Base

Details
Content
Dependencies
Version History

The base pack for Cortex XSOAR.

Automations

Name	Description
FindSimilarIncidentsByText	Deprecated. Use DBotFindSimilarIncidents instead. Find similar incidents by text comparison - the algorithm based on TF-IDF method. To read more about this method: https://en.wikipedia.org/wiki/Tf%E2%80%93idf This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
GetIncidentsByQuery	Gets a list of incident objects and the associated incident outputs that match the specified query and filters. The results are returned in a structured data file. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
SanePdfReports	Parse Sane-json-reports and export them as pdf files (used internally).
WordTokenizerNLP	Deprecated. Use DBotPreProcessTextData instead.
DBotPredictPhishingWords	Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision.
HighlightWords	Highlight words inside a given text.
CommonServer	Common code that will be merged into each server script when it runs.
CreateIndicatorRelationship	This automation creates a relationship between indicator objects.
DBotShowClusteringModelInfo	Show clustering model information - model summary and incidents in specific cluster.
GetMLModelEvaluation	Finds a threshold for ML model, and performs an evaluation based on it.
DBotFindSimilarIncidents	Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. Note: For the similarity calculation, at least one field must be provided in one of the "similarTextField", "similarCategoricalField", or "similarJsonField" arguments.
DrawRelatedIncidentsCanvas	Draw incidents and indicators on the canvas to map and visualize their connections.
StixParser	Parse STIX files to Cortex XSOAR indicators by clicking the Upload STIX File button.
DBotFindSimilarIncidentsByIndicators	Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity.
DBotMLFetchData	Deprecated. No available replacement. Collect telemetry data from the environment.
DBotSuggestClassifierMapping	Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm.
DBotBuildPhishingClassifier	Create a phishing classifier using machine learning technique, based on email content.
GetIndicatorsByQuery	Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file.
DBotTrainClustering	This script helps organizes and groups incidents based on their similarities using clustering algorithms. Clustering is a technique used to group data points (in this case, incidents) that are similar to each other into clusters. Used to automatically categorize a large number of incidents into meaningful groups.
DeleteIndicatorRelationships	This automation allows to delete a relationship between indicator objects based on the relationship id.
SearchIndicatorRelationships	This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain.
ValidateContent	Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow.
DBotTrainTextClassifierV2	Train a machine learning text classifier.
CheckDockerImageAvailable	Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error.
SaneDocReports	Parse Sane-json-reports and export them as docx files (used internally).
DBotPreProcessTextData	Pre-process text data for the machine learning text classifier.
CommonServerPython	Common code that will be merged into each server script when it runs.
CommonServerPowerShell	Common code that will be merged into each PowerShell script/integration when it runs.

