Community Common Scripts

Details
Content
Dependencies
Version History

Download With Dependencies

A pack that contains community scripts

Pack Contributors:

Mandar Naik
nikstuckenbrock
Lizz Boice
Ali Sawyer

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Pack Contributors:

Mandar Naik
nikstuckenbrock
Lizz Boice
Ali Sawyer

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
ExtFilter	Advanced Filter. It enables you to make filters with complex conditions.
MarkdownToHTML	Converts Markdown to HTML.
CreatePlbkDoc	Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Input2: Format type needed. Table or Paragraph. Paragraph is default. Input3: Name of the docx file that will be produced. Give the full name including the ".docx" extension. (Mandatory) Requirements: This automation requires "Core REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook.
DeleteIndicators	Delete indicators based on query, values, or IDs.
RetrievePlaybooksAndIntegrations	Deprecated. Use RetrievePlaybookDependencies instead. Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name
VersionLessThan	Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
DateTimeToADTime	Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet.
InvertEveryTwoItems	This transformer will invert every two items in an array. Example: ["A", "B", "C", "D"] Result: ["B", "A", "D", "C"] If the total of items in the array is an odd number the last item will be removed Example: ["A", "B", "C", "D", "E"] Result: ["B", "A", "D", "C"] If the item is not an array the output will be same passed object.
GetIndexOfArrayValue	This transformer will get an index of an element from an array. ex:["phishing","Malware"], if we provide "Malware" to array_value argument, will get index as 1.
CreateArrayWithDuplicates	Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc.
Json2HtmlTable	Converts JSON objects to HTML tables.
DateTimeToLDAPTime	Converts the given time to an LDAP timestamp.
IPCalcReturnSubnetAddresses	An automation script to return subnet addresses
IPCalcCheckSubnetCollision	An automation script to return subnet collision result
CreateEDLInstance	Use this automation to create an EDL instance on XSOAR.
IPCalcReturnSubnetNetwork	An Automation Script to return subnet network ID
StripAccentMarksFromString	Strip accent marks (diacritics) from a given string. For example: "Niño שָׁלוֹם Montréal اَلسَّلَامُ عَلَيْكُمْ‎" Will return: "Nino שלום Montreal السلام عليكم"
IPCalcReturnSubnetBroadcastAddress	An Automation Script to return subnet broadcast address
GetListDatawithKeyword	This transformer will get list of array elements by providing keyword. List data format [ { "folder": "abc", "username": "test" }, { "folder": "def", "username": "test123" }, { "folder": "ghi", "username": "admin" } ]
CompareList	Compares two lists.
MaxList	Gets the maximum value from list e.g. ["25", "10", "25"] => "25"
RandomPhotoNasa	This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data.
GenerateRandomJSON	Generate a list of random dictionaries, using Faker Python library. For more information, please visit https://faker.readthedocs.io
ConvertUTCEpochTimeToTimeStamp	This transformer convert the Epoch or UTC timestamp to desired stamp
DateTimeNowToEpoch	Returns the current datetime as an epoch value for use in timestamp comparisons.
DeleteIncidentsByQuery	Use this automation to delete incidents using query parameter with the same format as used in incidents search. Core REST API integration instance should be created.
RetrievePlaybookDependencies	Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts, Commands not using-brand, and lists for a provided Playbook name. Also accepts inputs for incident types, layouts, incident fields, indicator fields, jobs, mappers, and pre-process rules connected to the parent playbook. Results can be output as an HTML or Markdown list.
GetIndicatorDBotScoreFromContext	Get the final verdict from the DBotScore of the context. Provided that it has all of the latest source verdict, this script gives you the right final verdict.
isArrayItemInList	This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. inputArray: the context array/list data listName: the XSOAR system list.
GetFields	Retrieves fields from an object using dot notation
delete_expired_indicator_with_exlusion	deletes expired indicators.
GetAskLinks	Creates external ask links for the `Ask` task with the given name.
Defang	Defangs IP, Mail and URL address to prevent them from being recognized.
DisplayIndicatorReputationContent	Display the indicator context object in markdown format in a dynamic section layout
CalculateTimeSpan	Calculates the time span between two dates using Powershell's `New-TimeSpan` command. A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 Hours : 1 Minutes : 12 Seconds : 19 Milliseconds : 0 Ticks : 8683390000000 TotalDays : 10.0502199074074 TotalHours : 241.205277777778 TotalMinutes : 14472.3166666667 TotalSeconds : 868339 TotalMilliseconds : 868339000
RemoveEmptyEvidence	The automation removes evidence based on a query performed on the evidence content, if the provided string is found within the evidence- it will be removed.
BatchData	This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size.
IPCalcReturnAddressIANAAllocation	An automation script to return address IANA information
GetIndicatorCustomFieldsByQuery	Returns indicator custom fields into the context by the given query.
MinList	Gets the minimum value from list e.g. ["25", "10", "25"] => "10"
jq	Run JQ Query. Check these links: https://stedolan.github.io/jq/manual/#Invokingjq https://jqplay.org/
SSLVerifier	Use this automation to check for validity of your SSL certificate and get the time until expiration.
redactindicator	Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>.
RandomElementFromList	randomly select elements from a list in Python
CreateFileFromPathObject	This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident
IPCalcReturnAddressBinary	An automation script to return address in binary format
PHash	Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/
MapRegex	This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { "Match 1": ".match 1.", "Match 2": ".match 2.", "Catch all": ".*" } The transformer will match in order of dictionary entries.
FindPlaybookCustomDependencies	Find custom scripts and integration dependencies used inside of playbooks.
DisplayTaggedWarroomEntries	Display warroom entries in a dynamic section which are tagged with 'report'
GetFilePathPreProcessing	This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. It should be configured as a pre-processing rule, and the logic for finding the right incident should be added to the code manually. The automation collects the paths and names of the attachments of the incoming incident and passes it to the "CreateFileFromPathObject" automation that is being executed on the existing incident
VersionGreaterThan	Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
VersionEqualTo	Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0

