByQuery | Gets a list of alert objects and the associated alert outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions.
|
| FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly
|
FindSimilarAlertsByText | Deprecated. Use DBotFindSimilarAlerts instead. This automation runs using the default Limited User role, unless you explicitly
|
| DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
| Pack Name | Pack By |
|---|
| Pack Name | Pack By |
|---|
| Pack Name | Pack By |
|---|
Scripts
CommonServerPython
- Added Unified Connector (UCP) parameter interpolation: connector field values are now reshaped into the parameter structure integrations expect (for example, folding username and password into a single
credentialsobject).
CommonServerPowerShell
- Added Unified Connector (UCP) parameter interpolation: connector field values are now reshaped into the parameter structure integrations expect (for example, folding username and password into a single
credentialsobject). - Updated the Docker image to: demisto/powershell:7.5.0.9017890.
CommonServer
- Added Unified Connector (UCP) parameter interpolation: connector field values are now reshaped into the parameter structure integrations expect (for example, folding username and password into a single
credentialsobject).
- 44788
Download
Scripts
StixParser
- Updated the Docker image to: demisto/taxii:1.0.0.10133006.
SanePdfReports
- Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.9988134.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.9793547.
HighlightWords
- Updated the Docker image to: demisto/python3:3.12.13.10116658.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.13.10116658.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.12.13.10116658.
- 44716
Download
Scripts
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
DBotShowClusteringModelInfo
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
HighlightWords
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
- 44128
Download
Scripts
CommonServerPython
- Updated the is_xsiam() function to support unified platform module codes (x1, x3, x5).
- 43591
- 43045
- 43242
- 42931
- 43447
- 43460
- 43536
- 43395
- 43429
- 42713
- 43384
- 43391
- 43477
- 43527
- 43445
- 43500
- 43495
- 42723
- 43412
- 43038
- 43498
- 43548
- 43544
- 43369
- 43542
- 43491
- 43492
- 43336
- 43481
- 43505
- 43577
- 43497
- 43530
- 43575
- 43373
- 43397
- 43573
- 43453
Download
Scripts
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.6144857.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.6144857.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.6144857.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.6144857.
- 42750
Download
Scripts
SearchIndicatorRelationships
- Added support for searchAfter argument that use the SearchAfter token from the preceding response (found in the RelationshipsPagination output path) to indicate the starting point for retrieving the subsequent batch of relationships.
- Added the output RelationshipsPagination which contains the searchAfter token that allows pagination.
- Updated the Docker image to: demisto/python3:3.12.12.6391686.
- 42206
Download
Scripts
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.12.12.6204436.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.12.12.6204436.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.12.6204436.
- 42247
Download
Scripts
CommonServerPython
- Updated the
CommonServerPythonscript with a time-sensitive command timeout strategy inBaseClient. This strategy enforces a strict execution time limit (default 15 seconds) for commands when the indicator extraction mode isinlineby dynamically adjusting API timeouts and disabling retries. For more information, see the indicator extraction modes documentation.
- 41930
Download
Scripts
ValidateContent
- Updated the Docker image to: demisto/xsoar-tools:1.0.0.5493431.
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/sklearn:1.0.0.5898415.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/sklearn:1.0.0.5898415.
- 41956
Download
Scripts
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.12.12.5490952.
HighlightWords
- Updated the Docker image to: demisto/python3:3.12.12.5490952.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.12.12.5490952.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.12.12.5490952.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.12.5490952.
- 41760
Download
Changes are not relevant for XSOAR marketplace.
Scripts
CommonServerPython
Enhanced the argToBoolean function to support additional boolean string values ('y', 'yes', 't', 'true', 'on', '1' for true; 'n', 'no', 'f', 'false', 'off', '0' for false) to replace the deprecated distutils.util.strtobool function and ensure Python 3.12 compatibility.
- 40759
Download
Dashboards
System Health
Documentation and metadata improvements.
Scripts
CommonServerPython
- Updated the CommonServerPython script with new commands arg_to_boolean_or_null.
- Added the QuickActionPreview which serves as a method to standardize outputs when previewing a ticket.
- Added the MirrorObject which serves to standardize outputs for mirrors.
- 40523
Download
Scripts
CommonServerPython
- Added Unified Connector (UCP) parameter interpolation: connector field values are now reshaped into the parameter structure integrations expect (for example, folding username and password into a single
credentialsobject).