Dashboards

Name	Description
System Health

Automations

Name	Description
WordTokenizerNLP	Deprecated. Use DBotPreProcessTextData instead.
CommonServer	Common code that will be merged into each server script when it runs.
ValidateContent	Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow.
FindSimilarIncidentsByText	Deprecated. Use DBotFindSimilarIncidents instead. Find similar incidents by text comparison - the algorithm based on TF-IDF method. To read more about this method: https://en.wikipedia.org/wiki/Tf%E2%80%93idf This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
FindSimilarAlertsByText	Deprecated. Use DBotFindSimilarAlerts instead. Find similar alerts by text comparison - the algorithm based on TF-IDF method. To read more about this method: https://en.wikipedia.org/wiki/Tf%E2%80%93idf This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
DBotBuildPhishingClassifier	Create a phishing classifier using machine learning technique, based on email content.
DBotFindSimilarIncidents	Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. Note: For the similarity calculation, at least one field must be provided in one of the "similarTextField", "similarCategoricalField", or "similarJsonField" arguments.
DBotFindSimilarAlerts	Finds past similar alerts based on alert fields' similarity. Includes an option to also display indicators similarity. Note: For the similarity calculation, at least one field must be provided in one of the "similarTextField", "similarCategoricalField", or "similarJsonField" arguments.
HighlightWords	Highlight words inside a given text.
StixParser	Parse STIX files to Cortex indicators by clicking the Upload STIX File button.
SaneDocReports	Parse Sane-json-reports and export them as docx files (used internally).
GetIncidentsByQuery	Gets a list of incident objects and the associated incident outputs that match the specified query and filters. The results are returned in a structured data file. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
GetAlertsByQuery	Gets a list of alert objects and the associated alert outputs that match the specified query and filters. The results are returned in a structured data file. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
DBotTrainClustering	This script helps organizes and groups incidents based on their similarities using clustering algorithms. Clustering is a technique used to group data points (in this case, incidents) that are similar to each other into clusters. Used to automatically categorize a large number of incidents into meaningful groups.
DBotSuggestClassifierMapping	Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm.
DBotFindSimilarIncidentsByIndicators	Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity.
DBotFindSimilarAlertsByIndicators	Finds similar alerts based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity.
CommonServerPowerShell	Common code that will be merged into each PowerShell script/integration when it runs.
DBotPreProcessTextData	Pre-process text data for the machine learning text classifier.
DBotMLFetchData	Deprecated. No available replacement. Collect telemetry data from the environment.
SearchIndicatorRelationships	This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain.
CreateIndicatorRelationship	This automation creates a relationship between indicator objects.
GetIndicatorsByQuery	Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file.
SanePdfReports	Parse Sane-json-reports and export them as pdf files (used internally).
CommonServerPython	Common code that will be merged into each server script when it runs.
GetMLModelEvaluation	Finds a threshold for ML model, and performs an evaluation based on it.
DeleteIndicatorRelationships	This automation allows to delete a relationship between indicator objects based on the relationship id.
CheckDockerImageAvailable	Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error.

1.39.16 - 2005224 (January 16, 2025)

Scripts

CommonServerPython

Fixed performance issues.

Related pull requests:
- 38203

Download

1.39.15 - 1989294 (January 14, 2025)

Scripts

CommonServerPython

Improved implementation.

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.1902141.

Related pull requests:
- 38052
- 37927

Download

1.39.13 - 1977897 (January 13, 2025)

Scripts

ValidateContent

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release

Related pull requests:
- 38105

Download

1.39.12 - 1953876 (January 9, 2025)

Scripts

CommonServerPython

Logging improvements.

Related pull requests:
- 37901

Download

1.39.11 - 1946497 (January 8, 2025)

Scripts

DBotPreProcessTextData

Documentation and metadata improvements.

Related pull requests:
- 37922

Download

1.39.10 - 1938781 (January 7, 2025)

Scripts

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotTrainTextClassifierV2

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/ml:1.0.0.1870375.

Related pull requests:
- 37950

Download

1.39.9 - 1935630 (January 6, 2025)

Scripts

DBotMLFetchData

Code functionality improvements.

Related pull requests:
- 37472

Download

1.39.8 - 1931958 (January 6, 2025)

Scripts

ValidateContent

Updated the test playbook for ValidateContent script.

Related pull requests:
- 37916

Download

1.39.7 - 1912033 (January 2, 2025)

Scripts

ValidateContent

Updated the script to utilize up-to-date validation logic from demisto-sdk.

Related pull requests:
- 37182

Download

1.39.6 - 1909729 (January 1, 2025)

Scripts

ValidateContent

Code functionality improvements.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.1808549.

Related pull requests:
- 37718

Download

1.39.5 - 1903608 (December 31, 2024)

Scripts

SanePdfReports

Fixed an issue where generating a report with HTML section would fail due to blocked image URLs.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.1899219.

Related pull requests:
- 37878

Download

1.39.4 - 1862748 (December 24, 2024)

Scripts

CommonServerPython

Fixed an issue where send_events_to_xsiam would fail due to timeout issues.

Related pull requests:
- 37804

Download

1.39.3 - 1855875 (December 23, 2024)

Scripts

CommonServerPython

log improvement.

Related pull requests:
- 37677

Download

1.39.2 - 1834150 (December 18, 2024)

Scripts

CommonServerPython

Fixed an issue where the new decorator for debugging purposes failed to retrieve the result file from scripts that timeout.
Added the Tactic indicator object.

FindSimilarIncidentsByText

Documentation and metadata improvements.

