Base

Details
Content
Dependencies
Version History

The base pack for Cortex XSOAR.

Automations

Name	Description
GetMLModelEvaluation	Finds a threshold for ML model, and performs an evaluation based on it.
GetIndicatorsByQuery	Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file.
GetIncidentsByQuery	Gets a list of incident objects and the associated incident outputs that match the specified query and filters. The results are returned in a structured data file. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
CreateIndicatorRelationship	This automation creates a relationship between indicator objects.
DBotPreProcessTextData	Pre-process text data for the machine learning text classifier.
CommonServer	Common code that will be merged into each server script when it runs.
DBotTrainTextClassifierV2	Train a machine learning text classifier.
DBotShowClusteringModelInfo	Show clustering model information - model summary and incidents in specific cluster.
CommonServerPowerShell	Common code that will be merged into each PowerShell script/integration when it runs.
DBotPredictPhishingWords	Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision.
HighlightWords	Highlight words inside a given text.
DBotSuggestClassifierMapping	Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm.
DBotBuildPhishingClassifier	Create a phishing classifier using machine learning technique, based on email content.
ValidateContent	Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow.
DBotTrainClustering	This script helps organizes and groups incidents based on their similarities using clustering algorithms. Clustering is a technique used to group data points (in this case, incidents) that are similar to each other into clusters. Used to automatically categorize a large number of incidents into meaningful groups.
DBotMLFetchData	Deprecated. No available replacement. Collect telemetry data from the environment.
FindSimilarIncidentsByText	Deprecated. Use DBotFindSimilarIncidents instead. Find similar incidents by text comparison - the algorithm based on TF-IDF method. To read more about this method: https://en.wikipedia.org/wiki/Tf%E2%80%93idf This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
SaneDocReports	Parse Sane-json-reports and export them as docx files (used internally).
WordTokenizerNLP	Deprecated. Use DBotPreProcessTextData instead.
StixParser	Parse STIX files to Cortex XSOAR indicators by clicking the Upload STIX File button.
CommonServerPython	Common code that will be merged into each server script when it runs.
SearchIndicatorRelationships	This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain.
DBotFindSimilarIncidents	Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. Note: For the similarity calculation, at least one field must be provided in one of the "similarTextField", "similarCategoricalField", or "similarJsonField" arguments.
CheckDockerImageAvailable	Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error.
DBotFindSimilarIncidentsByIndicators	Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity.
DrawRelatedIncidentsCanvas	Draw incidents and indicators on the canvas to map and visualize their connections.
DeleteIndicatorRelationships	This automation allows to delete a relationship between indicator objects based on the relationship id.
SanePdfReports	Parse Sane-json-reports and export them as pdf files (used internally).

Dashboards

Name	Description
System Health

Automations

Name	Description
CommonServer	Common code that will be merged into each server script when it runs.
SearchIndicatorRelationships	This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain.
HighlightWords	Highlight words inside a given text.
SaneDocReports	Parse Sane-json-reports and export them as docx files (used internally).
GetIncidentsByQuery	Gets a list of incident objects and the associated incident outputs that match the specified query and filters. The results are returned in a structured data file. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
GetAlertsByQuery	Gets a list of alert objects and the associated alert outputs that match the specified query and filters. The results are returned in a structured data file. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
DBotBuildPhishingClassifier	Create a phishing classifier using machine learning technique, based on email content.
DBotFindSimilarIncidents	Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. Note: For the similarity calculation, at least one field must be provided in one of the "similarTextField", "similarCategoricalField", or "similarJsonField" arguments.
DBotFindSimilarAlerts	Finds past similar alerts based on alert fields' similarity. Includes an option to also display indicators similarity. Note: For the similarity calculation, at least one field must be provided in one of the "similarTextField", "similarCategoricalField", or "similarJsonField" arguments.
GetMLModelEvaluation	Finds a threshold for ML model, and performs an evaluation based on it.
SanePdfReports	Parse Sane-json-reports and export them as pdf files (used internally).
ValidateContent	Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow.
DBotPreProcessTextData	Pre-process text data for the machine learning text classifier.
CheckDockerImageAvailable	Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error.
GetIndicatorsByQuery	Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file.
CommonServerPowerShell	Common code that will be merged into each PowerShell script/integration when it runs.
DeleteIndicatorRelationships	This automation allows to delete a relationship between indicator objects based on the relationship id.
CommonServerPython	Common code that will be merged into each server script when it runs.
DBotMLFetchData	Deprecated. No available replacement. Collect telemetry data from the environment.
CreateIndicatorRelationship	This automation creates a relationship between indicator objects.
FindSimilarIncidentsByText	Deprecated. Use DBotFindSimilarIncidents instead. Find similar incidents by text comparison - the algorithm based on TF-IDF method. To read more about this method: https://en.wikipedia.org/wiki/Tf%E2%80%93idf This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
FindSimilarAlertsByText	Deprecated. Use DBotFindSimilarAlerts instead. Find similar alerts by text comparison - the algorithm based on TF-IDF method. To read more about this method: https://en.wikipedia.org/wiki/Tf%E2%80%93idf This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
DBotFindSimilarIncidentsByIndicators	Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity.
DBotFindSimilarAlertsByIndicators	Finds similar alerts based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity.
WordTokenizerNLP	Deprecated. Use DBotPreProcessTextData instead.
DBotTrainClustering	This script helps organizes and groups incidents based on their similarities using clustering algorithms. Clustering is a technique used to group data points (in this case, incidents) that are similar to each other into clusters. Used to automatically categorize a large number of incidents into meaningful groups.
DBotSuggestClassifierMapping	Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm.
StixParser	Parse STIX files to Cortex indicators by clicking the Upload STIX File button.