Automations

Name	Description
CreatePlbkDoc	Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Input2: Format type needed. Table or Paragraph. Paragraph is default. Input3: Name of the docx file that will be produced. Give the full name including the ".docx" extension. (Mandatory) Requirements: This automation requires "Core REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook.
isArrayItemInList	This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. inputArray: the context array/list data listName: the XSOAR system list.
DeleteIncidentsByQuery	Use this automation to delete incidents using query parameter with the same format as used in incidents search. Core REST API integration instance should be created.
DeleteAlertsByQuery	Use this automation to delete alerts using query parameter with the same format as used in alerts search. Core REST API integration instance should be created.
RetrievePlaybookDependencies	Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts, Commands not using-brand, and lists for a provided Playbook name. Also accepts inputs for incident types, layouts, incident fields, indicator fields, jobs, mappers, and pre-process rules connected to the parent playbook. Results can be output as an HTML or Markdown list.
DateTimeToADTime	Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet.
IPCalcReturnSubnetBroadcastAddress	An Automation Script to return subnet broadcast address
RemoveEmptyEvidence	The automation removes evidence based on a query performed on the evidence content, if the provided string is found within the evidence- it will be removed.
CreateArrayWithDuplicates	Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc.
RandomElementFromList	randomly select elements from a list in Python
DisplayIndicatorReputationContent	Display the indicator context object in markdown format in a dynamic section layout
GetIndicatorDBotScoreFromContext	Get the final verdict from the DBotScore of the context. Provided that it has all of the latest source verdict, this script gives you the right final verdict.
RandomPhotoNasa	This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data.
FindPlaybookCustomDependencies	Find custom scripts and integration dependencies used inside of playbooks.
VersionLessThan	Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
SSLVerifier	Use this automation to check for validity of your SSL certificate and get the time until expiration.
RetrievePlaybooksAndIntegrations	Deprecated. Use RetrievePlaybookDependencies instead. Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name
BatchData	This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size.
GetFields	Retrieves fields from an object using dot notation
CreateEDLInstance	Use this automation to create an EDL instance on XSOAR.
ConvertUTCEpochTimeToTimeStamp	This transformer convert the Epoch or UTC timestamp to desired stamp
IPCalcReturnSubnetAddresses	An automation script to return subnet addresses
Defang	Defangs IP, Mail and URL address to prevent them from being recognized.
CreateFileFromPathObject	This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident
IPCalcReturnSubnetNetwork	An Automation Script to return subnet network ID
Json2HtmlTable	Converts JSON objects to HTML tables.
GetAskLinks	Creates external ask links for the `Ask` task with the given name.
MapRegex	This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { "Match 1": ".match 1.", "Match 2": ".match 2.", "Catch all": ".*" } The transformer will match in order of dictionary entries.
PHash	Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/
DateTimeNowToEpoch	Returns the current datetime as an epoch value for use in timestamp comparisons.
StripAccentMarksFromString	Strip accent marks (diacritics) from a given string. For example: "Niño שָׁלוֹם Montréal اَلسَّلَامُ عَلَيْكُمْ‎" Will return: "Nino שלום Montreal السلام عليكم"
ExtFilter	Advanced Filter. It enables you to make filters with complex conditions.
MaxList	Gets the maximum value from list e.g. ["25", "10", "25"] => "25"