GetIncidentsByQuery

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

CreateIndicatorRelationship

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37760

Download

1.38.3 - 1820015 (December 16, 2024)

Scripts

CommonServerPython

Added support for multithreading when using send_events_to_xsiam.

Related pull requests:
- 37599

Download

1.38.2 - 1793696 (December 11, 2024)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.117810.

Related pull requests:
- 37639

Download

1.38.1 - 1773546 (December 8, 2024)

Scripts

CommonServerPython

Added a new decorator for debugging purposes, allowing users to profile code execution time and performance.

Related pull requests:
- 37440

Download

1.38.0 - 1745299 (December 3, 2024)

Scripts

CommonServerPython

Updated the IP class to return an IPv6 indicator based on the provided ip_type.

Related pull requests:
- 37411

Download

1.37.0 - 1741355 (December 3, 2024)

Scripts

CommonServerPython

Added the is_integration_instance_running_on_engine function which determines whether the current integration instance
runs on an xsoar engine.
Added the get_engine_base_url function which gets an engine ID and returns its base URL.
Reverted the logging changes in the Demisto class merthods.

Related pull requests:
- 37538

Download

1.36.1 - 1738579 (December 2, 2024)

Scripts

DrawRelatedIncidentsCanvas

Updated the Docker image to: demisto/sklearn:1.0.0.117326.

Related pull requests:
- 37425
- 37421
- 37419
- 37422
- 37418
- 37420

Download

1.36.0 - 1731907 (December 1, 2024)

Scripts

CommonServerPython

Logging improvements for the Demisto class methods.

Related pull requests:
- 37212

Download

1.35.6 - 1727922 (December 1, 2024)

Scripts

CommonServerPython

Added support for decoding to binary base 64 provided strings with no padding, to avoid "Incorrect padding" error.

Related pull requests:
- 37418
- 37340
- 37425
- 37419
- 37421
- 37420
- 37422

Download

1.35.5 - 1679416 (November 20, 2024)

Scripts

StixParser

Updated the Docker image to: demisto/taxii:1.0.0.116749.

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.117145.

Related pull requests:
- 37298
- 37292
- 37293
- 37294

Download

1.35.4 - 1673120 (November 19, 2024)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.4.6.116823.

Related pull requests:
- 37287
- 37283

Download

1.35.3 - 1669335 (November 19, 2024)

Scripts

CommonServerPython

Added an option to the Account entity to receive custom fields.

Related pull requests:
- 37248

Download

1.35.2 - 1666862 (November 18, 2024)

Scripts

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.105874.

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotTrainTextClassifierV2

Updated the Docker image to: demisto/ml:1.0.0.105874.

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.4.2.103657.

Related pull requests:
- 37214
- 37193

Download

1.35.0 - 1663384 (November 18, 2024)

Scripts

CommonServerPython

Added new fields to Common.File, Common.URL, Common.Domain, Common.IP indicator classes:

organization_prevalence
globally_prevalence
organization_first_seen
organization_last_seen
first_seen_by_source
last_seen_by_source

Related pull requests:
- 37022

Download

1.34.47 - 1647729 (November 14, 2024)

Scripts

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.11.10.115186.

HighlightWords

Updated the Docker image to: demisto/python3:3.11.10.115186.

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

1.34.46 - 1624996 (November 11, 2024)

Scripts

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.112949.

DBotTrainTextClassifierV2

Updated the Docker image to: demisto/ml:1.0.0.112949.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.112949.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.112949.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.112949.

Related pull requests:
- 37162
- 37154

Download

1.34.45 - 1615839 (November 10, 2024)

Scripts

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.115559.

Related pull requests:
- 37115
- 37109

Download

1.34.44 - 1609112 (November 7, 2024)

Scripts

DBotFindSimilarIncidentsByIndicators

Fixed an issue where the script would fail to run if the fieldsIncidentToDisplay argument received an unpopulated field in the incidents.
Updated the Docker image to: demisto/ml:1.0.0.112949.

Related pull requests:
- 37116

Download

1.34.43 - 1602991 (November 6, 2024)

Scripts

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.11.10.113941.