1.41.30 - R5499225 (October 21, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41557

Download

1.41.29 - 5392573 (October 15, 2025)

Scripts

CommonServerPython

Add a custom JSONEncoder class that converts datetime objects to ISO 8601 strings.

Related pull requests:
- 41517

Download

1.41.28 - 5320194 (October 9, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41449

Download

1.41.27 - 5281566 (October 5, 2025)

Scripts

CommonServerPython

Fixed an issue with the timestamp parsing logic to prevent errors when microsecond components are missing.

Related pull requests:
- 41384

Download

1.41.26 - 5208238 (September 30, 2025)

Documentation and metadata improvements.

Scripts

CommonServerPython

Updated the CommonServerPython script to support the A++ reliability level.

Related pull requests:
- 41444

Download

1.41.24 - 5080075 (September 25, 2025)

Scripts

CommonServerPython

Fixed an issue where duplicate events were fetched.

Related pull requests:
- 41216

Download

1.41.23 - 5007705 (September 21, 2025)

Changes are not relevant for XSOAR marketplace.

Download

1.41.22 - 4796908 (September 7, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41196

Download

1.41.21 - 4677309 (August 27, 2025)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.4666041.

Related pull requests:
- 41085

Download

1.41.20 - 4669908 (August 27, 2025)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41087

Download

1.41.19 - 4653163 (August 26, 2025)

Scripts

CommonServerPython

Rename the is_ip_internal function to is_ip_address_internal.

Related pull requests:
- 41055

Download

1.41.18 - 4647015 (August 25, 2025)

Scripts

CommonServerPython

Added the is_ip_internal function to check if an IP address is internal.

Related pull requests:
- 41013

Download

1.41.17 - 4583601 (August 20, 2025)

Scripts

CommonServer

Added Informational and Critical values to the scoreToReputation function.

Related pull requests:
- 40720

Download

1.41.16 - 4568132 (August 18, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.

Related pull requests:
- 40978

Download

1.41.15 - 4555709 (August 17, 2025)

Scripts

CommonServerPython

Enhanced the argToBoolean function to support additional boolean string values ('y', 'yes', 't', 'true', 'on', '1' for true; 'n', 'no', 'f', 'false', 'off', '0' for false) to replace the deprecated distutils.util.strtobool function and ensure Python 3.12 compatibility.

Related pull requests:
- 40759

Download

1.41.14 - 4498927 (August 12, 2025)

Scripts

CommonServerPython

Added a context manager for limiting code execution time. This helps prevent commands from being abruptly ended by the server.

Related pull requests:
- 40862

Download

1.41.13 - 4486728 (August 11, 2025)

Documentation and metadata improvements.

Related pull requests:
- 40883

Download

1.41.12 - 4473367 (August 10, 2025)

Scripts

SanePdfReports

Fixed an issue where SLA field appeared missing.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.4439836.

Related pull requests:
- 40866
- 40867

Download

1.41.11 - 4443508 (August 6, 2025)

Scripts

CommonServerPython

Added entry type DEBUG_MODE_FILE to EntryType enum.

Related pull requests:
- 40836

Download

1.41.10 - 4419577 (August 4, 2025)

Scripts

CommonServerPython

Added support for connecting to legacy systems from new docker images by enabling more security options.

Related pull requests:
- 40816

Download

1.41.9 - 4324039 (July 27, 2025)

Scripts

CommonServerPowerShell

Added support for polling.

Related pull requests:
- 39935
- 39734

Download

1.41.8 - 4275053 (July 23, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40648
- 40669
- 40630
- 40667
- 40675
- 40660
- 40383
- 40677
- 40414

Download

1.41.7 - 4239826 (July 21, 2025)

Base

Added Exposure Management and ASM as supported modules.

Related pull requests:
- 40649
- 40555

Download

1.41.6 - 4193314 (July 16, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.

Related pull requests:
- 40615

Download

1.41.5 - 4180042 (July 15, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40581

Download

1.41.4 - 4148802 (July 13, 2025)

Scripts

CommonServerPython

Code functionality improvements.

Related pull requests:
- 38886

Download

1.41.3 - 4130170 (July 10, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40577

Download

1.41.2 - 4126849 (July 10, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 39712
- 40179

Download

1.41.1 - 4121830 (July 10, 2025)

Dashboards

System Health

Documentation and metadata improvements.

Scripts

CommonServerPython

Updated the CommonServerPython script with new commands arg_to_boolean_or_null.
Added the QuickActionPreview which serves as a method to standardize outputs when previewing a ticket.
Added the MirrorObject which serves to standardize outputs for mirrors.

Related pull requests:
- 40523

Download

1.40.0 - 4090197 (July 7, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script to create a wrapper function for executing polling commands in scripts.

Related pull requests:
- 40521

Download

1.39.44 - 4083045 (July 7, 2025)

Scripts

CommonServerPowerShell

Reverted the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 40524
- 40520

Download

1.39.43 - 4077103 (July 6, 2025)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.5.0.3759715.