delete_expired_indicator_with_exlusion	deletes expired indicators.
DateTimeToLDAPTime	Converts the given time to an LDAP timestamp.
MarkdownToHTML	Converts Markdown to HTML.
VersionGreaterThan	Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
jq	Run JQ Query. Check these links: https://stedolan.github.io/jq/manual/#Invokingjq https://jqplay.org/
GenerateRandomJSON	Generate a list of random dictionaries, using Faker Python library. For more information, please visit https://faker.readthedocs.io
redactindicator	Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>.
GetFilePathPreProcessing	This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. It should be configured as a pre-processing rule, and the logic for finding the right incident should be added to the code manually. The automation collects the paths and names of the attachments of the incoming incident and passes it to the "CreateFileFromPathObject" automation that is being executed on the existing incident
IPCalcCheckSubnetCollision	An automation script to return subnet collision result
MinList	Gets the minimum value from list e.g. ["25", "10", "25"] => "10"
VersionEqualTo	Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
DisplayTaggedWarroomEntries	Display warroom entries in a dynamic section which are tagged with 'report'
CompareList	Compares two lists.
GetIndexOfArrayValue	This transformer will get an index of an element from an array. ex:["phishing","Malware"], if we provide "Malware" to array_value argument, will get index as 1.
GetListDatawithKeyword	This transformer will get list of array elements by providing keyword. List data format [ { "folder": "abc", "username": "test" }, { "folder": "def", "username": "test123" }, { "folder": "ghi", "username": "admin" } ]
GetIndicatorCustomFieldsByQuery	Returns indicator custom fields into the context by the given query.
CalculateTimeSpan	Calculates the time span between two dates using Powershell's `New-TimeSpan` command. A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 Hours : 1 Minutes : 12 Seconds : 19 Milliseconds : 0 Ticks : 8683390000000 TotalDays : 10.0502199074074 TotalHours : 241.205277777778 TotalMinutes : 14472.3166666667 TotalSeconds : 868339 TotalMilliseconds : 868339000
DeleteIndicators	Delete indicators based on query, values, or IDs.
InvertEveryTwoItems	This transformer will invert every two items in an array. Example: ["A", "B", "C", "D"] Result: ["B", "A", "D", "C"] If the total of items in the array is an odd number the last item will be removed Example: ["A", "B", "C", "D", "E"] Result: ["B", "A", "D", "C"] If the item is not an array the output will be same passed object.
IPCalcReturnAddressIANAAllocation	An automation script to return address IANA information
IPCalcReturnAddressBinary	An automation script to return address in binary format

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

1.3.19 - 4186002 (July 16, 2025)

Scripts

Json2HtmlTable

Fixed a typo in the Json2HtmlTable script tags.

Related pull requests:
- 40614

Download

1.3.18 - R3980324 (June 26, 2025)

Scripts

Json2HtmlTable

Added support for the custom_styling argument to insert custom css styling before the table object.
Added support for the table_attributes argument to add various table attributes. e.g. pass id=”infotable” or class=”bootstrapclass”/data*.
Updated the Docker image to: demisto/py3-tools:1.0.0.3205634.

Related pull requests:
- 40089
- 40198

Download

1.3.17 - R3481649 (May 21, 2025)

Scripts

New: FindPlaybookCustomDependencies

New: Find custom scripts and integration dependencies used inside of playbooks.

Related pull requests:
- 39601
- 39836

Download

1.3.16 - R2988287 (March 26, 2025)

Scripts

MaxList

Metadata and documentation improvements.

IPCalcReturnSubnetAddresses

Metadata and documentation improvements.

SSLVerifier

Metadata and documentation improvements.

redactindicator

Metadata and documentation improvements.

MinList

Metadata and documentation improvements.

GetListDatawithKeyword

Metadata and documentation improvements.