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.11.10.113941.

CreateIndicatorRelationship

Updated the Docker image to: demisto/python3:3.11.10.113941.

DBotShowClusteringModelInfo

Updated the Docker image to: demisto/python3:3.11.10.113941.

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.11.10.113941.

DeleteIndicatorRelationships

Updated the Docker image to: demisto/python3:3.11.10.113941.

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.11.10.113941.

DBotBuildPhishingClassifier

Updated the Docker image to: demisto/python3:3.11.10.113941.

HighlightWords

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

1.34.42 - 1569341 (October 30, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 36816

Download

1.34.41 - 1480610 (October 8, 2024)

Scripts

CommonServerPython

Improved implementation of log outputs to avoid printing secrets.

Related pull requests:
- 36586

Download

1.34.40 - 1475337 (October 7, 2024)

Scripts

CommonServerPython

Update the Account entity with the following fields:

Manager Email
Manager Display Name
Risk Level

Related pull requests:
- 36026

Download

1.34.39 - 1467584 (October 6, 2024)

Scripts

CommonServerPython

Updated the IndicatorsSearcher class to support a custom search_after parameter during initialization.

Related pull requests:
- 35942

Download

1.34.38 - 1414617 (September 22, 2024)

Scripts

DBotTrainTextClassifierV2

Improved the readable output.

DBotFindSimilarIncidents

Improved the readable output for Cortex XSIAM.

Related pull requests:
- 35216

Download

1.34.37 - R1373264 (September 11, 2024)

Scripts

SanePdfReports

Improved legend values visibility.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.108777.

Related pull requests:
- 36080

Download

1.34.36 - 1320807 (August 28, 2024)

Scripts

CommonServerPython

Fixed an issue where running scripts from dynamic sections returned an unexpected metrics entry.

Related pull requests:
- 35967

Download

1.34.35 - 1309186 (August 26, 2024)

Scripts

CheckDockerImageAvailable

Internal code improvements.
Updated the Docker image to: demisto/python3:3.11.9.107902.

Related pull requests:
- 36003

Download

1.34.34 - 1259921 (August 11, 2024)

Scripts

FindSimilarIncidentsByText

Maintenance and stability enhancements.

Related pull requests:
- 35643

Download

1.34.33 - 1241052 (August 4, 2024)

Scripts

DBotTrainClustering

Code refactor and general improvements.
Updated the Docker image to: demisto/mlclustering:1.0.0.105775.

Related pull requests:
- 35421

Download

1.34.32 - 1238470 (August 4, 2024)

Scripts

CommonServerPython

Enhance send_data_to_xsiam to support custom snapshot IDs in chunks.

Related pull requests:
- 35580

Download

1.34.31 - 1234417 (August 1, 2024)

Scripts

DBotTrainTextClassifierV2

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/ml:1.0.0.105874.

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.105874.

Related pull requests:
- 35708
- 35643

Download

1.34.30 - R1221739 (July 29, 2024)

Scripts

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.104430.

Related pull requests:
- 35599

Download

1.34.29 - 1179382 (July 15, 2024)

Scripts

DBotTrainTextClassifierV2

Updated the Docker image to: demisto/ml:1.0.0.103517.

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/ml:1.0.0.103517.

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.103517.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.103517.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.103517.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.103517.

Related pull requests:
- 35422

Download

1.34.28 - 1169083 (July 11, 2024)

Scripts

DBotTrainTextClassifierV2

Updated the Docker image to: demisto/ml:1.0.0.101889.

DBotBuildPhishingClassifier

Changed the Docker image to: demisto/python3:3.11.9.101916.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.101889.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.101889.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.101889.

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.101889.

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/ml:1.0.0.101889.

Related pull requests:
- 35081

Download

1.34.27 - R1164474 (July 10, 2024)

Scripts

CommonServerPython

Added a functionality to read server configuration.

Related pull requests:
- 35038

Download

1.34.26 - 1155254 (July 7, 2024)

Scripts

CommonServerPython

Removed support for the DemistoWrapper class in python2 integrations and scripts. This fixes an issue where the following error was encountered for python2 integrations and scripts: TypeError: super() argument 1 must be type, not classobj

Related pull requests:
- 35283
- 35343

Download

1.34.25 - 1150618 (July 5, 2024)

Scripts

CommonServerPython

Fixed an issue where sending data to xsiam did not work with large data.