Related pull requests:
- 40520

Download

1.39.42 - 4049458 (July 3, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.39.41 - 4017734 (June 30, 2025)

Scripts

CommonServerPython

Fixed an issue where the character ~ was not escaped in markdown files.

Related pull requests:
- 40405

Download

1.39.40 - 3960766 (June 24, 2025)

Scripts

CommonServerPython

Fixed an issue where tableToMarkdown failed when the input contained a list of integers.

Related pull requests:
- 40335

Download

1.39.39 - 3849419 (June 18, 2025)

Scripts

DBotShowClusteringModelInfo

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIndicatorRelationships

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DBotBuildPhishingClassifier

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateIndicatorRelationship

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40221

Download

1.39.38 - 3838742 (June 17, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script to support unified platform.

DBotFindSimilarIncidents

Updated the DBotFindSimilarIncidents script to support unified platform.

Related pull requests:
- 40242

Download

1.39.37 - 3752094 (June 11, 2025)

Scripts

ValidateContent

Fixed an issue where MyPy was not running during the pre-commit.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.3457414.

Related pull requests:
- 40126

Download

1.39.36 - 3720941 (June 10, 2025)

Scripts

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/sklearn:1.0.0.3150306.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.3261948.

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.3261948.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/sklearn:1.0.0.3150306.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.3261948.

DBotTrainTextClassifierV2

Breaking changes: Before using this version, make sure to update the Machine Learning pack to the latest version. If the Machine Learning pack is not installed, this message can be safely ignored.

Updated the Docker image to: demisto/ml:1.0.0.3261948.

Related pull requests:
- 38644

Download

1.39.35 - 3693797 (June 8, 2025)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3563585.

Related pull requests:
- 40186

Download

1.39.34 - 3648597 (June 5, 2025)

Scripts

DBotFindSimilarIncidents

Updated the UploadFile script to support alerts & issues.
Updated the Docker image to: demisto/ml:1.0.0.3384489.

Related pull requests:
- 40178

Download

1.39.33 - 3585080 (May 29, 2025)

Scripts

CommonServerPython

Improved documentation for the polling function.

Related pull requests:
- 40102

Download

1.39.32 - 3526238 (May 25, 2025)

Scripts

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

HighlightWords

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39931

Download

1.39.31 - 3490253 (May 21, 2025)

Scripts

CommonServerPython

Fixed an issue where the authorization token was not masked when the token prefix was "LOG", as used in cases like HMAC signature authentication.

Related pull requests:
- 38360

Download

1.39.30 - 3481649 (May 21, 2025)

Scripts

CommonServerPython

log improvement.

Related pull requests:
- 39991

Download

1.39.29 - 3459286 (May 19, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.
Fixed an issue where JSON decode errors weren't properly logged in the set_last_mirror_run function.

Related pull requests:
- 39999

Download

1.39.27 - 3421597 (May 15, 2025)

Scripts

GetIncidentsByQuery

Maintenance and stability enhancements.

DBotFindSimilarIncidentsByIndicators

Maintenance and stability enhancements.

DBotFindSimilarIncidents

Maintenance and stability enhancements.

Related pull requests:
- 39888

Download

1.39.26 - 3403696 (May 14, 2025)

Scripts

StixParser

Updated the Docker image to: demisto/taxii:1.0.0.3151356.

Related pull requests:
- 39851

Download

1.39.25 - R3247809 (April 27, 2025)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 39427

Download

1.39.24 - 3042633 (April 2, 2025)

Scripts

DeleteIndicatorRelationships

Metadata and documentation improvements.

GetIncidentsByQuery

Metadata and documentation improvements.

DBotPredictPhishingWords

Metadata and documentation improvements.

DBotBuildPhishingClassifier

Metadata and documentation improvements.

CreateIndicatorRelationship

Metadata and documentation improvements.

DBotTrainTextClassifierV2

Metadata and documentation improvements.

DBotFindSimilarIncidentsByIndicators

Metadata and documentation improvements.

GetIndicatorsByQuery

Metadata and documentation improvements.

DBotTrainClustering

Metadata and documentation improvements.

StixParser

Metadata and documentation improvements.

ValidateContent

Metadata and documentation improvements.

DrawRelatedIncidentsCanvas

Metadata and documentation improvements.

HighlightWords

Metadata and documentation improvements.

GetMLModelEvaluation

Metadata and documentation improvements.

DBotPreProcessTextData

Metadata and documentation improvements.

DBotShowClusteringModelInfo

Metadata and documentation improvements.

DBotFindSimilarIncidents

Metadata and documentation improvements.

SanePdfReports

Metadata and documentation improvements.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3010215.

SearchIndicatorRelationships

Metadata and documentation improvements.

CheckDockerImageAvailable

Metadata and documentation improvements.

Related pull requests:
- 39349

Download

1.39.22 - R2988287 (March 26, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 38999

Download

1.39.21 - 2564363 (February 26, 2025)

Scripts

CreateIndicatorRelationship

Fixed an issue where the CreateIndicatorRelationship script failed due to long searchIndicators queries, by batching requests.
Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38723

Download

1.39.20 - 2553674 (February 24, 2025)

Scripts

CommonServerPython

Re-added mechanism to disallow sending a single event entry which is over 5MB in send_events_to_xsiam.