CreatePlbkDoc

Metadata and documentation improvements.

CreateArrayWithDuplicates

Metadata and documentation improvements.

BatchData

Metadata and documentation improvements.

IPCalcReturnSubnetNetwork

Metadata and documentation improvements.

RandomElementFromList

Metadata and documentation improvements.

GetFields

Metadata and documentation improvements.

RetrievePlaybookDependencies

Metadata and documentation improvements.

MapRegex

Metadata and documentation improvements.

DisplayTaggedWarroomEntries

Metadata and documentation improvements.

CompareList

Metadata and documentation improvements.

isArrayItemInList

Metadata and documentation improvements.

DeleteIndicators

Metadata and documentation improvements.

IPCalcReturnAddressBinary

Metadata and documentation improvements.

DateTimeToADTime

Metadata and documentation improvements.

IPCalcReturnSubnetBroadcastAddress

Metadata and documentation improvements.

CreateEDLInstance

Metadata and documentation improvements.

RandomPhotoNasa

Metadata and documentation improvements.

GetAskLinks

Metadata and documentation improvements.

ConvertUTCEpochTimeToTimeStamp

Metadata and documentation improvements.

Defang

Metadata and documentation improvements.

GetIndicatorCustomFieldsByQuery

Metadata and documentation improvements.

GetIndicatorDBotScoreFromContext

Metadata and documentation improvements.

GetFilePathPreProcessing

Metadata and documentation improvements.

Json2HtmlTable

Metadata and documentation improvements.

MarkdownToHTML

Metadata and documentation improvements.

DateTimeNowToEpoch

Metadata and documentation improvements.

CreateFileFromPathObject

Metadata and documentation improvements.

DeleteIncidentsByQuery

Metadata and documentation improvements.

GenerateRandomJSON

Metadata and documentation improvements.

DateTimeToLDAPTime

Metadata and documentation improvements.

IPCalcCheckSubnetCollision

Metadata and documentation improvements.

DisplayIndicatorReputationContent

Metadata and documentation improvements.

GetIndexOfArrayValue

Metadata and documentation improvements.

ExtFilter

Metadata and documentation improvements.

IPCalcReturnAddressIANAAllocation

Metadata and documentation improvements.

delete_expired_indicator_with_exlusion

Metadata and documentation improvements.

jq

Metadata and documentation improvements.

PHash

Metadata and documentation improvements.

StripAccentMarksFromString

Metadata and documentation improvements.

Related pull requests:
- 39009

Download

1.3.15 - 2395597 (February 10, 2025)

Scripts

VersionLessThan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

VersionGreaterThan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

VersionEqualTo

Updated the Docker image to: demisto/powershell:7.4.6.117357.

CalculateTimeSpan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 38552
- 38543
- 38544
- 38546
- 38547

Download

1.3.14 - 2074399 (January 26, 2025)

Scripts

CreatePlbkDoc

Updated the Docker image to: demisto/sane-doc-reports:1.0.0.2023828.

Related pull requests:
- 38288
- 38283
- 38281
- 38280
- 38279
- 38278
- 38276
- 38275
- 38274
- 38272
- 38271
- 38273
- 38277
- 38282

Download

1.3.13 - 2060535 (January 23, 2025)

Scripts

Defang

Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38065

Download

1.3.12 - 2013343 (January 19, 2025)

Scripts

DeleteIndicators

Code functionality improvements.

Related pull requests:
- 38115

Download

1.3.11 - R1977897 (January 13, 2025)

Scripts

ExtFilter

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38043

Download

1.3.10 - 1950870 (January 8, 2025)

Scripts

CreatePlbkDoc

Documentation and metadata improvements.

Related pull requests:
- 38028

Download

1.3.9 - 1909729 (January 1, 2025)

Scripts

New: DeleteIndicators

New: Delete indicators based on query, values, or IDs.

Related pull requests:
- 37855
- 37892

Download

1.3.8 - 1809308 (December 15, 2024)

Scripts

SSLVerifier

Updated the Docker image to: demisto/python3:3.11.10.115186.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.11.10.115186.

MaxList

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetFields

Updated the Docker image to: demisto/python3:3.11.10.115186.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.11.10.115186.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.11.10.115186.

MapRegex

Updated the Docker image to: demisto/python3:3.11.10.115186.

MinList

Updated the Docker image to: demisto/python3:3.11.10.115186.

