Parse Sane-json-reports and export them as pdf files (used internally).
Base
- Details
- Content
- Dependencies
- Version History
The base pack for Cortex XSOAR.
Name | Description |
---|---|
SanePdfReports | |
StixParser | Parse STIX files to Cortex XSOAR indicators by clicking the Upload STIX File button. |
DBotPredictPhishingWords | Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision. |
FindSimilarIncidentsByText | Find similar incidents by text comparison - the algorithm based on TF-IDF method. This automation runs using the default Limited User role, unless you explicitly |
CommonServerPython | Common code that will be merged into each server script when it runs. |
DBotTrainClustering | Train clustering model on any incident type. |
DrawRelatedIncidentsCanvas | Draw incidents and indicators on the canvas to map and visualize their connections. |
DBotShowClusteringModelInfo | Show clustering model information - model summary and incidents in specific cluster. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
CommonServer | Common code that will be merged into each server script when it runs |
DBotFindSimilarIncidents | Find past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
HighlightWords | Highlight words inside a given text. |
DBotTrainTextClassifierV2 | Train a machine learning text classifier. |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it |
Name | Description |
---|---|
System Health |
Name | Description |
---|---|
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
StixParser | Parse STIX files to Cortex XSIAM indicators by clicking the Upload STIX File button. |
DBotPredictPhishingWords | Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision. |
FindSimilarIncidentsByText | Find similar incidents by text comparison - the algorithm based on TF-IDF method. This automation runs using the default Limited User role, unless you explicitly |
CommonServerPython | Common code that will be merged into each server script when it runs. |
DBotTrainClustering | Train clustering model on any incident type. |
DBotShowClusteringModelInfo | Show clustering model information - model summary and incidents in specific cluster. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
CommonServer | Common code that will be merged into each server script when it runs |
DBotFindSimilarIncidents | Find past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
HighlightWords | Highlight words inside a given text. |
DBotTrainTextClassifierV2 | Train a machine learning text classifier. |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it |
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Scripts
DBotTrainTextClassifierV2
- Fixed an issue where custom labels resulted in an error.
- Updated the Docker image to: demisto/ml:1.0.0.45981.
DBotBuildPhishingClassifier
- Fixed an issue where custom labels resulted in an error.
- Updated the Docker image to: demisto/ml:1.0.0.45981.
- 23844
Download
Scripts
CommonServerPython
- Added to SSLAdapter class support for HTTPAdapter initialization arguments.
- Updated the URL regular expression.
- Fixed an issue in look-back functionality where incident ids were removed from the last-run before finished fetching all incidents in the same time.
Added the optional Publications field to the CVE indicator.
- 22287
Download
Scripts
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.10.9.40422.
- Added the options "detects", "detected-by" and "located-at" for the relationships argument.
CommonServerPython
- Added the names "detects", "detected-by" and "located-at" for relationship type.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.10.9.40422.
- Added the options "detects", "detected-by" and "located-at" for the relationship and reverse_relationship arguments.
- 22564
Download
Scripts
CommonServerPython
- Improved implementation of send_events_to_xsiam, the function will now add the fields _final_reporting_device_name, _collector_type and _collector_name to all events. The fields will display the integration's url, integration's name and the name of the instance that collected the event.
- 22615
Download
Scripts
CommonServerPython
- Updated the Docker image to: demisto/python:2.7.18.37800.
- Updated the URL regular expression.
- Updated the IPv6 regular expression.
- 22466
- 22577
- 22563
- 22526
- 22567
- 22021
- 22124
- 20857
- 21856
- 22088
- 21530
- 22117
- 21379
- 21901
- 22062
- 22136
- 22020
- 22120
- 22141
- 22133
- 22139
- 22140
- 22144
- 21715
- 21258
- 21695
- 21830
- 21863
- 21996
- 22018
- 22029
- 14484
- 14439
- 14469
- 14483
- 14380
- 14422
- 14465
- 14442
- 14490
- 14492
- 14493
- 14130
- 14489
- 14382
- 14502
- 14124
- 14482
- 14503
- 14499
- 14466
- 12770
- 14501
- 14375
- 12795
- 14350
- 14507
- 13848
- 14378
- 13857
- 14512
- 14384
- 14516
- 14500
- 14481
- 14464
- 14522
- 14459
- 14525
- 14523
- 14076
- 14532
- 14368
- 14519
- 14455
- 13905
- 14537
- 14540
- 14538
- 14372
- 14072
- 14524
- 14498
- 14536
- 14302
- 14550
- 14505
- 14542
- 14468
- 14555
- 14556
- 14541
- 14526
- 14552
- 12335
- 14529
- 14561
- 14470
- 14331
- 13676
- 14475
- 11589
- 14568
- 14569
- 14565
- 13875
- 14558
- 13550
- 14578
- 14579
- 13902
- 14583
- 14511
- 14557
- 14585
- 14587
- 14476
- 14451
- 14596
- 14553
- 14517
- 14508
- 14605
- 14609
- 14607
- 14599
- 14480
- 14600
- 14545
- 14608
- 14604
- 14548
- 14543
- 14602
Download
Scripts
CommonServerPython
- Fixed an issue where
is_demisto_version_ge
was returning the wrong result when comparing version 6.10 with versions below.
