Base

Details
Content
Dependencies
Version History

The base pack for Cortex XSOAR.

Automations

Name	Description
DBotPredictPhishingWords	Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision.
HighlightWords	Highlight words inside a given text.
DBotFindSimilarIncidents	Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. Note: For the similarity calculation, at least one field must be provided in one of the "similarTextField", "similarCategoricalField", or "similarJsonField" arguments.
DrawRelatedIncidentsCanvas	Draw incidents and indicators on the canvas to map and visualize their connections.
GetMLModelEvaluation	Finds a threshold for ML model, and performs an evaluation based on it.
DBotFindSimilarIncidentsByIndicators	Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity.
DBotShowClusteringModelInfo	Show clustering model information - model summary and incidents in specific cluster.
GetIndicatorsByQuery	Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file.
DBotMLFetchData	Deprecated. No available replacement. Collect telemetry data from the environment.
DBotBuildPhishingClassifier	Create a phishing classifier using machine learning technique, based on email content.
WordTokenizerNLP	Deprecated. Use DBotPreProcessTextData instead.
DeleteIndicatorRelationships	This automation allows to delete a relationship between indicator objects based on the relationship id.
ValidateContent	Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow.
CreateIndicatorRelationship	This automation creates a relationship between indicator objects.
StixParser	Parse STIX files to Cortex XSOAR indicators by clicking the Upload STIX File button.
CommonServerPowerShell	Common code that will be merged into each PowerShell script/integration when it runs.
SaneDocReports	Parse Sane-json-reports and export them as docx files (used internally).
FindSimilarIncidentsByText	Deprecated. Use DBotFindSimilarIncidents instead. Find similar incidents by text comparison - the algorithm based on TF-IDF method. To read more about this method: https://en.wikipedia.org/wiki/Tf%E2%80%93idf This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
GetIncidentsByQuery	Gets a list of incident objects and the associated incident outputs that match the specified query and filters. The results are returned in a structured data file. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
SanePdfReports	Parse Sane-json-reports and export them as pdf files (used internally).
DBotTrainTextClassifierV2	Train a machine learning text classifier.
SearchIndicatorRelationships	This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain.
DBotSuggestClassifierMapping	Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm.
CommonServerPython	Common code that will be merged into each server script when it runs.
CheckDockerImageAvailable	Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error.
CommonServer	Common code that will be merged into each server script when it runs.
DBotPreProcessTextData	Pre-process text data for the machine learning text classifier.
DBotTrainClustering	This script helps organizes and groups incidents based on their similarities using clustering algorithms. Clustering is a technique used to group data points (in this case, incidents) that are similar to each other into clusters. Used to automatically categorize a large number of incidents into meaningful groups.

Dashboards

Name	Description
System Health

Automations

Name	Description
DBotTrainClustering	This script helps organizes and groups incidents based on their similarities using clustering algorithms. Clustering is a technique used to group data points (in this case, incidents) that are similar to each other into clusters. Used to automatically categorize a large number of incidents into meaningful groups.
HighlightWords	Highlight words inside a given text.
CreateIndicatorRelationship	This automation creates a relationship between indicator objects.
SaneDocReports	Parse Sane-json-reports and export them as docx files (used internally).
DBotFindSimilarIncidents	Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. Note: For the similarity calculation, at least one field must be provided in one of the "similarTextField", "similarCategoricalField", or "similarJsonField" arguments.
DBotFindSimilarAlerts	Finds past similar alerts based on alert fields' similarity. Includes an option to also display indicators similarity. Note: For the similarity calculation, at least one field must be provided in one of the "similarTextField", "similarCategoricalField", or "similarJsonField" arguments.
DBotMLFetchData	Deprecated. No available replacement. Collect telemetry data from the environment.
CommonServer	Common code that will be merged into each server script when it runs.
SanePdfReports	Parse Sane-json-reports and export them as pdf files (used internally).
CommonServerPython	Common code that will be merged into each server script when it runs.
CheckDockerImageAvailable	Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error.
DeleteIndicatorRelationships	This automation allows to delete a relationship between indicator objects based on the relationship id.
GetIndicatorsByQuery	Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file.
ValidateContent	Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow.
DBotFindSimilarIncidentsByIndicators	Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity.
DBotFindSimilarAlertsByIndicators	Finds similar alerts based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity.
DBotBuildPhishingClassifier	Create a phishing classifier using machine learning technique, based on email content.
StixParser	Parse STIX files to Cortex indicators by clicking the Upload STIX File button.
SearchIndicatorRelationships	This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain.
FindSimilarIncidentsByText	Deprecated. Use DBotFindSimilarIncidents instead. Find similar incidents by text comparison - the algorithm based on TF-IDF method. To read more about this method: https://en.wikipedia.org/wiki/Tf%E2%80%93idf This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
FindSimilarAlertsByText	Deprecated. Use DBotFindSimilarAlerts instead. Find similar alerts by text comparison - the algorithm based on TF-IDF method. To read more about this method: https://en.wikipedia.org/wiki/Tf%E2%80%93idf This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
DBotPreProcessTextData	Pre-process text data for the machine learning text classifier.
CommonServerPowerShell	Common code that will be merged into each PowerShell script/integration when it runs.
GetMLModelEvaluation	Finds a threshold for ML model, and performs an evaluation based on it.
DBotSuggestClassifierMapping	Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm.
WordTokenizerNLP	Deprecated. Use DBotPreProcessTextData instead.
GetIncidentsByQuery	Gets a list of incident objects and the associated incident outputs that match the specified query and filters. The results are returned in a structured data file. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
GetAlertsByQuery	Gets a list of alert objects and the associated alert outputs that match the specified query and filters. The results are returned in a structured data file. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script