Related pull requests:
- 34437

Download

1.34.24 - 1149551 (July 4, 2024)

Scripts

CommonServerPython

Added a function is_using_engine to check if platform is using engine.

Related pull requests:
- 35206

Download

1.34.23 - 1146238 (July 3, 2024)

Scripts

CommonServerPython

Documentation and metadata improvements.
The DemistoWrapper is now utilized in all integrations and scripts.

Related pull requests:
- 35211

Download

1.34.21 - 1142826 (July 2, 2024)

Scripts

DBotFindSimilarIncidentsByIndicators

Fixed an issue where the populateFields argument didn't accept a pipe (|) as a separator.

DBotFindSimilarIncidents

Fixed an issue where the populateFields argument didn't accept a pipe (|) as a separator.

GetIncidentsByQuery

Fixed an issue where the populateFields argument didn't accept a pipe (|) as a separator.

Related pull requests:
- 35176

Download

1.34.20 - 1139196 (July 1, 2024)

Scripts

CommonServerPython

Update the request timeout for the generic_http_request function to 60 seconds.

Related pull requests:
- 35149

Download

1.34.19 - 1136970 (July 1, 2024)

Scripts

CommonServerPython

Revert version 1.34.15 due to an issue in generic_http_request causing improper handling of files.

Related pull requests:
- 35132

Download

1.34.18 - 1133773 (June 30, 2024)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.99838.

Related pull requests:
- 35105

Download

1.34.17 - 1129454 (June 27, 2024)

Scripts

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.99061.

Related pull requests:
- 35076
- 34760

Download

1.34.16 - 1114769 (June 23, 2024)

Scripts

SanePdfReports

Added support for large customer logos up to 5MB.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.96883.

Related pull requests:
- 34862

Download

1.34.15 - 1109132 (June 20, 2024)

Scripts

CommonServerPython

WARNING: This version is invalid. Please install a different version.

Related pull requests:
- 35132
- 34545

Download

1.34.14 - 1106228 (June 19, 2024)

Scripts

SanePdfReports

Fixed an issue where the script failed when running multiple reports simultaneously.

Related pull requests:
- 34931

Download

1.34.13 - R1104278 (June 19, 2024)

Scripts

CommonServerPython

Updated the return_error function to truncate long error messages.

Related pull requests:
- 34823

Download

1.34.12 - 1096899 (June 16, 2024)

Scripts

CommonServerPython

Removed previously added support for determining which script runs in the Docker container.

Related pull requests:
- 34880

Download

1.34.11 - 1082615 (June 10, 2024)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34804

Download

1.34.10 - 1070867 (June 5, 2024)

Scripts

CommonServerPython

Fixed an issue where the script information was not available in cloud environments.

Related pull requests:
- 34681

Download

1.34.9 - 1064007 (June 3, 2024)

Scripts

CommonServerPython

Added support for determining which script runs in the Docker container.

Related pull requests:
- 34445

Download

1.34.8 - 1061293 (June 2, 2024)

Scripts

CommonServerPython

Fixed an issue which caused email enrichers to save results in the wrong context key. Email key was changed to Account.Email. This change might affect the following integrations which output Email indicators to context:

Anomali Threat Stream V3
Cofense Intelligence V2
Eclectic IQ Intelligence Center V3
Email Hippo
IP Quality Score
MISP V3
Reversing Labs Titanium Cloud V2
SEKOIA Intelligence Center
Threat Zone
VM Ray

Related pull requests:
- 34684
- 33924

Download

1.34.7 - 1049953 (May 28, 2024)

Scripts

SanePdfReports

Fixed an issue where SLA fields would be missing information from table sections when exported in CSV format.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.95847.

Related pull requests:
- 34539

Download

1.34.6 - R1049063 (May 27, 2024)

Scripts

CommonServer

Fixed the tableToMarkdown function to handle text with bad formatting.