CommonServerPowerShell
- Added Unified Connector (UCP) parameter interpolation: connector field values are now reshaped into the parameter structure integrations expect (for example, folding username and password into a single
credentialsobject). - Updated the Docker image to: demisto/powershell:7.5.0.9017890.
CommonServer
- Added Unified Connector (UCP) parameter interpolation: connector field values are now reshaped into the parameter structure integrations expect (for example, folding username and password into a single
credentialsobject).
- 44788
Download
Scripts
StixParser
- Updated the Docker image to: demisto/taxii:1.0.0.10133006.
SanePdfReports
- Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.9988134.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.9793547.
HighlightWords
- Updated the Docker image to: demisto/python3:3.12.13.10116658.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.13.10116658.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.12.13.10116658.
- 44716
Download
Scripts
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
HighlightWords
- Updated the Docker image to: demisto/python3:3.12.13.8428455.
- 44128
Download
Scripts
CommonServerPython
- Updated the is_xsiam() function to support unified platform module codes (x1, x3, x5).
- 43591
- 43045
- 43242
- 42931
- 43447
- 43460
- 43536
- 43395
- 43429
- 42713
- 43384
- 43391
- 43477
- 43527
- 43445
- 43500
- 43495
- 42723
- 43412
- 43038
- 43498
- 43548
- 43544
- 43369
- 43542
- 43491
- 43492
- 43336
- 43481
- 43505
- 43577
- 43497
- 43530
- 43575
- 43373
- 43397
- 43573
- 43453
Download
Scripts
SearchIndicatorRelationships
- Added support for searchAfter argument that use the SearchAfter token from the preceding response (found in the RelationshipsPagination output path) to indicate the starting point for retrieving the subsequent batch of relationships.
- Added the output RelationshipsPagination which contains the searchAfter token that allows pagination.
- Updated the Docker image to: demisto/python3:3.12.12.6391686.
- 42206
Download
Scripts
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.12.12.6204436.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.12.12.6204436.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.12.6204436.
- 42247
Download
Scripts
CommonServerPython
- Updated the
CommonServerPythonscript with a time-sensitive command timeout strategy inBaseClient. This strategy enforces a strict execution time limit (default 15 seconds) for commands when the indicator extraction mode isinlineby dynamically adjusting API timeouts and disabling retries. For more information, see the indicator extraction modes documentation.
- 41930
Download
Scripts
ValidateContent
- Updated the Docker image to: demisto/xsoar-tools:1.0.0.5493431.
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/sklearn:1.0.0.5898415.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/sklearn:1.0.0.5898415.
- 41956
Download
Scripts
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.12.12.5490952.
HighlightWords
- Updated the Docker image to: demisto/python3:3.12.12.5490952.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.12.12.5490952.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.12.12.5490952.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.12.5490952.
- 41760
Download
Changes are not relevant for XSIAM marketplace.
Scripts
CommonServerPython
Enhanced the argToBoolean function to support additional boolean string values ('y', 'yes', 't', 'true', 'on', '1' for true; 'n', 'no', 'f', 'false', 'off', '0' for false) to replace the deprecated distutils.util.strtobool function and ensure Python 3.12 compatibility.
- 40759
Download
Scripts
CommonServerPython
- Updated the CommonServerPython script with new commands arg_to_boolean_or_null.
- 39632
- 39514
- 39503
- 39331
- 39517
- 39516
- 39504
- 39239
- 39499
- 39399
- 39507
- 39518
- 39528
- 39534
- 39536
- 39538
- 39412
- 39422
- 39546
- 39547
- 39549
- 39544
- 39557
- 39523
- 39234
- 39262
- 39564
- 39397
- 39252
- 39558
- 39559
- 39567
- 39404
- 40024
- 40103
- 40105
- 39914
- 39973
- 40106
- 40049
- 40104
- 39644
- 40086
- 40120
- 40017
- 40119
- 40113
- 40107
- 39972
- 40118
- 40117
- 40112
- 40048
- 40124
- 40102
- 39324
- 40038
- 40095
- 40132
- 39535
- 40133
- 40153
- 40154
- 40127
- 40028
- 40162
- 40160
- 40157
- 40134
- 40088
- 40166
- 40111
- 40168
- 40169
- 40167
- 40057
Download
PUBLISHER
PLATFORMS
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | August 2, 2020 | |
| Last Release | June 30, 2026 |