SanePdfReports
- Fixed an issue where markdown images were not being displayed in reports.
- Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.35907.
- 21873
Download
Scripts
CommonServerPython
- Added the get_metric_list function to the ExecutionMetrics class. This function returns a list of all the metrics that were collected during the script's run.
- Added the Malware type to the FeedIndicatorType class.
- Improved implementation of Endpoint to include Vendor as a key field for comparisons.
- 21232
Download
Scripts
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.30541.
DBotBuildPhishingClassifier
- Updated the Docker image to: demisto/ml:1.0.0.30541.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.30541.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.30541.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.10.4.30607.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.30541.
- 19178
Download
Scripts
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.10.4.30607.
- Removed excessive error traceback printing.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.10.4.30607.
- Removed excessive error traceback printing.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.10.4.30607.
- Removed excessive error traceback printing.
- 19443
Download
Scripts
CommonServerPython
Improved ipv4cidrRegex, ipv6cidrRegex, and emailRegex.
Scripts
CommonServerPython
- Added to the AttackPattern class a new value attribute.
Scripts
CommonServerPython
- Added support for logging in CommandRunner.
Scripts
CommonServerPython
- Documentation improvements.
Scripts
CommonServerPython
- Improved the behavior of the send_events_to_xsiam function in cases it is given no events.
- Added to EntryType class the VIDEO_FILE and STATIC_VIDEO_FILE Enums.
Scripts
CommonServerPython
- Added the YMLMetadataCollector classes for the generate_yml_from_python demisto_sdk command.
- Added new function send_events_to_xsiam to allow collection integration to save events in XSIAM server.
Scripts
CommonServerPython
- Added the transform argument to the argToList function.
Scripts
SearchIndicatorRelationships
- Fixed an issue where the script returned an unexpected error in XSOAR version 6.6.0.
- Updated the Docker image to: demisto/python3:3.10.4.27798.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.10.4.27798.
- Fixed lint issues.
CommonServerPython
- Added the
content_format
field to CommandResults.
Scripts
SanePdfReports
- Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.27759.
- Fixed an issue where missing data would cause a table section to render erroneously.
- Fixed an issue where report headers would be displayed when the disableHeaders argument was
True
.
Scripts
CommonServerPython
- Added type validations and other internal code improvements.
- Added type validations and other internal code improvements.
GetMLModelEvaluation
- Added type validations and other internal code improvements.
SaneDocReports
- Added type validations and other internal code improvements.
Scripts
CommonServerPython
- Added generic methods to be used in fetch-incidents commands implementing the look-back functionality, which addresses cases where incidents are indexed on the 3rd-party products after their creation time and thus not fetched.
- Updated Docker image to demisto/python:2.7.18.27799.
- Added the create_indicator_result_with_dbotscore_unknown. Use this function when an API response to an indicator is not found.
Scripts
CommonServerPython
- Added the execute_commands function for executing multiple commands.
- Added an option to create a generic CommandRunner for a script that wraps several commands from different integrations.
See CommandRunner Documentation.
Scripts
CommonServerPython
- Added the message parameter into the DBotScore class.
Scripts
CommonServerPython
- Added the function get_pack_version which extracts the pack version by several queries.
Scripts
CommonServer
Fixed an issue where the code was not compatible with ES5.
Scripts
CommonServer
- Added the function mergeVersionedIntegrationContext to update the integration context. (This method behaves similarly to set_to_integration_context_with_retries in CommonServerPython).
CommonServerPython
Added the add_sensitive_log_strs function to mask sensitive strings in all loggers.
Scripts
CreateIndicatorRelationship
- The entity_b_type argument is no longer required.
- Fixed an issue where the CreateIndicatorRelationship command would fail when using the entity_b_query argument without providing the entity_b_type argument.
Scripts
SanePdfReports
- Docker image has been updated to: demisto/sane-pdf-reports:1.0.0.27172.
- Added the tableTextMaxLength argument for limiting the maximum text length of table cells.
CreateIndicatorRelationship
- Added an exception in cases where the entity_b_type parameter is not supplied.
Scripts
CommonServerPython
- Fixed an issue in the email regex value where it accepted spaces as part of the email address.
Scripts
DBotSuggestClassifierMapping
- Updated the script to Python 3.
GetIncidentsByQuery
- Changed the default values of the limit and the pageSize parameters.
CommonServerPython
- Added the remove_duplicates_from_list_arg function for removing duplicated items in list arguments.
Scripts
CommonServerPython
- Add support for lists and nested items in tableToMarkdown when using JsonTransformer argument.
GetIncidentsByQuery
- Added verification that query was parsed correctly.
DBotBuildPhishingClassifier
- Added support for the case when query argument is an empty string.
Scripts
CommonServerPython
- Internal code improvements.
GetIncidentsByQuery
Added support for splitting the populateFields argument into a list separated by "|" together with a comma-separated list.
PUBLISHER
Cortex
PLATFORMS
INFO
Certification | Certified | Read more |
Supported By | Cortex | |
Created | August 2, 2020 | |
Last Release | February 2, 2023 |