Related pull requests:
- 34455

Download

1.34.5 - 1031157 (May 21, 2024)

Scripts

DBotFindSimilarIncidents

Documentation, error messaging, and logging improvements.
Updated the Docker image to: demisto/ml:1.0.0.94241.

Related pull requests:
- 34410

Download

1.34.4 - 1025939 (May 19, 2024)

Scripts

CommonServerPython

Updated the Retry mechanism to include the methods PATCH and DELETE.

Related pull requests:
- 34406

Download

1.34.3 - 1023216 (May 17, 2024)

Scripts

DBotTrainTextClassifierV2

Changed the script's behavior to return an informative non-error message when no incidents are received in the input file instead of returning an error.

Related pull requests:
- 34347

Download

1.34.2 - 1021616 (May 16, 2024)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.93953.

Related pull requests:
- 34377

Download

1.34.1 - 1011309 (May 12, 2024)

Scripts

DBotTrainTextClassifierV2

Improved handling of the script arguments.
Updated the Docker image to: demisto/ml:1.0.0.93129.

Related pull requests:
- 33965

Download

1.34.0 - 1005026 (May 8, 2024)

Scripts

CommonServerPython

Added a wrapper for the Demisto class.

Related pull requests:
- 33248

Download

1.33.54 - 1002031 (May 7, 2024)

Scripts

CommonServerPython

Added the is_time_sensitive method, indicating whether the current code is a reputation command called with auto-extract=inline.

Related pull requests:
- 34196

Download

1.33.53 - 998827 (May 6, 2024)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34212

Download

1.33.52 - 975934 (April 24, 2024)

Scripts

CommonServerPython

Added the generic_http_request method.
Added the safe_sleep method.

Related pull requests:
- 33466

Download

1.33.51 - 956366 (April 15, 2024)

Scripts

CommonServerPython

Improved implementation of generating curl commands within the logs.

Related pull requests:
- 33935

Download

1.33.50 - 940291 (April 7, 2024)

Scripts

CommonServerPython

Added FileAttachmentType Enum to used it in PreprocessEmail script to handle inline image attachments correctly.

Related pull requests:
- 33651

Download

1.33.49 - 938811 (April 7, 2024)

Scripts

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.90942.

Related pull requests:
- 33641
- 33516
- 33519
- 33515
- 33329
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
- 33535
- 33534
- 33537
- 33552
- 33580
- 33553
- 33418
- 33583
- 33555
- 33556
- 33559
- 33560
- 33619
- 33591
- 33602
- 33600
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458

Download

1.33.48 - R934602 (April 4, 2024)

Scripts

CommonServerPython

Added support for the x509-certificate indicator-type.

Related pull requests:
- 33106

Download

1.33.47 - 927547 (April 1, 2024)

Scripts

SanePdfReports

Fixed an issue where a table section wouldn't display the complete data.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.91719.

CommonServerPython

Added support for proxy settings when running send_events_to_xsiam.

Related pull requests:
- 33324

Download

1.33.45 - 921333 (March 28, 2024)

Scripts

SanePdfReports

Fixed an issue where script flag arguments were treated as boolean instead of string when using them as internal command arguments.

Related pull requests:
- 33622

Download

1.33.44 - 919001 (March 27, 2024)

Scripts

SanePdfReports

Add utf8 BOM support when using CSV report.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.91529.

Related pull requests:
- 33567

Download

1.33.43 - 904622 (March 20, 2024)

Scripts

SanePdfReports

Fixed an issue where a widgets reference line would not be visible.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.90542.

Related pull requests:
- 33456

Download

1.33.41 - 897231 (March 18, 2024)

Scripts

CommonServerPython

Improved implementation of ConnectionError handling.

Related pull requests:
- 33203

Download

1.33.40 - 889167 (March 13, 2024)

Scripts

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.88591.

Related pull requests:
- 33304

Download

1.33.39 - 886558 (March 12, 2024)

Scripts

CommonServerPython

Improved implementation to prevent sensitive information from being logged.

