Finds a threshold for ML model, and performs an evaluation based on it
Base
- Details
- Content
- Dependencies
- Version History
The base pack for Cortex XSOAR.
Name | Description |
---|---|
System Health |
Name | Description |
---|---|
GetMLModelEvaluation | |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly |
DBotTrainTextClassifierV2 | Train a machine learning text classifier. |
DBotTrainClustering | Train clustering model on any incident type. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
HighlightWords | Highlight words inside a given text. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
DBotFindSimilarIncidents | Find past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
CommonServer | Common code that will be merged into each server script when it runs |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
DBotPredictPhishingWords | Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
DBotShowClusteringModelInfo | Show clustering model information - model summary and incidents in specific cluster. |
DrawRelatedIncidentsCanvas | Draw incidents and indicators on the canvas to map and visualize their connections. |
StixParser | Parse STIX files to Cortex XSOAR indicators by clicking the Upload STIX File button. |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
Name | Description |
---|---|
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly |
GetAlertsByQuery | Gets a list of alert objects and the associated alert outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
DBotTrainClustering | Train clustering model on any incident type. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
HighlightWords | Highlight words inside a given text. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
DBotFindSimilarIncidents | Find past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
CommonServer | Common code that will be merged into each server script when it runs |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DBotFindSimilarAlerts | Find past similar alerts based on alert fields' similarity. Includes an option to also display indicators similarity. |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
StixParser | Parse STIX files to Cortex XSIAM indicators by clicking the Upload STIX File button. |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
DBotFindSimilarAlertsByIndicators | Finds similar alerts based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Scripts
HighlightWords
- Updated the Docker image to: demisto/python3:3.10.12.66339.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.66339.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.10.12.66339.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.66339.
- 28640
Download
Scripts
HighlightWords
- Updated the Docker image to: demisto/python3:3.10.12.63474.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.10.12.63474.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.63474.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.10.12.63474.
DBotShowClusteringModelInfo
- Updated the Docker image to: demisto/python3:3.10.12.63474.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.63474.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.10.12.63474.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.10.12.63474.
- 28221
Download
Scripts
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.62124.
- Removed the script from XSIAM, which does not yet support getMLModel.
DBotShowClusteringModelInfo
- Updated the Docker image to: demisto/python3:3.10.11.61265.
- Removed the script from XSIAM, which does not yet support getMLModel.
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.62124.
- Removed the script from XSIAM, which does not yet support getMLModel.
- 26967
Download
Scripts
HighlightWords
- Updated the Docker image to: demisto/python3:3.10.11.61265.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.10.11.61265.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.10.11.61265.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.10.11.61265.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.10.11.61265.
- 27210
Download
Scripts
CommonServerPython
- Added a validation that the prefix_output is not a period.
- 25674
- 25463
- 25336
- 25514
- 25155
- 25755
- 25752
- 25555
- 25782
- 25745
- 25784
- 25780
- 25771
- 25754
- 25765
- 25763
- 25027
- 25743
- 25666
- 25785
- 25392
- 25766
- 25795
- 25764
- 25641
- 25793
- 25803
- 25806
Download
Scripts
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/ml:1.0.0.49819.
DrawRelatedIncidentsCanvas
- Updated the Docker image to: demisto/sklearn:1.0.0.49796.
FindSimilarIncidentsByText
- Updated the Docker image to: demisto/sklearn:1.0.0.49796.
CommonServerPython
- Fixed an issue where using fetch incidents with the lookback parameter did not fetch new incidents.
- 25150
Download
Scripts
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.10.10.48392.
- Documentation and metadata improvements.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.10.10.48392.
- Documentation and metadata improvements.
FindSimilarIncidentsByText
- Updated the Docker image to: demisto/sklearn:1.0.0.47448.
- Documentation and metadata improvements.
- 23716
Download
Scripts
CommonServerPython
- Added support for retries when sending events into XSIAM in case there are api limit errors.
- Updated the Docker image to: demisto/python:2.7.18.49010.