Related pull requests:
- 38738

Download

1.39.19 - 2395597 (February 10, 2025)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 38552
- 38543
- 38544
- 38546
- 38547

Download

1.39.18 - R2074399 (January 26, 2025)

Scripts

CommonServerPython

Fixed an issue from the last update.

Related pull requests:
- 38262

Download

1.39.17 - 2025584 (January 20, 2025)

Scripts

CommonServerPython

Added mechanism to disallow sending a single event entry which is over 5MB in send_events_to_xsiam.

Related pull requests:
- 38208

Download

1.39.16 - 2005224 (January 16, 2025)

Scripts

CommonServerPython

Fixed performance issues.

Related pull requests:
- 38203

Download

1.39.15 - 1989294 (January 14, 2025)

Scripts

CommonServerPython

Improved implementation.

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.1902141.

Related pull requests:
- 38052
- 37927

Download

1.39.13 - 1977897 (January 13, 2025)

Scripts

ValidateContent

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release

Related pull requests:
- 38105

Download

1.39.12 - 1953876 (January 9, 2025)

Scripts

CommonServerPython

Logging improvements.

Related pull requests:
- 37901

Download

1.39.11 - 1946497 (January 8, 2025)

Scripts

DBotPreProcessTextData

Documentation and metadata improvements.

Related pull requests:
- 37922

Download

1.39.10 - 1938781 (January 7, 2025)

Scripts

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotTrainTextClassifierV2

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/ml:1.0.0.1870375.

Related pull requests:
- 37950

Download

1.39.9 - 1935630 (January 6, 2025)

Scripts

DBotMLFetchData

Code functionality improvements.

Related pull requests:
- 37472

Download

1.39.8 - 1931958 (January 6, 2025)

Scripts

ValidateContent

Updated the test playbook for ValidateContent script.

Related pull requests:
- 37916

Download

1.39.7 - 1912033 (January 2, 2025)

Scripts

ValidateContent

Updated the script to utilize up-to-date validation logic from demisto-sdk.

Related pull requests:
- 37182

Download

1.39.6 - 1909729 (January 1, 2025)

Scripts

ValidateContent

Code functionality improvements.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.1808549.

Related pull requests:
- 37718

Download

1.39.5 - 1903608 (December 31, 2024)

Scripts

SanePdfReports

Fixed an issue where generating a report with HTML section would fail due to blocked image URLs.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.1899219.

Related pull requests:
- 37878

Download

1.39.4 - 1862748 (December 24, 2024)

Scripts

CommonServerPython

Fixed an issue where send_events_to_xsiam would fail due to timeout issues.

Related pull requests:
- 37804

Download

1.39.3 - 1855875 (December 23, 2024)

Scripts

CommonServerPython

log improvement.

Related pull requests:
- 37677

Download

1.39.2 - 1834150 (December 18, 2024)

Scripts

CommonServerPython

Fixed an issue where the new decorator for debugging purposes failed to retrieve the result file from scripts that timeout.
Added the Tactic indicator object.

FindSimilarIncidentsByText

Documentation and metadata improvements.

GetIncidentsByQuery

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

CreateIndicatorRelationship

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37760

Download

1.38.3 - 1820015 (December 16, 2024)

Scripts

CommonServerPython

Added support for multithreading when using send_events_to_xsiam.

Related pull requests:
- 37599

Download

1.38.2 - 1793696 (December 11, 2024)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.117810.

Related pull requests:
- 37639

Download

1.38.1 - 1773546 (December 8, 2024)

Scripts

CommonServerPython

Added a new decorator for debugging purposes, allowing users to profile code execution time and performance.

Related pull requests:
- 37440

Download

1.38.0 - 1745299 (December 3, 2024)

Scripts

CommonServerPython

Updated the IP class to return an IPv6 indicator based on the provided ip_type.

Related pull requests:
- 37411

Download

1.37.0 - 1741355 (December 3, 2024)

Scripts

CommonServerPython

Added the is_integration_instance_running_on_engine function which determines whether the current integration instance
runs on an xsoar engine.
Added the get_engine_base_url function which gets an engine ID and returns its base URL.
Reverted the logging changes in the Demisto class merthods.

Related pull requests:
- 37538

Download

1.36.1 - 1738579 (December 2, 2024)

Scripts

DrawRelatedIncidentsCanvas

Updated the Docker image to: demisto/sklearn:1.0.0.117326.

Related pull requests:
- 37425
- 37421
- 37419
- 37422
- 37418
- 37420

Download

1.36.0 - 1731907 (December 1, 2024)

Scripts

CommonServerPython

Logging improvements for the Demisto class methods.

Related pull requests:
- 37212

Download

1.35.6 - 1727922 (December 1, 2024)

Scripts

CommonServerPython

Added support for decoding to binary base 64 provided strings with no padding, to avoid "Incorrect padding" error.

Related pull requests:
- 37418
- 37340
- 37425
- 37419
- 37421
- 37420
- 37422

Download

1.35.5 - 1679416 (November 20, 2024)

Scripts

StixParser

Updated the Docker image to: demisto/taxii:1.0.0.116749.

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.117145.

Related pull requests:
- 37298
- 37292
- 37293
- 37294

Download

1.35.4 - 1673120 (November 19, 2024)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.4.6.116823.