CompareList

Updated the Docker image to: demisto/python3:3.11.10.115186.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.11.10.115186.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.11.10.115186.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.11.10.115186.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.11.10.115186.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.11.10.115186.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.11.10.115186.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.11.10.115186.

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.11.10.115186.

BatchData

Updated the Docker image to: demisto/python3:3.11.10.115186.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.11.10.115186.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37567
- 37564
- 37565

Download

1.3.7 - 1780397 (December 9, 2024)

Scripts

MarkdownToHTML

Updated the Docker image to: demisto/bs4-py3:1.0.0.117152.

Related pull requests:
- 37620
- 37619
- 37618
- 37617

Download

1.3.6 - 1748140 (December 4, 2024)

Scripts

ExtFilter

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.11.10.115186.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetAskLinks

Updated the Docker image to: demisto/python3:3.11.10.115186.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.11.10.115186.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.11.10.115186.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.11.10.115186.

redactindicator

Updated the Docker image to: demisto/python3:3.11.10.115186.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

1.3.5 - 1675652 (November 20, 2024)

Scripts

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.11.10.116439.

Related pull requests:
- 37271

Download

1.3.4 - 1673120 (November 19, 2024)

Scripts

VersionEqualTo

Updated the Docker image to: demisto/powershell:7.4.6.116823.

CalculateTimeSpan

Updated the Docker image to: demisto/powershell:7.4.6.116823.

VersionGreaterThan

Updated the Docker image to: demisto/powershell:7.4.6.116823.

VersionLessThan

Updated the Docker image to: demisto/powershell:7.4.6.116823.

Related pull requests:
- 37287
- 37283

Download

1.3.3 - 1666862 (November 18, 2024)

Scripts

CalculateTimeSpan

Updated the Docker image to: demisto/powershell:7.4.2.103657.

VersionEqualTo

Updated the Docker image to: demisto/powershell:7.4.2.103657.

VersionGreaterThan

Updated the Docker image to: demisto/powershell:7.4.2.103657.

VersionLessThan

Updated the Docker image to: demisto/powershell:7.4.2.103657.

Related pull requests:
- 37214
- 37193

Download

1.3.2 - 1619437 (November 10, 2024)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.114656.

Related pull requests:
- 37059
- 37052
- 37051

Download

1.3.1 - 1563308 (October 29, 2024)

Scripts

jq

Updated the Docker image to: demisto/jq:1.0.0.113893.

CreatePlbkDoc

Updated the Docker image to: demisto/sane-doc-reports:1.0.0.114696.

PHash

Updated the Docker image to: demisto/python-phash:1.0.0.114718.

Related pull requests:
- 36856
- 36845
- 36844
- 36843
- 36840
- 36837
- 36836
- 36832
- 36842
- 36841
- 36839
- 36838
- 36834
- 36835
- 36833

Download

1.3.0 - 1373264 (September 11, 2024)

Scripts

New: DateTimeToLDAPTime

Added a new script DateTimeToLDAPTime which takes a date/time string and converts it to an LDAP (a.k.a. "Windows NT time format") timestamp.

Related pull requests:
- 36161
- 36251

Download

1.2.7 - 1368468 (September 10, 2024)

Scripts

New: GenerateRandomJSON

Added GenerateRandoJSON automation to this pack.
This automation generates a list of random dictionaries, using Faker Python library. For more information, please visit https://faker.readthedocs.io.

Related pull requests:
- 36209
- 36167

Download

1.2.6 - R1324639 (August 29, 2024)

Scripts

New: Json2HtmlTable

New: Converts JSON objects to HTML tables.

Related pull requests:
- 35758
- 35633

Download

1.2.5 - R1189290 (July 18, 2024)

Scripts

VersionGreaterThan

Updated the Docker image to: demisto/powershell:7.4.0.80528.

CalculateTimeSpan

Updated the Docker image to: demisto/powershell:7.4.0.80528.

VersionEqualTo

Updated the Docker image to: demisto/powershell:7.4.0.80528.

VersionLessThan

Updated the Docker image to: demisto/powershell:7.4.0.80528.

Related pull requests:
- 35346
- 35333
- 35335
- 35334
- 35336

Download

1.3.19 - 4186002 (July 16, 2025)

Scripts

Json2HtmlTable

Fixed a typo in the Json2HtmlTable script tags.