1.41.50 - R6221975 (December 10, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 42149

Download

1.41.49 - 6204767 (December 9, 2025)

Scripts

StixParser

Fixed an issue where the tags field was not extracted for all indicator types when uploading STIX files via the UI.

Related pull requests:
- 42202

Download

1.41.48 - 6187133 (December 8, 2025)

Scripts

CommonServerPython

Updated the Docker image to: demisto/python:2.7.18.6174823.

Related pull requests:
- 42186

Download

1.41.47 - 6112909 (December 3, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 42076

Download

1.41.46 - 6088397 (December 1, 2025)

Scripts

DBotShowClusteringModelInfo

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 42096

Download

1.41.45 - 6062719 (November 30, 2025)

Scripts

ValidateContent

Improved the ValidateContent script to enhance the content validation process.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.6023010.

Related pull requests:
- 42056

Download

1.41.44 - 6046045 (November 27, 2025)

Scripts

CommonServerPython

Limited the size of the indicator context to prevent performance issues with large datasets.

Related pull requests:
- 41934

Download

1.41.43 - 6030142 (November 26, 2025)

Scripts

CommonServerPython

Fixed an issue where the tableToMarkdown function would not correctly display a dictionary that contained a single key with a dictionary as its value.

Related pull requests:
- 42013

Download

1.41.42 - 6012287 (November 25, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script with a time-sensitive command timeout strategy in BaseClient. This strategy enforces a strict execution time limit (default 15 seconds) for commands when the indicator extraction mode is inline by dynamically adjusting API timeouts and disabling retries. For more information, see the indicator extraction modes documentation.

Related pull requests:
- 41930

Download

1.41.41 - 5940029 (November 20, 2025)

Scripts

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.5493431.

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/sklearn:1.0.0.5898415.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/sklearn:1.0.0.5898415.

Related pull requests:
- 41956

Download

1.41.40 - 5917085 (November 18, 2025)

Scripts

StixParser

Fixed an issue where the MitreID field was not preserved when parsing STIX attack patterns.
Updated the Docker image to: demisto/taxii:1.0.0.5187594.

Related pull requests:
- 41898
- 41917
- 41927
- 41917

Download

1.41.39 - 5888286 (November 16, 2025)

Documentation and metadata improvements.

Related pull requests:
- 41659

Download

1.41.38 - R5879558 (November 16, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41805

Download

1.41.37 - 5801457 (November 10, 2025)

Scripts

CommonServerPython

Added a randomized backoff (jitter) for connection retries in the CommonServerPython base client to improve system resilience.

Related pull requests:
- 41857
- 41807
- 41869

Download

1.41.35 - R5785253 (November 9, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41838
- 41766
- 41804
- 41275

Download

1.41.34 - 5717993 (November 3, 2025)

Scripts

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.12.12.5490952.

HighlightWords

Updated the Docker image to: demisto/python3:3.12.12.5490952.

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.12.5490952.

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.12.12.5490952.

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41760

Download

1.41.33 - 5698874 (November 2, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41748

Download

1.41.32 - 5610417 (October 28, 2025)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.5.0.3759715.

Related pull requests:
- 41360

Download

1.41.31 - 5538136 (October 23, 2025)

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41627

Download

1.41.30 - R5499225 (October 21, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41557

Download

1.41.29 - 5392573 (October 15, 2025)

Scripts

CommonServerPython

Add a custom JSONEncoder class that converts datetime objects to ISO 8601 strings.

Related pull requests:
- 41517

Download

1.41.28 - 5320194 (October 9, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41449

Download

1.41.27 - 5281566 (October 5, 2025)

Scripts

CommonServerPython

Fixed an issue with the timestamp parsing logic to prevent errors when microsecond components are missing.

Related pull requests:
- 41384

Download

1.41.26 - 5208238 (September 30, 2025)

Base

Documentation and metadata improvements.

Scripts

CommonServerPython

Updated the CommonServerPython script to support the A++ reliability level.

Related pull requests:
- 41444

Download

1.41.24 - 5080075 (September 25, 2025)

Scripts

CommonServerPython

Fixed an issue where duplicate events were fetched.