Related pull requests:
- 37287
- 37283

Download

1.35.3 - 1669335 (November 19, 2024)

Scripts

CommonServerPython

Added an option to the Account entity to receive custom fields.

Related pull requests:
- 37248

Download

1.35.2 - 1666862 (November 18, 2024)

Scripts

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.105874.

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotTrainTextClassifierV2

Updated the Docker image to: demisto/ml:1.0.0.105874.

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.4.2.103657.

Related pull requests:
- 37214
- 37193

Download

1.35.0 - 1663384 (November 18, 2024)

Scripts

CommonServerPython

Added new fields to Common.File, Common.URL, Common.Domain, Common.IP indicator classes:

organization_prevalence
globally_prevalence
organization_first_seen
organization_last_seen
first_seen_by_source
last_seen_by_source

Related pull requests:
- 37022

Download

1.34.47 - 1647729 (November 14, 2024)

Scripts

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.11.10.115186.

HighlightWords

Updated the Docker image to: demisto/python3:3.11.10.115186.

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

1.34.46 - 1624996 (November 11, 2024)

Scripts

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.112949.

DBotTrainTextClassifierV2

Updated the Docker image to: demisto/ml:1.0.0.112949.

DBotPredictPhishingWords

Updated the Docker image to: demisto/ml:1.0.0.112949.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.112949.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.112949.

Related pull requests:
- 37162
- 37154

Download

1.34.45 - 1615839 (November 10, 2024)

Scripts

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.115559.

Related pull requests:
- 37115
- 37109

Download

1.34.44 - 1609112 (November 7, 2024)

Scripts

DBotFindSimilarIncidentsByIndicators

Fixed an issue where the script would fail to run if the fieldsIncidentToDisplay argument received an unpopulated field in the incidents.
Updated the Docker image to: demisto/ml:1.0.0.112949.

Related pull requests:
- 37116

Download

1.34.43 - 1602991 (November 6, 2024)

Scripts

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.11.10.113941.

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.11.10.113941.

CreateIndicatorRelationship

Updated the Docker image to: demisto/python3:3.11.10.113941.

DBotShowClusteringModelInfo

Updated the Docker image to: demisto/python3:3.11.10.113941.

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.11.10.113941.

DeleteIndicatorRelationships

Updated the Docker image to: demisto/python3:3.11.10.113941.

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.11.10.113941.

DBotBuildPhishingClassifier

Updated the Docker image to: demisto/python3:3.11.10.113941.

HighlightWords

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

1.34.42 - 1569341 (October 30, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 36816

Download

1.41.30 - 5423932 (October 17, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41557

Download

1.41.29 - 5392573 (October 15, 2025)

Scripts

CommonServerPython

Add a custom JSONEncoder class that converts datetime objects to ISO 8601 strings.

Related pull requests:
- 41517

Download

1.41.28 - 5320194 (October 9, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41449

Download

1.41.27 - 5281566 (October 5, 2025)

Scripts

CommonServerPython

Fixed an issue with the timestamp parsing logic to prevent errors when microsecond components are missing.

Related pull requests:
- 41384

Download

1.41.26 - 5212533 (October 1, 2025)

Base

Documentation and metadata improvements.

Scripts

CommonServerPython

Updated the CommonServerPython script to support the A++ reliability level.

Related pull requests:
- 41444

Download

1.41.24 - 5080075 (September 25, 2025)

Scripts

CommonServerPython

Fixed an issue where duplicate events were fetched.

Related pull requests:
- 41216

Download

1.41.23 - 5007705 (September 21, 2025)

Changes are not relevant for XSIAM marketplace.

Download

1.41.22 - 4796908 (September 7, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41196

Download

1.41.21 - 4677309 (August 27, 2025)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.4666041.

Related pull requests:
- 41085

Download

1.41.20 - 4669908 (August 27, 2025)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41087

Download

1.41.19 - 4653163 (August 26, 2025)

Scripts

CommonServerPython

Rename the is_ip_internal function to is_ip_address_internal.

Related pull requests:
- 41055

Download

1.41.18 - 4647015 (August 25, 2025)

Scripts

CommonServerPython

Added the is_ip_internal function to check if an IP address is internal.

Related pull requests:
- 41013

Download

1.41.17 - 4583601 (August 20, 2025)

Scripts

CommonServer

Added Informational and Critical values to the scoreToReputation function.

Related pull requests:
- 40720

Download

1.41.16 - 4568132 (August 18, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.

Related pull requests:
- 40978

Download

1.41.15 - 4555709 (August 17, 2025)

Scripts

CommonServerPython

Related pull requests:
- 40759

Download

1.41.14 - 4498927 (August 12, 2025)

Scripts

CommonServerPython

Added a context manager for limiting code execution time. This helps prevent commands from being abruptly ended by the server.

Related pull requests:
- 40862

Download

1.41.13 - 4486728 (August 11, 2025)

Documentation and metadata improvements.

Related pull requests:
- 40883

Download

1.41.12 - 4473367 (August 10, 2025)

Scripts

SanePdfReports

Fixed an issue where SLA field appeared missing.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.4439836.

Related pull requests:
- 40866
- 40867

Download

1.41.11 - 4443508 (August 6, 2025)

Scripts

CommonServerPython

Added entry type DEBUG_MODE_FILE to EntryType enum.

Related pull requests:
- 40836

Download

1.41.10 - 4419577 (August 4, 2025)

Scripts

CommonServerPython

Added support for connecting to legacy systems from new docker images by enabling more security options.

