Draw incidents and indicators on the canvas to map and visualize their connections.
Base
- Details
- Content
- Dependencies
- Version History
The base pack for Cortex XSOAR.
Name | Description |
---|---|
DrawRelatedIncidentsCanvas | |
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
StixParser | Parse STIX files to Cortex XSOAR indicators by clicking the Upload STIX File button. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
DBotFindSimilarIncidents | Find past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
DBotTrainTextClassifierV2 | Train a machine learning text classifier. |
CommonServer | Common code that will be merged into each server script when it runs. |
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
DBotPredictPhishingWords | Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision. |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DBotTrainClustering | Train clustering model on any incident type. |
HighlightWords | Highlight words inside a given text. |
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
DBotShowClusteringModelInfo | Show clustering model information - model summary and incidents in specific cluster. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
Name | Description |
---|---|
System Health |
Name | Description |
---|---|
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
CommonServer | Common code that will be merged into each server script when it runs. |
StixParser | Parse STIX files to Cortex XSIAM indicators by clicking the Upload STIX File button. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
DBotTrainClustering | Train clustering model on any incident type. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DBotFindSimilarAlertsByIndicators | Finds similar alerts based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
HighlightWords | Highlight words inside a given text. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
GetAlertsByQuery | Gets a list of alert objects and the associated alert outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
DBotFindSimilarIncidents | Find past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
DBotFindSimilarAlerts | Find past similar alerts based on alert fields' similarity. Includes an option to also display indicators similarity. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Scripts
ValidateContent
- Updated the Docker image to: demisto/xsoar-tools:1.0.0.90942.
- 33641
- 33516
- 33519
- 33515
- 33329
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
- 33535
- 33534
- 33537
- 33552
- 33580
- 33553
- 33418
- 33583
- 33555
- 33556
- 33559
- 33560
- 33619
- 33591
- 33602
- 33600
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
Download
Scripts
CommonServerPython
- Added ignore to sleep method to satisfy linters.
GetIncidentsByQuery
- Moved the implementation to GetIncidentsApiModule.
- The includeContext argument is now deprecated due to performance considerations. Rather than using this argument, it is recommended to retrieve the context of the incidents separately, preferably for a limited number of incidents.
- Updated the Docker image to: demisto/python3:3.10.13.87159.
DBotFindSimilarIncidentsByIndicators
- Internal code enhancements for improved performance.
- Updated the Docker image to: demisto/ml:1.0.0.88591.
DBotFindSimilarIncidents
- Internal code enhancements for improved performance.
- Updated the Docker image to: demisto/ml:1.0.0.88591.
- 33028
Download
Scripts
GetIndicatorsByQuery
- Added the
ALL
option to the populateFields in order to get all the populated fields available. - Updated the automation to always use the populateFields - This is a breaking change! Make sure the value of this field is suitable for you.
- Updated the Docker image to: demisto/python3:3.10.13.87159.
- 32879
Download
Scripts
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.10.13.86272.
CommonServerPython
- Fixed an issue in execute_command where the command returns an empty debug-entry when running on XSOAR version 8.x.
GetIndicatorsByQuery
- Improved implementation for better performance when using the populateFields argument.
- Update the docker image to: demisto/python3:3.10.13.86272.
- 32478
Download
Scripts
CommonServerPython
- Fixed an issue where sometimes the indicators became unavailable until resetting the instance.
DBotFindSimilarIncidents
- Fixed an issue where incidents were incorrectly called "alerts" in Cortex XSOAR.
- Updated the Docker image to: demisto/ml:1.0.0.84027.
- 31853
Download
Scripts
HighlightWords
- Updated the Docker image to: demisto/python3:3.10.12.66339.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.66339.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.10.12.66339.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.66339.
- 28640
Download
Scripts
HighlightWords
- Updated the Docker image to: demisto/python3:3.10.12.63474.
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.10.12.63474.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.63474.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.10.12.63474.
DBotShowClusteringModelInfo
- Updated the Docker image to: demisto/python3:3.10.12.63474.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.63474.
DeleteIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.10.12.63474.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.10.12.63474.
- 28221
Download
Scripts
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.62124.
- Removed the script from XSIAM, which does not yet support getMLModel.
DBotShowClusteringModelInfo
- Updated the Docker image to: demisto/python3:3.10.11.61265.
- Removed the script from XSIAM, which does not yet support getMLModel.
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.62124.
- Removed the script from XSIAM, which does not yet support getMLModel.
- 26967
Download
Scripts
HighlightWords
- Updated the Docker image to: demisto/python3:3.10.11.61265.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.10.11.61265.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.10.11.61265.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.10.11.61265.
SearchIndicatorRelationships
- Updated the Docker image to: demisto/python3:3.10.11.61265.
- 27210
Download
PUBLISHER
PLATFORMS
INFO
Certification | Certified | Read more |
Supported By | Cortex | |
Created | August 2, 2020 | |
Last Release | April 15, 2024 |