Related pull requests:
- 40614

Download

1.3.18 - R3980324 (June 26, 2025)

Scripts

Json2HtmlTable

Added support for the custom_styling argument to insert custom css styling before the table object.
Added support for the table_attributes argument to add various table attributes. e.g. pass id=”infotable” or class=”bootstrapclass”/data*.
Updated the Docker image to: demisto/py3-tools:1.0.0.3205634.

Related pull requests:
- 40089
- 40198

Download

1.3.17 - R3481649 (May 21, 2025)

Scripts

New: FindPlaybookCustomDependencies

New: Find custom scripts and integration dependencies used inside of playbooks.

Related pull requests:
- 39601
- 39836

Download

1.3.16 - R2988287 (March 26, 2025)

Scripts

MaxList

Metadata and documentation improvements.

IPCalcReturnSubnetAddresses

Metadata and documentation improvements.

SSLVerifier

Metadata and documentation improvements.

redactindicator

Metadata and documentation improvements.

MinList

Metadata and documentation improvements.

GetListDatawithKeyword

Metadata and documentation improvements.

CreatePlbkDoc

Metadata and documentation improvements.

CreateArrayWithDuplicates

Metadata and documentation improvements.

BatchData

Metadata and documentation improvements.

IPCalcReturnSubnetNetwork

Metadata and documentation improvements.

RandomElementFromList

Metadata and documentation improvements.

GetFields

Metadata and documentation improvements.

RetrievePlaybookDependencies

Metadata and documentation improvements.

MapRegex

Metadata and documentation improvements.

DisplayTaggedWarroomEntries

Metadata and documentation improvements.

CompareList

Metadata and documentation improvements.

isArrayItemInList

Metadata and documentation improvements.

DeleteIndicators

Metadata and documentation improvements.

IPCalcReturnAddressBinary

Metadata and documentation improvements.

DateTimeToADTime

Metadata and documentation improvements.

IPCalcReturnSubnetBroadcastAddress

Metadata and documentation improvements.

CreateEDLInstance

Metadata and documentation improvements.

RandomPhotoNasa

Metadata and documentation improvements.

GetAskLinks

Metadata and documentation improvements.

ConvertUTCEpochTimeToTimeStamp

Metadata and documentation improvements.

Defang

Metadata and documentation improvements.

GetIndicatorCustomFieldsByQuery

Metadata and documentation improvements.

GetIndicatorDBotScoreFromContext

Metadata and documentation improvements.

GetFilePathPreProcessing

Metadata and documentation improvements.

Json2HtmlTable

Metadata and documentation improvements.

MarkdownToHTML

Metadata and documentation improvements.

DateTimeNowToEpoch

Metadata and documentation improvements.

CreateFileFromPathObject

Metadata and documentation improvements.

DeleteIncidentsByQuery

Metadata and documentation improvements.

GenerateRandomJSON

Metadata and documentation improvements.

DateTimeToLDAPTime

Metadata and documentation improvements.

IPCalcCheckSubnetCollision

Metadata and documentation improvements.

DisplayIndicatorReputationContent

Metadata and documentation improvements.

GetIndexOfArrayValue

Metadata and documentation improvements.

ExtFilter

Metadata and documentation improvements.

IPCalcReturnAddressIANAAllocation

Metadata and documentation improvements.

delete_expired_indicator_with_exlusion

Metadata and documentation improvements.

jq

Metadata and documentation improvements.

PHash

Metadata and documentation improvements.

StripAccentMarksFromString

Metadata and documentation improvements.

Related pull requests:
- 39009

Download

1.3.15 - 2429474 (February 11, 2025)

Scripts

VersionLessThan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

VersionGreaterThan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

VersionEqualTo

Updated the Docker image to: demisto/powershell:7.4.6.117357.

CalculateTimeSpan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 38552
- 38543
- 38544
- 38546
- 38547

Download

1.3.14 - 2074399 (January 26, 2025)

Scripts

CreatePlbkDoc

Updated the Docker image to: demisto/sane-doc-reports:1.0.0.2023828.

Related pull requests:
- 38288
- 38283
- 38281
- 38280
- 38279
- 38278
- 38276
- 38275
- 38274
- 38272
- 38271
- 38273
- 38277
- 38282

Download

1.3.13 - 2060535 (January 23, 2025)

Scripts

Defang

Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38065

Download

1.3.12 - 2013343 (January 19, 2025)

Scripts

DeleteIndicators

Code functionality improvements.