Related pull requests:
- 40816

Download

1.41.9 - 4324039 (July 27, 2025)

Scripts

CommonServerPowerShell

Added support for polling.

Related pull requests:
- 39935
- 39734

Download

1.41.8 - 4275053 (July 23, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40648
- 40669
- 40630
- 40667
- 40675
- 40660
- 40383
- 40677
- 40414

Download

1.41.7 - 4239826 (July 21, 2025)

Base

Added Exposure Management and ASM as supported modules.

Related pull requests:
- 40649
- 40555

Download

1.41.6 - 4193314 (July 16, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.

Related pull requests:
- 40615

Download

1.41.5 - 4180042 (July 15, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40581

Download

1.41.4 - 4148802 (July 13, 2025)

Scripts

CommonServerPython

Code functionality improvements.

Related pull requests:
- 38886

Download

1.41.3 - 4130170 (July 10, 2025)

Base

Documentation and Metadata improvements.

Related pull requests:
- 40577

Download

1.41.2 - 4126849 (July 10, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 39712
- 40179

Download

1.41.1 - 4118212 (July 9, 2025)

Scripts

CommonServerPython

Added the QuickActionPreview which serves as a method to standardize outputs when previewing a ticket.
Added the MirrorObject which serves to standardize outputs for mirrors.

Related pull requests:
- 40523

Download

1.40.1 - 4110506 (July 9, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script with new commands arg_to_boolean_or_null.

Related pull requests:
- 39632
- 39514
- 39503
- 39331
- 39517
- 39516
- 39504
- 39239
- 39499
- 39399
- 39507
- 39518
- 39528
- 39534
- 39536
- 39538
- 39412
- 39422
- 39546
- 39547
- 39549
- 39544
- 39557
- 39523
- 39234
- 39262
- 39564
- 39397
- 39252
- 39558
- 39559
- 39567
- 39404
- 40024
- 40103
- 40105
- 39914
- 39973
- 40106
- 40049
- 40104
- 39644
- 40086
- 40120
- 40017
- 40119
- 40113
- 40107
- 39972
- 40118
- 40117
- 40112
- 40048
- 40124
- 40102
- 39324
- 40038
- 40095
- 40132
- 39535
- 40133
- 40153
- 40154
- 40127
- 40028
- 40162
- 40160
- 40157
- 40134
- 40088
- 40166
- 40111
- 40168
- 40169
- 40167
- 40057

Download

1.40.0 - 4090197 (July 7, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script to create a wrapper function for executing polling commands in scripts.

Related pull requests:
- 40521

Download

1.39.44 - 4083045 (July 7, 2025)

Scripts

CommonServerPowerShell

Reverted the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 40524
- 40520

Download

1.39.43 - 4077103 (July 6, 2025)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.5.0.3759715.

Related pull requests:
- 40520

Download

1.39.42 - 4049458 (July 3, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.39.41 - 4017734 (June 30, 2025)

Scripts

CommonServerPython

Fixed an issue where the character ~ was not escaped in markdown files.

Related pull requests:
- 40405

Download

1.39.40 - 3960766 (June 24, 2025)

Scripts

CommonServerPython

Fixed an issue where tableToMarkdown failed when the input contained a list of integers.

Related pull requests:
- 40335

Download

1.39.39 - 3849419 (June 18, 2025)

Scripts

DeleteIndicatorRelationships

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DBotBuildPhishingClassifier

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateIndicatorRelationship

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40221

Download

1.39.38 - 3838742 (June 17, 2025)

Scripts

CommonServerPython

Updated the CommonServerPython script to support unified platform.

DBotFindSimilarIncidents

Updated the DBotFindSimilarIncidents script to support unified platform.

Related pull requests:
- 40242

Download

1.39.37 - 3752094 (June 11, 2025)

Scripts

ValidateContent

Fixed an issue where MyPy was not running during the pre-commit.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.3457414.

Related pull requests:
- 40126

Download

1.39.36 - 3720941 (June 10, 2025)

Scripts

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/sklearn:1.0.0.3150306.

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.3261948.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/sklearn:1.0.0.3150306.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.3261948.

Related pull requests:
- 38644

Download

1.39.35 - 3693797 (June 8, 2025)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3563585.

Related pull requests:
- 40186

Download

1.39.34 - 3648597 (June 5, 2025)

Scripts

DBotFindSimilarIncidents

Updated the UploadFile script to support alerts & issues.
Updated the Docker image to: demisto/ml:1.0.0.3384489.

Related pull requests:
- 40178

Download

1.39.33 - 3585080 (May 29, 2025)

Scripts

CommonServerPython

Improved documentation for the polling function.

Related pull requests:
- 40102

Download

1.39.32 - 3526238 (May 25, 2025)

Scripts

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

HighlightWords

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39931

Download

1.39.31 - 3490253 (May 21, 2025)

Scripts

CommonServerPython

Fixed an issue where the authorization token was not masked when the token prefix was "LOG", as used in cases like HMAC signature authentication.

Related pull requests:
- 38360

Download

1.39.30 - 3481649 (May 21, 2025)

Scripts

CommonServerPython

log improvement.

