Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow.
Base
- Details
- Content
- Dependencies
- Version History
The base pack for Cortex XSOAR.
Name | Description |
---|---|
ValidateContent | |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs. |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions.
|
DBotTrainTextClassifierV2 | Train a machine learning text classifier. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
CommonServer | Common code that will be merged into each server script when it runs. |
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
DBotTrainClustering | This script helps organizes and groups incidents based on their similarities using clustering algorithms. |
FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly
|
HighlightWords | Highlight words inside a given text. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
DBotFindSimilarIncidents | Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
DBotShowClusteringModelInfo | Show clustering model information - model summary and incidents in specific cluster. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
DBotPredictPhishingWords | Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision. |
DrawRelatedIncidentsCanvas | Draw incidents and indicators on the canvas to map and visualize their connections. |
StixParser | Parse STIX files to Cortex XSOAR indicators by clicking the Upload STIX File button. |
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
Name | Description |
---|---|
System Health |
Name | Description |
---|---|
CommonServer | Common code that will be merged into each server script when it runs. |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
DBotFindSimilarIncidents | Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
DBotFindSimilarAlerts | Finds past similar alerts based on alert fields' similarity. Includes an option to also display indicators similarity. |
FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly
|
FindSimilarAlertsByText | Deprecated. Use DBotFindSimilarAlerts instead. This automation runs using the default Limited User role, unless you explicitly
|
DBotTrainClustering | This script helps organizes and groups incidents based on their similarities using clustering algorithms. |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions.
|
GetAlertsByQuery | Gets a list of alert objects and the associated alert outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions.
|
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DBotFindSimilarAlertsByIndicators | Finds similar alerts based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
StixParser | Parse STIX files to Cortex indicators by clicking the Upload STIX File button. |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
HighlightWords | Highlight words inside a given text. |
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Dashboards
System Health
Documentation and metadata improvements.
Scripts
CommonServerPython
- Updated the CommonServerPython script with new commands arg_to_boolean_or_null.
- Added the QuickActionPreview which serves as a method to standardize outputs when previewing a ticket.
- Added the MirrorObject which serves to standardize outputs for mirrors.
- 40523
Download
Scripts
DBotShowClusteringModelInfo
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
- 40221
Download
Scripts
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/sklearn:1.0.0.3150306.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/sklearn:1.0.0.3150306.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
DBotTrainTextClassifierV2
Breaking changes: Before using this version, make sure to update the Machine Learning pack to the latest version. If the Machine Learning pack is not installed, this message can be safely ignored.
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
- 38644
Download
Scripts
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
HighlightWords
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
- 39931
Download
Scripts
DeleteIndicatorRelationships
- Metadata and documentation improvements.
GetIncidentsByQuery
- Metadata and documentation improvements.
DBotPredictPhishingWords
- Metadata and documentation improvements.
DBotBuildPhishingClassifier
- Metadata and documentation improvements.
CreateIndicatorRelationship
- Metadata and documentation improvements.
DBotTrainTextClassifierV2
- Metadata and documentation improvements.
DBotFindSimilarIncidentsByIndicators
- Metadata and documentation improvements.
GetIndicatorsByQuery
- Metadata and documentation improvements.
DBotTrainClustering
- Metadata and documentation improvements.
StixParser
- Metadata and documentation improvements.
ValidateContent
- Metadata and documentation improvements.
DrawRelatedIncidentsCanvas
- Metadata and documentation improvements.
HighlightWords
- Metadata and documentation improvements.
GetMLModelEvaluation
- Metadata and documentation improvements.
DBotPreProcessTextData
- Metadata and documentation improvements.
DBotShowClusteringModelInfo
- Metadata and documentation improvements.
DBotFindSimilarIncidents
- Metadata and documentation improvements.
SanePdfReports
- Metadata and documentation improvements.
- Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3010215.
SearchIndicatorRelationships
- Metadata and documentation improvements.
CheckDockerImageAvailable
- Metadata and documentation improvements.
- 39349
Download
Scripts
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
- 37950
Download
Scripts
CommonServerPython
- Fixed an issue where the new decorator for debugging purposes failed to retrieve the result file from scripts that timeout.
- Added the Tactic indicator object.
FindSimilarIncidentsByText
- Documentation and metadata improvements.
GetIncidentsByQuery
- Documentation and metadata improvements.
- Updated the Docker image to: demisto/python3:3.11.10.116949.
CreateIndicatorRelationship
- Documentation and metadata improvements.
- Updated the Docker image to: demisto/python3:3.11.10.116949.
- 37760
Download
Scripts
CommonServerPython
- Added the is_integration_instance_running_on_engine function which determines whether the current integration instance
runs on an xsoar engine. - Added the get_engine_base_url function which gets an engine ID and returns its base URL.
- Reverted the logging changes in the Demisto class merthods.