Related pull requests:
- 41216

Download

1.41.23 - 5007705 (September 21, 2025)

Changes are not relevant for XSOAR marketplace.

Download

1.41.22 - 4796908 (September 7, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41196

Download

1.41.21 - 4677309 (August 27, 2025)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.4666041.

Related pull requests:
- 41085

Download

1.41.20 - 4669908 (August 27, 2025)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41087

Download

1.41.19 - 4653163 (August 26, 2025)

Scripts

CommonServerPython

Rename the is_ip_internal function to is_ip_address_internal.

Related pull requests:
- 41055

Download

1.41.18 - 4647015 (August 25, 2025)

Scripts

CommonServerPython

Added the is_ip_internal function to check if an IP address is internal.

Related pull requests:
- 41013

Download

1.41.17 - 4583601 (August 20, 2025)

Scripts

CommonServer

Added Informational and Critical values to the scoreToReputation function.

Related pull requests:
- 40720

Download

1.41.16 - 4568132 (August 18, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.

Related pull requests:
- 40978

Download

1.41.15 - 4555709 (August 17, 2025)

Scripts

CommonServerPython

Enhanced the argToBoolean function to support additional boolean string values ('y', 'yes', 't', 'true', 'on', '1' for true; 'n', 'no', 'f', 'false', 'off', '0' for false) to replace the deprecated distutils.util.strtobool function and ensure Python 3.12 compatibility.

Related pull requests:
- 40759

Download

1.41.14 - 4498927 (August 12, 2025)

Scripts

CommonServerPython

Added a context manager for limiting code execution time. This helps prevent commands from being abruptly ended by the server.

Related pull requests:
- 40862

Download

1.41.13 - 4486728 (August 11, 2025)

Documentation and metadata improvements.

Related pull requests:
- 40883

Download

1.41.12 - 4473367 (August 10, 2025)

Scripts

SanePdfReports

Fixed an issue where SLA field appeared missing.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.4439836.

Related pull requests:
- 40866
- 40867

Download

1.41.11 - 4443508 (August 6, 2025)

Scripts

CommonServerPython

Added entry type DEBUG_MODE_FILE to EntryType enum.

Related pull requests:
- 40836

Download

1.41.10 - 4419577 (August 4, 2025)

Scripts

CommonServerPython

Added support for connecting to legacy systems from new docker images by enabling more security options.

Related pull requests:
- 40816

Download

1.41.9 - 4324039 (July 27, 2025)

Scripts

CommonServerPowerShell

Added support for polling.

Related pull requests:
- 39935
- 39734

Download

1.41.8 - 4275053 (July 23, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40648
- 40669
- 40630
- 40667
- 40675
- 40660
- 40383
- 40677
- 40414

Download

1.41.7 - 4239826 (July 21, 2025)

Base

Added Exposure Management and ASM as supported modules.

Related pull requests:
- 40649
- 40555

Download

1.41.6 - 4193314 (July 16, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.

Related pull requests:
- 40615

Download

1.41.5 - 4180042 (July 15, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40581

Download

1.41.4 - 4148802 (July 13, 2025)

Scripts

CommonServerPython

Code functionality improvements.

Related pull requests:
- 38886

Download

1.41.3 - 4130170 (July 10, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40577

Download

1.41.2 - 4126849 (July 10, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 39712
- 40179

Download

1.41.1 - 4121830 (July 10, 2025)

Dashboards

System Health

Documentation and metadata improvements.

Scripts

CommonServerPython

Updated the CommonServerPython script with new commands arg_to_boolean_or_null.
Added the QuickActionPreview which serves as a method to standardize outputs when previewing a ticket.
Added the MirrorObject which serves to standardize outputs for mirrors.

Related pull requests:
- 40523

Download

1.40.0 - 4090197 (July 7, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script to create a wrapper function for executing polling commands in scripts.

Related pull requests:
- 40521

Download

1.39.44 - 4083045 (July 7, 2025)

Scripts

CommonServerPowerShell

Reverted the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 40524
- 40520

Download

1.39.43 - 4077103 (July 6, 2025)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.5.0.3759715.

Related pull requests:
- 40520

Download

1.39.42 - 4049458 (July 3, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.39.41 - 4017734 (June 30, 2025)

Scripts

CommonServerPython

Fixed an issue where the character ~ was not escaped in markdown files.

Related pull requests:
- 40405

Download

1.39.40 - 3960766 (June 24, 2025)

Scripts

CommonServerPython

Fixed an issue where tableToMarkdown failed when the input contained a list of integers.

Related pull requests:
- 40335

Download

1.39.39 - 3849419 (June 18, 2025)

Scripts

DBotShowClusteringModelInfo

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIndicatorRelationships

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DBotBuildPhishingClassifier

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateIndicatorRelationship

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40221

Download

1.39.38 - 3838742 (June 17, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script to support unified platform.

DBotFindSimilarIncidents

Updated the DBotFindSimilarIncidents script to support unified platform.