Related pull requests:
- 39991

Download

1.39.29 - 3466353 (May 20, 2025)

Scripts

CommonServerPython

Documentation and metadata improvements.
Fixed an issue where JSON decode errors weren't properly logged in the set_last_mirror_run function.

Related pull requests:
- 39999

Download

1.39.27 - 3421597 (May 15, 2025)

Scripts

GetIncidentsByQuery

Maintenance and stability enhancements.

DBotFindSimilarIncidentsByIndicators

Maintenance and stability enhancements.

DBotFindSimilarIncidents

Maintenance and stability enhancements.

Related pull requests:
- 39888

Download

1.39.26 - 3403696 (May 14, 2025)

Scripts

StixParser

Updated the Docker image to: demisto/taxii:1.0.0.3151356.

Related pull requests:
- 39851

Download

1.39.25 - R3247809 (April 27, 2025)

Base

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 39427

Download

1.39.24 - 3042633 (April 2, 2025)

Scripts

DeleteIndicatorRelationships

Metadata and documentation improvements.

GetIncidentsByQuery

Metadata and documentation improvements.

DBotBuildPhishingClassifier

Metadata and documentation improvements.

CreateIndicatorRelationship

Metadata and documentation improvements.

DBotFindSimilarIncidentsByIndicators

Metadata and documentation improvements.

GetIndicatorsByQuery

Metadata and documentation improvements.

DBotTrainClustering

Metadata and documentation improvements.

StixParser

Metadata and documentation improvements.

ValidateContent

Metadata and documentation improvements.

HighlightWords

Metadata and documentation improvements.

GetMLModelEvaluation

Metadata and documentation improvements.

DBotPreProcessTextData

Metadata and documentation improvements.

DBotFindSimilarIncidents

Metadata and documentation improvements.

SanePdfReports

Metadata and documentation improvements.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3010215.

SearchIndicatorRelationships

Metadata and documentation improvements.

CheckDockerImageAvailable

Metadata and documentation improvements.

Related pull requests:
- 39349

Download

1.39.22 - R2988287 (March 26, 2025)

Base

Documentation and metadata improvements.

Related pull requests:
- 38999

Download

1.39.21 - 2564363 (February 26, 2025)

Scripts

CreateIndicatorRelationship

Fixed an issue where the CreateIndicatorRelationship script failed due to long searchIndicators queries, by batching requests.
Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38723

Download

1.39.20 - 2553674 (February 24, 2025)

Scripts

CommonServerPython

Re-added mechanism to disallow sending a single event entry which is over 5MB in send_events_to_xsiam.

Related pull requests:
- 38738

Download

1.39.19 - 2429474 (February 11, 2025)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 38552
- 38543
- 38544
- 38546
- 38547

Download

1.39.18 - R2074399 (January 26, 2025)

Scripts

CommonServerPython

Fixed an issue from the last update.

Related pull requests:
- 38262

Download

1.39.17 - 2025584 (January 20, 2025)

Scripts

CommonServerPython

Added mechanism to disallow sending a single event entry which is over 5MB in send_events_to_xsiam.

Related pull requests:
- 38208

Download

1.39.16 - 2005224 (January 16, 2025)

Scripts

CommonServerPython

Fixed performance issues.

Related pull requests:
- 38203

Download

1.39.15 - 1989294 (January 14, 2025)

Scripts

CommonServerPython

Improved implementation.

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.1902141.

Related pull requests:
- 38052
- 37927

Download

1.39.13 - 1977897 (January 13, 2025)

Scripts

ValidateContent

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release

Related pull requests:
- 38105

Download

1.39.12 - 1953876 (January 9, 2025)

Scripts

CommonServerPython

Logging improvements.

Related pull requests:
- 37901

Download

1.39.11 - 1946497 (January 8, 2025)

Scripts

DBotPreProcessTextData

Documentation and metadata improvements.

Related pull requests:
- 37922

Download

1.39.10 - 1938781 (January 7, 2025)

Scripts

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.1870375.

DBotFindSimilarIncidentsByIndicators

Updated the Docker image to: demisto/ml:1.0.0.1870375.

Related pull requests:
- 37950

Download

1.39.9 - 1935630 (January 6, 2025)

Scripts

DBotMLFetchData

Code functionality improvements.

Related pull requests:
- 37472

Download

1.39.8 - 1931958 (January 6, 2025)

Scripts

ValidateContent

Updated the test playbook for ValidateContent script.

Related pull requests:
- 37916

Download

1.39.7 - 1912033 (January 2, 2025)

Scripts

ValidateContent

Code functionality improvements.
Updated the script to utilize up-to-date validation logic from demisto-sdk.
Updated the Docker image to: demisto/xsoar-tools:1.0.0.1808549.

Related pull requests:
- 37182

Download

1.39.5 - 1900707 (December 31, 2024)

Scripts

SanePdfReports

Fixed an issue where generating a report with HTML section would fail due to blocked image URLs.
Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.1899219.

Related pull requests:
- 37878

Download

1.39.4 - 1862748 (December 24, 2024)

Scripts

CommonServerPython

Fixed an issue where send_events_to_xsiam would fail due to timeout issues.

Related pull requests:
- 37804

Download

1.39.3 - 1855875 (December 23, 2024)

Scripts

CommonServerPython

log improvement.

Related pull requests:
- 37677

Download

1.39.2 - 1834150 (December 18, 2024)

Scripts

CommonServerPython

Fixed an issue where the new decorator for debugging purposes failed to retrieve the result file from scripts that timeout.
Added the Tactic indicator object.

