Highlight words inside a given text.
Base
- Details
- Content
- Dependencies
- Version History
The base pack for Cortex XSOAR.
Name | Description |
---|---|
HighlightWords | |
DBotShowClusteringModelInfo | Show clustering model information - model summary and incidents in specific cluster. |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
StixParser | Parse STIX files to Cortex XSOAR indicators by clicking the Upload STIX File button. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
DBotTrainTextClassifierV2 | Train a machine learning text classifier. |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
DBotFindSimilarIncidents | Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
DrawRelatedIncidentsCanvas | Draw incidents and indicators on the canvas to map and visualize their connections. |
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
DBotPredictPhishingWords | Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
DBotTrainClustering | Train clustering model on any incident type. |
FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
CommonServer | Common code that will be merged into each server script when it runs. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
Name | Description |
---|---|
System Health |
Name | Description |
---|---|
DBotFindSimilarIncidents | Finds past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity. |
DBotFindSimilarAlerts | Finds past similar alerts based on alert fields' similarity. Includes an option to also display indicators similarity. |
StixParser | Parse STIX files to Cortex XSIAM indicators by clicking the Upload STIX File button. |
DBotMLFetchData | Deprecated. No available replacement. Collect telemetry data from the environment. |
DeleteIndicatorRelationships | This automation allows to delete a relationship between indicator objects based on the relationship id. |
GetIncidentsByQuery | Gets a list of incident objects and the associated incident outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
GetAlertsByQuery | Gets a list of alert objects and the associated alert outputs that This automation runs using the default Limited User role, unless you explicitly change the permissions. |
CommonServer | Common code that will be merged into each server script when it runs. |
DBotFindSimilarIncidentsByIndicators | Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
DBotFindSimilarAlertsByIndicators | Finds similar alerts based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity. |
HighlightWords | Highlight words inside a given text. |
WordTokenizerNLP | Deprecated. Use DBotPreProcessTextData instead. |
GetMLModelEvaluation | Finds a threshold for ML model, and performs an evaluation based on it. |
ValidateContent | Runs validation and linting using the Demisto SDK on content items, such as integrations, automations and content packs. This automation script is used as part of the content validation that runs as part of the contribution flow. |
CreateIndicatorRelationship | This automation creates a relationship between indicator objects. |
DBotBuildPhishingClassifier | Create a phishing classifier using machine learning technique, based on email content. |
SanePdfReports | Parse Sane-json-reports and export them as pdf files (used internally). |
DBotPreProcessTextData | Pre-process text data for the machine learning text classifier. |
SaneDocReports | Parse Sane-json-reports and export them as docx files (used internally). |
GetIndicatorsByQuery | Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. |
DBotSuggestClassifierMapping | Deprecated. No available replacement. Suggests a classifier mapping based on an advanced name matching algorithm. |
CommonServerPowerShell | Common code that will be merged into each PowerShell script/integration when it runs. |
CheckDockerImageAvailable | Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error. |
CommonServerPython | Common code that will be merged into each server script when it runs. |
DBotTrainClustering | Train clustering model on any incident type. |
SearchIndicatorRelationships | This automation outputs the indicator relationships to context according to the provided query, using the entities, entityTypes, and relationships arguments. All arguments will use the AND operator. For example, using the following arguments entities=8.8.8.8 entities_types=Domain will provide only relationships that the 8.8.8.8 indicator has with indicators of type domain. |
FindSimilarIncidentsByText | Deprecated. Use DBotFindSimilarIncidents instead. This automation runs using the default Limited User role, unless you explicitly |
FindSimilarAlertsByText | Deprecated. Use DBotFindSimilarAlerts instead. This automation runs using the default Limited User role, unless you explicitly |
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|
Scripts
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.103517.
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/ml:1.0.0.103517.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.103517.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.103517.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.103517.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.103517.
- 35422
Download
Scripts
DBotTrainTextClassifierV2
- Updated the Docker image to: demisto/ml:1.0.0.101889.
DBotBuildPhishingClassifier
- Changed the Docker image to: demisto/python3:3.11.9.101916.
DBotPreProcessTextData
- Updated the Docker image to: demisto/ml:1.0.0.101889.
DBotPredictPhishingWords
- Updated the Docker image to: demisto/ml:1.0.0.101889.