Related pull requests:
- 40242

Download

1.39.37 - 3752094 (June 11, 2025)

Scripts

ValidateContent

Fixed an issue where MyPy was not running during the pre-commit.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.3457414.

Related pull requests:
- 40126

Download

1.39.36 - 3720941 (June 10, 2025)

Scripts

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/sklearn:1.0.0.3150306.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.3261948.

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.3261948.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/sklearn:1.0.0.3150306.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.3261948.

DBotTrainTextClassifierV2

Breaking changes: Before using this version, make sure to update the Machine Learning pack to the latest version. If the Machine Learning pack is not installed, this message can be safely ignored.

Updated the Docker image to: demisto/ml:1.0.0.3261948.

Related pull requests:
- 38644

Download

1.39.35 - 3693797 (June 8, 2025)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3563585.

Related pull requests:
- 40186

Download

1.39.34 - 3648597 (June 5, 2025)

Scripts

DBotFindSimilarIncidents

Updated the UploadFile script to support alerts & issues.
Updated the Docker image to: demisto/ml:1.0.0.3384489.

Related pull requests:
- 40178

Download

1.39.33 - 3585080 (May 29, 2025)

Scripts

CommonServerPython

Improved documentation for the polling function.

Related pull requests:
- 40102

Download

1.39.32 - 3526238 (May 25, 2025)

Scripts

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

HighlightWords

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39931

Download

1.39.31 - 3490253 (May 21, 2025)

Scripts

CommonServerPython

Fixed an issue where the authorization token was not masked when the token prefix was "LOG", as used in cases like HMAC signature authentication.

Related pull requests:
- 38360

Download

1.39.30 - 3481649 (May 21, 2025)

Scripts

CommonServerPython

log improvement.

Related pull requests:
- 39991

Download

1.39.29 - 3459286 (May 19, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.
Fixed an issue where JSON decode errors weren't properly logged in the set_last_mirror_run function.

Related pull requests:
- 39999

Download

1.39.27 - 3421597 (May 15, 2025)

Scripts

GetIncidentsByQuery

Maintenance and stability enhancements.

DBotFindSimilarIncidentsByIndicators

Maintenance and stability enhancements.

DBotFindSimilarIncidents

Maintenance and stability enhancements.

Related pull requests:
- 39888

Download

1.39.26 - 3403696 (May 14, 2025)

Scripts

StixParser

Updated the Docker image to: demisto/taxii:1.0.0.3151356.

Related pull requests:
- 39851

Download

1.39.25 - R3247809 (April 27, 2025)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 39427

Download

1.39.24 - 3042633 (April 2, 2025)

Scripts

DeleteIndicatorRelationships

Metadata and documentation improvements.

GetIncidentsByQuery

Metadata and documentation improvements.

DBotPredictPhishingWords

Metadata and documentation improvements.

DBotBuildPhishingClassifier

Metadata and documentation improvements.

CreateIndicatorRelationship

Metadata and documentation improvements.

DBotTrainTextClassifierV2

Metadata and documentation improvements.

DBotFindSimilarIncidentsByIndicators

Metadata and documentation improvements.

GetIndicatorsByQuery

Metadata and documentation improvements.

DBotTrainClustering

Metadata and documentation improvements.

StixParser

Metadata and documentation improvements.

ValidateContent

Metadata and documentation improvements.

DrawRelatedIncidentsCanvas

Metadata and documentation improvements.

HighlightWords

Metadata and documentation improvements.

GetMLModelEvaluation

Metadata and documentation improvements.

DBotPreProcessTextData

Metadata and documentation improvements.

DBotShowClusteringModelInfo

Metadata and documentation improvements.

DBotFindSimilarIncidents

Metadata and documentation improvements.

SanePdfReports

Metadata and documentation improvements.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3010215.

SearchIndicatorRelationships

Metadata and documentation improvements.

CheckDockerImageAvailable

Metadata and documentation improvements.

Related pull requests:
- 39349

Download

1.39.22 - R2988287 (March 26, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 38999

Download

1.39.21 - 2564363 (February 26, 2025)

Scripts

CreateIndicatorRelationship

Fixed an issue where the CreateIndicatorRelationship script failed due to long searchIndicators queries, by batching requests.
Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38723

Download

1.39.20 - 2553674 (February 24, 2025)

Scripts

CommonServerPython

Re-added mechanism to disallow sending a single event entry which is over 5MB in send_events_to_xsiam.

Related pull requests:
- 38738

Download

1.39.19 - 2395597 (February 10, 2025)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 38552
- 38543
- 38544
- 38546
- 38547

Download

1.39.18 - R2074399 (January 26, 2025)

Scripts

CommonServerPython

Fixed an issue from the last update.

Related pull requests:
- 38262

Download

1.39.17 - 2025584 (January 20, 2025)

Scripts

CommonServerPython

Added mechanism to disallow sending a single event entry which is over 5MB in send_events_to_xsiam.