- Updated the auto_detect_indicator_type function to auto refang indicators prior to checking them.
- 24675
Download
Scripts
CommonServerPython
- Fixed an issue where the URL regex did not capture IP based defanged URLs.
- Fixed an issue where the URL regex did not capture the extension of the file in the path.
- Fixed an issue where the default value of the ContentType for ExecutionMetrics was JSON and not a string.
- 24272
Download
Scripts
DBotTrainTextClassifierV2
- Fixed an issue where custom labels resulted in an error.
- Updated the Docker image to: demisto/ml:1.0.0.45981.
DBotBuildPhishingClassifier
- Fixed an issue where custom labels resulted in an error.
- Updated the Docker image to: demisto/ml:1.0.0.45981.
- 23844
Download
Scripts
CommonServerPython
- Added to SSLAdapter class support for HTTPAdapter initialization arguments.
- Updated the URL regular expression.
- Fixed an issue in look-back functionality where incident ids were removed from the last-run before finished fetching all incidents in the same time.
Added the optional Publications field to the CVE indicator.
- 22287
Download
Scripts
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.10.9.40422.
- Added the options "detects", "detected-by" and "located-at" for the relationships argument.
CommonServerPython
- Added the names "detects", "detected-by" and "located-at" for relationship type.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.10.9.40422.
- Added the options "detects", "detected-by" and "located-at" for the relationship and reverse_relationship arguments.
- 22564
Download
Scripts
CommonServerPython
- Improved implementation of send_events_to_xsiam, the function will now add the fields _final_reporting_device_name, _collector_type and _collector_name to all events. The fields will display the integration's url, integration's name and the name of the instance that collected the event.
- 22615
Download
Scripts
CommonServerPython
- Updated the Docker image to: demisto/python:2.7.18.37800.
- Updated the URL regular expression.
- Updated the IPv6 regular expression.
- 22466
- 22577
- 22563
- 22526
- 22567
- 22021
- 22124
- 20857
- 21856
- 22088
- 21530
- 22117
- 21379
- 21901
- 22062
- 22136
- 22020
- 22120
- 22141
- 22133
- 22139
- 22140
- 22144
- 21715
- 21258
- 21695
- 21830
- 21863
- 21996
- 22018
- 22029
- 14484
- 14439
- 14469
- 14483
- 14380
- 14422
- 14465
- 14442
- 14490
- 14492
- 14493
- 14130
- 14489
- 14382
- 14502
- 14124
- 14482
- 14503
- 14499
- 14466
- 12770
- 14501
- 14375
- 12795
- 14350
- 14507
- 13848
- 14378
- 13857
- 14512
- 14384
- 14516
- 14500
- 14481
- 14464
- 14522
- 14459
- 14525
- 14523
- 14076
- 14532
- 14368
- 14519
- 14455
- 13905
- 14537
- 14540
- 14538
- 14372
- 14072
- 14524
- 14498
- 14536
- 14302
- 14550
- 14505
- 14542
- 14468
- 14555
- 14556
- 14541
- 14526
- 14552
- 12335
- 14529
- 14561
- 14470
- 14331
- 13676
- 14475
- 11589
- 14568
- 14569
- 14565
- 13875
- 14558
- 13550
- 14578
- 14579
- 13902
- 14583
- 14511
- 14557
- 14585
- 14587
- 14476
- 14451
- 14596
- 14553
- 14517
- 14508
- 14605
- 14609
- 14607
- 14599
- 14480
- 14600
- 14545
- 14608
- 14604
- 14548
- 14543
- 14602
Download
Scripts
CommonServerPython
- Fixed an issue where
is_demisto_version_ge
was returning the wrong result when comparing version 6.10 with versions below.
SanePdfReports
- Fixed an issue where markdown images were not being displayed in reports.
- Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.35907.
- 21873
Download
PUBLISHER
PLATFORMS
INFO
Certification | Certified | Read more |
Supported By | Cortex | |
Created | August 2, 2020 | |
Last Release | September 20, 2023 |