Related pull requests:
- 33224
- 31702

Download

1.33.38 - 873658 (March 6, 2024)

Scripts

CommonServerPython

Added a utility function comma_separated_mapping_to_dict that gets a comma-separated mapping key1=value1,key2=value2,... and transforms it into a dictionary object.

Related pull requests:
- 33140

Download

1.33.37 - 863001 (March 3, 2024)

Scripts

CommonServerPython

Added ignore to sleep method to satisfy linters.

GetIncidentsByQuery

Moved the implementation to GetIncidentsApiModule.
The includeContext argument is now deprecated due to performance considerations. Rather than using this argument, it is recommended to retrieve the context of the incidents separately, preferably for a limited number of incidents.
Updated the Docker image to: demisto/python3:3.10.13.87159.

DBotFindSimilarIncidentsByIndicators

Internal code enhancements for improved performance.
Updated the Docker image to: demisto/ml:1.0.0.88591.

DBotFindSimilarIncidents

Internal code enhancements for improved performance.
Updated the Docker image to: demisto/ml:1.0.0.88591.

Related pull requests:
- 33028

Download

1.33.35 - 842208 (February 21, 2024)

Scripts

CommonServerPython

Fixed an issue where, in some cases, an AttributeError was raised during the destruction of a BaseClient object.

Related pull requests:
- 33044

Download

1.33.34 - 839519 (February 20, 2024)

Scripts

CommonServerPython

Added support for execution metrics in the BaseClient class.

DrawRelatedIncidentsCanvas

Updated the Docker image to: demisto/sklearn:1.0.0.86554.

Related pull requests:
- 32760

Download

1.33.32 - 837109 (February 19, 2024)

Scripts

CommonServerPython

Added support for long running integrations handle proxies.

Related pull requests:
- 31633

Download

1.33.31 - 836299 (February 18, 2024)

Scripts

DeleteIndicatorRelationships

Updated the Docker image to: demisto/python3:3.10.13.86272.

DBotShowClusteringModelInfo

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32446

Download

1.33.30 - 831507 (February 15, 2024)

Scripts

GetIndicatorsByQuery

Added the ALL option to the populateFields in order to get all the populated fields available.
Updated the automation to always use the populateFields - This is a breaking change! Make sure the value of this field is suitable for you.
Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32879

Download

1.33.29 - 829761 (February 15, 2024)

Scripts

CommonServerPython

Maintenance and stability enhancements.

Related pull requests:
- 32931

Download

1.33.28 - 827009 (February 14, 2024)

Scripts

CommonServerPython

Fixed an issue where the Tags input for CommandResult was incorrectly set as a boolean instead of a list.

Related pull requests:
- 32794

Download

1.33.27 - R823153 (February 12, 2024)

Scripts

CommonServerPython

Added the retry decorator to allow retrying executing functions in case of exceptions.

Related pull requests:
- 32105
- 32493

Download

1.33.26 - 811489 (February 7, 2024)

Scripts

CommonServerPython

Added the ability to create a clickable URL with different text than the link.

Related pull requests:
- 31584
- 22875
- 23810
- 24259
- 24291
- 31573

Download

1.33.25 - 806093 (February 5, 2024)

Scripts

DBotFindSimilarIncidentsByIndicators

Performance improvements in indicator searching.
Updated the docker image to: demisto/ml:1.0.0.86706.

Related pull requests:
- 32485

Download

1.33.24 - 798475 (February 1, 2024)

Scripts

CreateIndicatorRelationship

Updated the Docker image to: demisto/python3:3.10.13.86272.

CommonServerPython

Fixed an issue in execute_command where the command returns an empty debug-entry when running on XSOAR version 8.x.

GetIndicatorsByQuery

Improved implementation for better performance when using the populateFields argument.
Update the docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32478

Download

1.33.21 - 793334 (January 30, 2024)

Scripts

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32408

Download

1.33.20 - 790023 (January 28, 2024)

Scripts

DBotFindSimilarIncidentsByIndicators

Improved implementation for better performance.
Updated the Docker image to: demisto/ml:1.0.0.86222.

Related pull requests:
- 32171

Download

1.33.19 - 778227 (January 22, 2024)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 32331

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	August 2, 2020
Last Release	January 16, 2025

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.