Related pull requests:
- 38208

Download

1.39.16 - 2005224 (January 16, 2025)

Scripts

CommonServerPython

Fixed performance issues.

Related pull requests:
- 38203

Download

1.39.15 - 1989294 (January 14, 2025)

Scripts

CommonServerPython

Improved implementation.

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.1902141.

Related pull requests:
- 38052
- 37927

Download

1.39.13 - 1977897 (January 13, 2025)

Scripts

ValidateContent

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release

Related pull requests:
- 38105

Download

1.39.12 - 1953876 (January 9, 2025)

Scripts

CommonServerPython

Logging improvements.

Related pull requests:
- 37901

Download

1.39.11 - 1946497 (January 8, 2025)

Scripts

DBotPreProcessTextData

Documentation and metadata improvements.

Related pull requests:
- 37922

Download

1.39.10 - 1938781 (January 7, 2025)

Scripts

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotTrainTextClassifierV2

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/ml:1.0.0.1870375.

Related pull requests:
- 37950

Download

1.39.9 - 1935630 (January 6, 2025)

Scripts

DBotMLFetchData

Code functionality improvements.

Related pull requests:
- 37472

Download

1.39.8 - 1931958 (January 6, 2025)

Scripts

ValidateContent

Updated the test playbook for ValidateContent script.

Related pull requests:
- 37916

Download

1.39.7 - 1912033 (January 2, 2025)

Scripts

ValidateContent

Updated the script to utilize up-to-date validation logic from demisto-sdk.

Related pull requests:
- 37182

Download

1.39.6 - 1909729 (January 1, 2025)

Scripts

ValidateContent

Code functionality improvements.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.1808549.

Related pull requests:
- 37718

Download

1.39.5 - 1903608 (December 31, 2024)

Scripts

SanePdfReports

Fixed an issue where generating a report with HTML section would fail due to blocked image URLs.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.1899219.

Related pull requests:
- 37878

Download

1.39.4 - 1862748 (December 24, 2024)

Scripts

CommonServerPython

Fixed an issue where send_events_to_xsiam would fail due to timeout issues.

Related pull requests:
- 37804

Download

1.39.3 - 1855875 (December 23, 2024)

Scripts

CommonServerPython

log improvement.

Related pull requests:
- 37677

Download

1.39.2 - 1834150 (December 18, 2024)

Scripts

CommonServerPython

Fixed an issue where the new decorator for debugging purposes failed to retrieve the result file from scripts that timeout.
Added the Tactic indicator object.

FindSimilarIncidentsByText

Documentation and metadata improvements.

GetIncidentsByQuery

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

CreateIndicatorRelationship

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37760

Download

1.38.3 - 1820015 (December 16, 2024)

Scripts

CommonServerPython

Added support for multithreading when using send_events_to_xsiam.

Related pull requests:
- 37599

Download

1.38.2 - 1793696 (December 11, 2024)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.117810.

Related pull requests:
- 37639

Download

1.41.50 - 6216498 (December 10, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 42149

Download

1.41.49 - 6204767 (December 9, 2025)

Scripts

StixParser

Fixed an issue where the tags field was not extracted for all indicator types when uploading STIX files via the UI.

Related pull requests:
- 42202

Download

1.41.48 - 6187133 (December 8, 2025)

Scripts

CommonServerPython

Updated the Docker image to: demisto/python:2.7.18.6174823.

Related pull requests:
- 42186

Download

1.41.47 - 6112909 (December 3, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 42076

Download

1.41.46 - 6088397 (December 1, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 42096

Download

1.41.45 - 6062719 (November 30, 2025)

Scripts

ValidateContent

Improved the ValidateContent script to enhance the content validation process.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.6023010.

Related pull requests:
- 42056

Download

1.41.44 - 6046045 (November 27, 2025)

Scripts

CommonServerPython

Limited the size of the indicator context to prevent performance issues with large datasets.

Related pull requests:
- 41934

Download

1.41.43 - 6030142 (November 26, 2025)

Scripts

CommonServerPython

Fixed an issue where the tableToMarkdown function would not correctly display a dictionary that contained a single key with a dictionary as its value.

Related pull requests:
- 42013

Download

1.41.42 - 6012287 (November 25, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script with a time-sensitive command timeout strategy in BaseClient. This strategy enforces a strict execution time limit (default 15 seconds) for commands when the indicator extraction mode is inline by dynamically adjusting API timeouts and disabling retries. For more information, see the indicator extraction modes documentation.

Related pull requests:
- 41930

Download

1.41.41 - 5940029 (November 20, 2025)

Scripts

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.5493431.

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/sklearn:1.0.0.5898415.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/sklearn:1.0.0.5898415.

Related pull requests:
- 41956

Download

1.41.40 - 5917085 (November 18, 2025)

Scripts

StixParser

Fixed an issue where the MitreID field was not preserved when parsing STIX attack patterns.
Updated the Docker image to: demisto/taxii:1.0.0.5187594.