- 37538
Download
Scripts
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.105874.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.105874.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.105874.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.105874.
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.105874.
CommonServerPowerShell
- Updated the Docker image to: demisto/powershell:7.4.2.103657.
- 37214
- 37193
Download
Scripts
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.115186.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.115186.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.115186.
HighlightWords
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.11.10.115186.
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139
Download
Scripts
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.112949.
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.112949.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.112949.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.112949.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.112949.
- 37162
- 37154
Download
Scripts
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.113941.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.113941.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.11.10.113941.
DBotShowClusteringModelInfo
- Updated the Docker image to: demisto/python3:3.11.10.113941.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.11.10.113941.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.113941.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.113941.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.11.10.113941.
HighlightWords
- Updated the Docker image to: demisto/python3:3.11.10.113941.
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997
Download
Scripts
CommonServerPython
- Updated the CommonServerPython script with new commands arg_to_boolean_or_null.
- 39632
- 39514
- 39503
- 39331
- 39517
- 39516
- 39504
- 39239
- 39499
- 39399
- 39507
- 39518
- 39528
- 39534
- 39536
- 39538
- 39412
- 39422
- 39546
- 39547
- 39549
- 39544
- 39557
- 39523
- 39234
- 39262
- 39564
- 39397
- 39252
- 39558
- 39559
- 39567
- 39404
- 40024
- 40103
- 40105
- 39914
- 39973
- 40106
- 40049
- 40104
- 39644
- 40086
- 40120
- 40017
- 40119
- 40113
- 40107
- 39972
- 40118
- 40117
- 40112
- 40048
- 40124
- 40102
- 39324
- 40038
- 40095
- 40132
- 39535
- 40133
- 40153
- 40154
- 40127
- 40028
- 40162
- 40160
- 40157
- 40134
- 40088
- 40166
- 40111
- 40168
- 40169
- 40167
- 40057
Download
Scripts
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
- 40221
Download
Scripts
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/sklearn:1.0.0.3150306.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/sklearn:1.0.0.3150306.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.3261948.
- 38644
Download
Scripts
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
HighlightWords
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.12.8.3296088.
- 39931
Download
Scripts
DeleteIndicatorRelationships
- Metadata and documentation improvements.
GetIncidentsByQuery
- Metadata and documentation improvements.
DBotBuildPhishingClassifier
- Metadata and documentation improvements.
CreateIndicatorRelationship
- Metadata and documentation improvements.
DBotFindSimilarIncidentsByIndicators
- Metadata and documentation improvements.
GetIndicatorsByQuery
- Metadata and documentation improvements.
DBotTrainClustering
- Metadata and documentation improvements.
StixParser
- Metadata and documentation improvements.
ValidateContent
- Metadata and documentation improvements.
HighlightWords
- Metadata and documentation improvements.
GetMLModelEvaluation
- Metadata and documentation improvements.
DBotPreProcessTextData
- Metadata and documentation improvements.
DBotFindSimilarIncidents
- Metadata and documentation improvements.
SanePdfReports
- Metadata and documentation improvements.
- Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.3010215.
SearchIndicatorRelationships
- Metadata and documentation improvements.
CheckDockerImageAvailable
- Metadata and documentation improvements.
- 39349
Download
Scripts
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/ml:1.0.0.1870375.
- 37950
Download
Scripts
CommonServerPython
- Fixed an issue where the new decorator for debugging purposes failed to retrieve the result file from scripts that timeout.
- Added the Tactic indicator object.
FindSimilarIncidentsByText
- Documentation and metadata improvements.
GetIncidentsByQuery
- Documentation and metadata improvements.
- Updated the Docker image to: demisto/python3:3.11.10.116949.
CreateIndicatorRelationship
- Documentation and metadata improvements.
- Updated the Docker image to: demisto/python3:3.11.10.116949.
- 37760
Download
Scripts
CommonServerPython
- Added the is_integration_instance_running_on_engine function which determines whether the current integration instance
runs on an xsoar engine. - Added the get_engine_base_url function which gets an engine ID and returns its base URL.
- Reverted the logging changes in the Demisto class merthods.
- 37538
Download
Scripts
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.105874.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.105874.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.105874.
CommonServerPowerShell
- Updated the Docker image to: demisto/powershell:7.4.2.103657.
- 37214
- 37193
Download
Scripts
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.115186.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.115186.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.115186.
HighlightWords
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.11.10.115186.
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139
Download
Scripts
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.113941.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.11.10.113941.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.11.10.113941.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.11.10.113941.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.113941.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.11.10.113941.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/python3:3.11.10.113941.
HighlightWords
- Updated the Docker image to: demisto/python3:3.11.10.113941.
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997
Download
PUBLISHER
PLATFORMS
INFO
Certification | Certified | Read more |
Supported By | Cortex | |
Created | August 2, 2020 | |
Last Release | August 6, 2025 |