DBotFindSimilarIncidents
- Updated the Docker image to: demisto/ml:1.0.0.101889.
GetMLModelEvaluation
- Updated the Docker image to: demisto/ml:1.0.0.101889.
DBotFindSimilarIncidentsByIndicators
- Updated the Docker image to: demisto/ml:1.0.0.101889.
- 35081
Download
Scripts
CommonServerPython
- Removed support for the DemistoWrapper class in python2 integrations and scripts. This fixes an issue where the following error was encountered for python2 integrations and scripts:
TypeError: super() argument 1 must be type, not classobj
- 35283
- 35343
Download
Scripts
DBotFindSimilarIncidentsByIndicators
- Fixed an issue where the populateFields argument didn't accept a pipe (|) as a separator.
DBotFindSimilarIncidents
- Fixed an issue where the populateFields argument didn't accept a pipe (|) as a separator.
GetIncidentsByQuery
- Fixed an issue where the populateFields argument didn't accept a pipe (|) as a separator.
- 35176
Download
Scripts
CommonServerPython
Fixed an issue which caused email enrichers to save results in the wrong context key. Email
key was changed to Account.Email
. This change might affect the following integrations which output Email indicators to context:
- Anomali Threat Stream V3
- Cofense Intelligence V2
- Eclectic IQ Intelligence Center V3
- Email Hippo
- IP Quality Score
- MISP V3
- Reversing Labs Titanium Cloud V2
- SEKOIA Intelligence Center
- Threat Zone
- VM Ray
- 34684
- 33924
Download
Scripts
ValidateContent
- Updated the Docker image to: demisto/xsoar-tools:1.0.0.90942.
- 33641
- 33516
- 33519
- 33515
- 33329
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
- 33535
- 33534
- 33537
- 33552
- 33580
- 33553
- 33418
- 33583
- 33555
- 33556
- 33559
- 33560
- 33619
- 33591
- 33602
- 33600
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
Download
Scripts
CommonServerPython
- Added ignore to sleep method to satisfy linters.
GetIncidentsByQuery
- Moved the implementation to GetIncidentsApiModule.
- The includeContext argument is now deprecated due to performance considerations. Rather than using this argument, it is recommended to retrieve the context of the incidents separately, preferably for a limited number of incidents.
- Updated the Docker image to: demisto/python3:3.10.13.87159.
DBotFindSimilarIncidentsByIndicators
- Internal code enhancements for improved performance.
- Updated the Docker image to: demisto/ml:1.0.0.88591.
DBotFindSimilarIncidents
- Internal code enhancements for improved performance.
- Updated the Docker image to: demisto/ml:1.0.0.88591.
- 33028
Download
Scripts
GetIndicatorsByQuery
- Added the
ALL
option to the populateFields in order to get all the populated fields available. - Updated the automation to always use the populateFields - This is a breaking change! Make sure the value of this field is suitable for you.
- Updated the Docker image to: demisto/python3:3.10.13.87159.
- 32879
Download
Scripts
CreateIndicatorRelationship
- Updated the Docker image to: demisto/python3:3.10.13.86272.
CommonServerPython
- Fixed an issue in execute_command where the command returns an empty debug-entry when running on XSOAR version 8.x.
GetIndicatorsByQuery
- Improved implementation for better performance when using the populateFields argument.
- Update the docker image to: demisto/python3:3.10.13.86272.
- 32478
Download
Scripts
CommonServerPython
- Fixed an issue where sometimes the indicators became unavailable until resetting the instance.
DBotFindSimilarIncidents
- Fixed an issue where incidents were incorrectly called "alerts" in Cortex XSOAR.
- Updated the Docker image to: demisto/ml:1.0.0.84027.
- 31853
Download
Scripts
HighlightWords
- Updated the Docker image to: demisto/python3:3.10.12.66339.
GetIndicatorsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.66339.
CheckDockerImageAvailable
- Updated the Docker image to: demisto/python3:3.10.12.66339.
GetIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.66339.
- 28640
Download
PUBLISHER
![Cortex](https://storage.googleapis.com/marketplace-dist/content/packs/Base/Author_image.png)
PLATFORMS
INFO
Certification | Certified | Read more |
Supported By | Cortex | |
Created | August 2, 2020 | |
Last Release | July 25, 2024 |