Related pull requests:
- 41898
- 41917
- 41927
- 41917

Download

1.41.39 - 5888286 (November 16, 2025)

Documentation and metadata improvements.

Related pull requests:
- 41659

Download

1.41.38 - R5879558 (November 16, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41805

Download

1.41.37 - 5801457 (November 10, 2025)

Scripts

CommonServerPython

Added a randomized backoff (jitter) for connection retries in the CommonServerPython base client to improve system resilience.

Related pull requests:
- 41869
- 41807
- 41857

Download

1.41.35 - R5785253 (November 9, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41804
- 41766
- 41275
- 41838

Download

1.41.34 - 5717993 (November 3, 2025)

Scripts

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.12.12.5490952.

HighlightWords

Updated the Docker image to: demisto/python3:3.12.12.5490952.

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.12.5490952.

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.12.12.5490952.

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41760

Download

1.41.33 - 5698874 (November 2, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41748

Download

1.41.32 - 5610417 (October 28, 2025)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.5.0.3759715.

Related pull requests:
- 41360

Download

1.41.31 - 5538136 (October 23, 2025)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41627

Download

1.41.30 - 5423932 (October 17, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41557

Download

1.41.29 - 5392573 (October 15, 2025)

Scripts

CommonServerPython

Add a custom JSONEncoder class that converts datetime objects to ISO 8601 strings.

Related pull requests:
- 41517

Download

1.41.28 - 5320194 (October 9, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41449

Download

1.41.27 - 5281566 (October 5, 2025)

Scripts

CommonServerPython

Fixed an issue with the timestamp parsing logic to prevent errors when microsecond components are missing.

Related pull requests:
- 41384

Download

1.41.26 - 5212533 (October 1, 2025)

Base

Documentation and metadata improvements.

Scripts

CommonServerPython

Updated the CommonServerPython script to support the A++ reliability level.

Related pull requests:
- 41444

Download

1.41.24 - 5080075 (September 25, 2025)

Scripts

CommonServerPython

Fixed an issue where duplicate events were fetched.

Related pull requests:
- 41216

Download

1.41.23 - 5007705 (September 21, 2025)

Changes are not relevant for XSIAM marketplace.

Download

1.41.22 - 4796908 (September 7, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41196

Download

1.41.21 - 4677309 (August 27, 2025)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.4666041.

Related pull requests:
- 41085

Download

1.41.20 - 4669908 (August 27, 2025)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41087

Download

1.41.19 - 4653163 (August 26, 2025)

Scripts

CommonServerPython

Rename the is_ip_internal function to is_ip_address_internal.

Related pull requests:
- 41055

Download

1.41.18 - 4647015 (August 25, 2025)

Scripts

CommonServerPython

Added the is_ip_internal function to check if an IP address is internal.

Related pull requests:
- 41013

Download

1.41.17 - 4583601 (August 20, 2025)

Scripts

CommonServer

Added Informational and Critical values to the scoreToReputation function.

Related pull requests:
- 40720

Download

1.41.16 - 4568132 (August 18, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.

Related pull requests:
- 40978

Download

1.41.15 - 4555709 (August 17, 2025)

Scripts

CommonServerPython

Related pull requests:
- 40759

Download

1.41.14 - 4498927 (August 12, 2025)

Scripts

CommonServerPython

Added a context manager for limiting code execution time. This helps prevent commands from being abruptly ended by the server.

Related pull requests:
- 40862

Download

1.41.13 - 4486728 (August 11, 2025)

Documentation and metadata improvements.

Related pull requests:
- 40883

Download

1.41.12 - 4473367 (August 10, 2025)

Scripts

SanePdfReports

Fixed an issue where SLA field appeared missing.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.4439836.

Related pull requests:
- 40866
- 40867

Download

1.41.11 - 4443508 (August 6, 2025)

Scripts

CommonServerPython

Added entry type DEBUG_MODE_FILE to EntryType enum.

Related pull requests:
- 40836

Download

1.41.10 - 4419577 (August 4, 2025)

Scripts

CommonServerPython

Added support for connecting to legacy systems from new docker images by enabling more security options.

Related pull requests:
- 40816

Download

1.41.9 - 4324039 (July 27, 2025)

Scripts

CommonServerPowerShell

Added support for polling.

Related pull requests:
- 39935
- 39734

Download

1.41.8 - 4275053 (July 23, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40648
- 40669
- 40630
- 40667
- 40675
- 40660
- 40383
- 40677
- 40414

Download

1.41.7 - 4239826 (July 21, 2025)

Base

Added Exposure Management and ASM as supported modules.

Related pull requests:
- 40649
- 40555

Download

1.41.6 - 4193314 (July 16, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.

Related pull requests:
- 40615

Download

1.41.5 - 4180042 (July 15, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40581

Download

1.41.4 - 4148802 (July 13, 2025)

Scripts

CommonServerPython

Code functionality improvements.