FindSimilarIncidentsByText

Documentation and metadata improvements.

GetIncidentsByQuery

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

CreateIndicatorRelationship

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37760

Download

1.38.3 - 1820015 (December 16, 2024)

Scripts

CommonServerPython

Added support for multithreading when using send_events_to_xsiam.

Related pull requests:
- 37599

Download

1.38.2 - 1793696 (December 11, 2024)

Scripts

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.117810.

Related pull requests:
- 37639

Download

1.38.1 - 1773546 (December 8, 2024)

Scripts

CommonServerPython

Added a new decorator for debugging purposes, allowing users to profile code execution time and performance.

Related pull requests:
- 37440

Download

1.38.0 - 1745299 (December 3, 2024)

Scripts

CommonServerPython

Updated the IP class to return an IPv6 indicator based on the provided ip_type.

Related pull requests:
- 37411

Download

1.37.0 - 1741355 (December 3, 2024)

Scripts

CommonServerPython

Added the is_integration_instance_running_on_engine function which determines whether the current integration instance
runs on an xsoar engine.
Added the get_engine_base_url function which gets an engine ID and returns its base URL.
Reverted the logging changes in the Demisto class merthods.

Related pull requests:
- 37538

Download

1.36.1 - 1738579 (December 2, 2024)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 37425
- 37421
- 37419
- 37422
- 37418
- 37420

Download

1.36.0 - 1731907 (December 1, 2024)

Scripts

CommonServerPython

Logging improvements for the Demisto class methods.

Related pull requests:
- 37212

Download

1.35.6 - 1727922 (December 1, 2024)

Scripts

CommonServerPython

Added support for decoding to binary base 64 provided strings with no padding, to avoid "Incorrect padding" error.

Related pull requests:
- 37421
- 37340
- 37418
- 37425
- 37419
- 37420
- 37422

Download

1.35.5 - 1679416 (November 20, 2024)

Scripts

StixParser

Updated the Docker image to: demisto/taxii:1.0.0.116749.

SanePdfReports

Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.117145.

Related pull requests:
- 37298
- 37292
- 37293
- 37294

Download

1.35.4 - 1675652 (November 20, 2024)

Scripts

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.4.6.116823.

Related pull requests:
- 37287
- 37283

Download

1.35.3 - 1669335 (November 19, 2024)

Scripts

CommonServerPython

Added an option to the Account entity to receive custom fields.

Related pull requests:
- 37248

Download

1.35.2 - 1666862 (November 18, 2024)

Scripts

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.105874.

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.105874.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.105874.

CommonServerPowerShell

Updated the Docker image to: demisto/powershell:7.4.2.103657.

Related pull requests:
- 37214
- 37193

Download

1.35.0 - 1663384 (November 18, 2024)

Scripts

CommonServerPython

Added new fields to Common.File, Common.URL, Common.Domain, Common.IP indicator classes:

organization_prevalence
globally_prevalence
organization_first_seen
organization_last_seen
first_seen_by_source
last_seen_by_source

Related pull requests:
- 37022

Download

1.34.47 - 1647729 (November 14, 2024)

Scripts

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.11.10.115186.

HighlightWords

Updated the Docker image to: demisto/python3:3.11.10.115186.

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

1.34.46 - 1624996 (November 11, 2024)

Scripts

GetMLModelEvaluation

Updated the Docker image to: demisto/ml:1.0.0.112949.

DBotFindSimilarIncidents

Updated the Docker image to: demisto/ml:1.0.0.112949.

DBotPreProcessTextData

Updated the Docker image to: demisto/ml:1.0.0.112949.

Related pull requests:
- 37162
- 37154

Download

1.34.45 - 1615839 (November 10, 2024)

Scripts

ValidateContent

Updated the Docker image to: demisto/xsoar-tools:1.0.0.115559.

Related pull requests:
- 37115
- 37109

Download

1.34.44 - 1609112 (November 7, 2024)

Scripts

DBotFindSimilarIncidentsByIndicators

Fixed an issue where the script would fail to run if the fieldsIncidentToDisplay argument received an unpopulated field in the incidents.
Updated the Docker image to: demisto/ml:1.0.0.112949.

Related pull requests:
- 37116

Download

1.34.43 - 1602991 (November 6, 2024)

Scripts

GetIncidentsByQuery

Updated the Docker image to: demisto/python3:3.11.10.113941.

GetIndicatorsByQuery

Updated the Docker image to: demisto/python3:3.11.10.113941.

CreateIndicatorRelationship

Updated the Docker image to: demisto/python3:3.11.10.113941.

CheckDockerImageAvailable

Updated the Docker image to: demisto/python3:3.11.10.113941.

DeleteIndicatorRelationships

Updated the Docker image to: demisto/python3:3.11.10.113941.

SearchIndicatorRelationships

Updated the Docker image to: demisto/python3:3.11.10.113941.

DBotBuildPhishingClassifier

Updated the Docker image to: demisto/python3:3.11.10.113941.

HighlightWords

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

1.34.42 - 1569341 (October 30, 2024)

Scripts

CommonServerPython

Changed the snapshot id used for fetching assets to always start with a timestamp.

Related pull requests:
- 36816

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	August 2, 2020
Last Release	October 21, 2025

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.