Related pull requests:
- 38886

Download

1.41.3 - 4130170 (July 10, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40577

Download

1.41.2 - 4126849 (July 10, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 39712
- 40179

Download

1.41.1 - 4118212 (July 9, 2025)

Scripts

CommonServerPython

Added the QuickActionPreview which serves as a method to standardize outputs when previewing a ticket.
Added the MirrorObject which serves to standardize outputs for mirrors.

Related pull requests:
- 40523

Download

1.40.1 - 4110506 (July 9, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script with new commands arg_to_boolean_or_null.

Related pull requests:
- 39632
- 39514
- 39503
- 39331
- 39517
- 39516
- 39504
- 39239
- 39499
- 39399
- 39507
- 39518
- 39528
- 39534
- 39536
- 39538
- 39412
- 39422
- 39546
- 39547
- 39549
- 39544
- 39557
- 39523
- 39234
- 39262
- 39564
- 39397
- 39252
- 39558
- 39559
- 39567
- 39404
- 40024
- 40103
- 40105
- 39914
- 39973
- 40106
- 40049
- 40104
- 39644
- 40086
- 40120
- 40017
- 40119
- 40113
- 40107
- 39972
- 40118
- 40117
- 40112
- 40048
- 40124
- 40102
- 39324
- 40038
- 40095
- 40132
- 39535
- 40133
- 40153
- 40154
- 40127
- 40028
- 40162
- 40160
- 40157
- 40134
- 40088
- 40166
- 40111
- 40168
- 40169
- 40167
- 40057

Download

1.40.0 - 4090197 (July 7, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script to create a wrapper function for executing polling commands in scripts.

Related pull requests:
- 40521

Download

1.39.44 - 4083045 (July 7, 2025)

Scripts

CommonServerPowerShell

Reverted the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 40524
- 40520

Download

1.39.43 - 4077103 (July 6, 2025)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.5.0.3759715.

Related pull requests:
- 40520

Download

1.39.42 - 4049458 (July 3, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.39.41 - 4017734 (June 30, 2025)

Scripts

CommonServerPython

Fixed an issue where the character ~ was not escaped in markdown files.

Related pull requests:
- 40405

Download

1.39.40 - 3960766 (June 24, 2025)

Scripts

CommonServerPython

Fixed an issue where tableToMarkdown failed when the input contained a list of integers.

Related pull requests:
- 40335

Download

1.39.39 - 3849419 (June 18, 2025)

Scripts

DeleteIndicatorRelationships

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DBotBuildPhishingClassifier

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateIndicatorRelationship

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40221

Download

1.39.38 - 3838742 (June 17, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script to support unified platform.

DBotFindSimilarIncidents

Updated the DBotFindSimilarIncidents script to support unified platform.

Related pull requests:
- 40242

Download

1.39.37 - 3752094 (June 11, 2025)

Scripts

ValidateContent

Fixed an issue where MyPy was not running during the pre-commit.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.3457414.

Related pull requests:
- 40126

Download

1.39.36 - 3720941 (June 10, 2025)

Scripts

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/sklearn:1.0.0.3150306.

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.3261948.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/sklearn:1.0.0.3150306.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.3261948.

Related pull requests:
- 38644

Download

1.39.35 - 3693797 (June 8, 2025)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3563585.

Related pull requests:
- 40186

Download

1.39.34 - 3648597 (June 5, 2025)

Scripts

DBotFindSimilarIncidents

Updated the UploadFile script to support alerts & issues.
Updated the Docker image to: demisto/ml:1.0.0.3384489.

Related pull requests:
- 40178

Download

1.39.33 - 3585080 (May 29, 2025)

Scripts

CommonServerPython

Improved documentation for the polling function.

Related pull requests:
- 40102

Download

1.39.32 - 3526238 (May 25, 2025)

Scripts

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

HighlightWords

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39931

Download

1.39.31 - 3490253 (May 21, 2025)

Scripts

CommonServerPython

Fixed an issue where the authorization token was not masked when the token prefix was "LOG", as used in cases like HMAC signature authentication.

Related pull requests:
- 38360

Download

1.39.30 - 3481649 (May 21, 2025)

Scripts

CommonServerPython

log improvement.

Related pull requests:
- 39991

Download

1.39.29 - 3466353 (May 20, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.
Fixed an issue where JSON decode errors weren't properly logged in the set_last_mirror_run function.

Related pull requests:
- 39999

Download

1.39.27 - 3421597 (May 15, 2025)

Scripts

GetIncidentsByQuery

Maintenance and stability enhancements.

DBotFindSimilarIncidentsByIndicators

Maintenance and stability enhancements.

DBotFindSimilarIncidents

Maintenance and stability enhancements.

Related pull requests:
- 39888

Download

1.39.26 - 3403696 (May 14, 2025)

Scripts

StixParser

Updated the Docker image to: demisto/taxii:1.0.0.3151356.

Related pull requests:
- 39851

Download

1.39.25 - R3247809 (April 27, 2025)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 39427

Download

1.39.24 - 3042633 (April 2, 2025)

Scripts

DeleteIndicatorRelationships

Metadata and documentation improvements.

GetIncidentsByQuery

Metadata and documentation improvements.

DBotBuildPhishingClassifier

Metadata and documentation improvements.

CreateIndicatorRelationship

Metadata and documentation improvements.

DBotFindSimilarIncidentsByIndicators

Metadata and documentation improvements.

GetIndicatorsByQuery

Metadata and documentation improvements.

DBotTrainClustering

Metadata and documentation improvements.

StixParser

Metadata and documentation improvements.

ValidateContent

Metadata and documentation improvements.

HighlightWords

Metadata and documentation improvements.

GetMLModelEvaluation

Metadata and documentation improvements.

DBotPreProcessTextData

Metadata and documentation improvements.

DBotFindSimilarIncidents

Metadata and documentation improvements.

SanePdfReports

Metadata and documentation improvements.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3010215.

SearchIndicatorRelationships

Metadata and documentation improvements.

CheckDockerImageAvailable

Metadata and documentation improvements.

Related pull requests:
- 39349

Download

1.39.22 - R2988287 (March 26, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 38999

Download

1.39.21 - 2564363 (February 26, 2025)

Scripts

CreateIndicatorRelationship

Fixed an issue where the CreateIndicatorRelationship script failed due to long searchIndicators queries, by batching requests.
Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38723

Download

1.39.20 - 2553674 (February 24, 2025)

Scripts

CommonServerPython

Re-added mechanism to disallow sending a single event entry which is over 5MB in send_events_to_xsiam.

Related pull requests:
- 38738

Download

1.39.19 - 2429474 (February 11, 2025)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 38552
- 38543
- 38544
- 38546
- 38547

Download

1.39.18 - R2074399 (January 26, 2025)

Scripts

CommonServerPython

Fixed an issue from the last update.

Related pull requests:
- 38262

Download

1.39.17 - 2025584 (January 20, 2025)

Scripts

CommonServerPython

Added mechanism to disallow sending a single event entry which is over 5MB in send_events_to_xsiam.

Related pull requests:
- 38208

Download

1.39.16 - 2005224 (January 16, 2025)

Scripts

CommonServerPython

Fixed performance issues.

Related pull requests:
- 38203

Download

1.39.15 - 1989294 (January 14, 2025)

Scripts

CommonServerPython

Improved implementation.

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.1902141.

Related pull requests:
- 38052
- 37927

Download

1.39.13 - 1977897 (January 13, 2025)

Scripts

ValidateContent

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release

Related pull requests:
- 38105

Download

1.39.12 - 1953876 (January 9, 2025)

Scripts

CommonServerPython

Logging improvements.

Related pull requests:
- 37901

Download

1.39.11 - 1946497 (January 8, 2025)

Scripts

DBotPreProcessTextData

Documentation and metadata improvements.

Related pull requests:
- 37922

Download

1.39.10 - 1938781 (January 7, 2025)

Scripts

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/ml:1.0.0.1870375.

Related pull requests:
- 37950

Download

1.39.9 - 1935630 (January 6, 2025)

Scripts

DBotMLFetchData

Code functionality improvements.

Related pull requests:
- 37472

Download

1.39.8 - 1931958 (January 6, 2025)

Scripts

ValidateContent

Updated the test playbook for ValidateContent script.

Related pull requests:
- 37916

Download

1.39.7 - 1912033 (January 2, 2025)

Scripts

ValidateContent

Code functionality improvements.
Updated the script to utilize up-to-date validation logic from demisto-sdk.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.1808549.

Related pull requests:
- 37182

Download

1.39.5 - 1900707 (December 31, 2024)

Scripts

SanePdfReports

Fixed an issue where generating a report with HTML section would fail due to blocked image URLs.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.1899219.

Related pull requests:
- 37878

Download

1.39.4 - 1862748 (December 24, 2024)

Scripts

CommonServerPython

Fixed an issue where send_events_to_xsiam would fail due to timeout issues.

Related pull requests:
- 37804

Download

1.39.3 - 1855875 (December 23, 2024)

Scripts

CommonServerPython

log improvement.

Related pull requests:
- 37677

Download

1.39.2 - 1834150 (December 18, 2024)

Scripts

CommonServerPython

Fixed an issue where the new decorator for debugging purposes failed to retrieve the result file from scripts that timeout.
Added the Tactic indicator object.

FindSimilarIncidentsByText

Documentation and metadata improvements.

GetIncidentsByQuery

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

CreateIndicatorRelationship

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37760

Download

1.38.3 - 1820015 (December 16, 2024)

Scripts

CommonServerPython

Added support for multithreading when using send_events_to_xsiam.

Related pull requests:
- 37599

Download

1.38.2 - 1793696 (December 11, 2024)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.117810.

Related pull requests:
- 37639

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	August 2, 2020
Last Release	December 10, 2025

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.