Related pull requests:
- 38115

Download

1.3.11 - R1977897 (January 13, 2025)

Scripts

ExtFilter

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38043

Download

1.3.10 - 1950870 (January 8, 2025)

Scripts

CreatePlbkDoc

Documentation and metadata improvements.

Related pull requests:
- 38028

Download

1.3.9 - 1912033 (January 2, 2025)

Scripts

New: DeleteIndicators

New: Delete indicators based on query, values, or IDs.

Related pull requests:
- 37855
- 37892

Download

1.3.8 - 1809308 (December 15, 2024)

Scripts

SSLVerifier

Updated the Docker image to: demisto/python3:3.11.10.115186.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.11.10.115186.

MaxList

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetFields

Updated the Docker image to: demisto/python3:3.11.10.115186.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.11.10.115186.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.11.10.115186.

MapRegex

Updated the Docker image to: demisto/python3:3.11.10.115186.

MinList

Updated the Docker image to: demisto/python3:3.11.10.115186.

CompareList

Updated the Docker image to: demisto/python3:3.11.10.115186.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.11.10.115186.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.11.10.115186.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.11.10.115186.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.11.10.115186.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.11.10.115186.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.11.10.115186.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.11.10.115186.

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.11.10.115186.

BatchData

Updated the Docker image to: demisto/python3:3.11.10.115186.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.11.10.115186.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.11.10.115186.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37567
- 37564
- 37565

Download

1.3.7 - 1780397 (December 9, 2024)

Scripts

MarkdownToHTML

Updated the Docker image to: demisto/bs4-py3:1.0.0.117152.

Related pull requests:
- 37620
- 37619
- 37618
- 37617

Download

1.3.6 - 1748140 (December 4, 2024)

Scripts

ExtFilter

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.11.10.115186.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetAskLinks

Updated the Docker image to: demisto/python3:3.11.10.115186.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.11.10.115186.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.11.10.115186.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.11.10.115186.

redactindicator

Updated the Docker image to: demisto/python3:3.11.10.115186.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

1.3.5 - 1675652 (November 20, 2024)

Scripts

VersionEqualTo

Updated the Docker image to: demisto/powershell:7.4.6.116823.

CalculateTimeSpan

Updated the Docker image to: demisto/powershell:7.4.6.116823.

VersionGreaterThan

Updated the Docker image to: demisto/powershell:7.4.6.116823.

VersionLessThan

Updated the Docker image to: demisto/powershell:7.4.6.116823.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.11.10.116439.

Related pull requests:
- 37271

Download

1.3.3 - 1666862 (November 18, 2024)

Scripts

CalculateTimeSpan

Updated the Docker image to: demisto/powershell:7.4.2.103657.

VersionEqualTo

Updated the Docker image to: demisto/powershell:7.4.2.103657.

VersionGreaterThan

Updated the Docker image to: demisto/powershell:7.4.2.103657.

VersionLessThan

Updated the Docker image to: demisto/powershell:7.4.2.103657.

Related pull requests:
- 37214
- 37193

Download

1.3.2 - 1621428 (November 11, 2024)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.114656.

Related pull requests:
- 37059
- 37052
- 37051

Download

1.3.1 - 1563308 (October 29, 2024)

Scripts

jq

Updated the Docker image to: demisto/jq:1.0.0.113893.

CreatePlbkDoc

Updated the Docker image to: demisto/sane-doc-reports:1.0.0.114696.

PHash

Updated the Docker image to: demisto/python-phash:1.0.0.114718.

Related pull requests:
- 36856
- 36845
- 36844
- 36843
- 36840
- 36837
- 36836
- 36832
- 36842
- 36841
- 36839
- 36838
- 36834
- 36835
- 36833

Download

1.3.0 - 1373264 (September 11, 2024)

Scripts

New: DateTimeToLDAPTime

Added a new script DateTimeToLDAPTime which takes a date/time string and converts it to an LDAP (a.k.a. "Windows NT time format") timestamp.

Related pull requests:
- 36161
- 36251

Download

1.2.7 - 1368468 (September 10, 2024)

Scripts

New: GenerateRandomJSON

Added GenerateRandoJSON automation to this pack.
This automation generates a list of random dictionaries, using Faker Python library. For more information, please visit https://faker.readthedocs.io.

Related pull requests:
- 36209
- 36167

Download

1.2.6 - R1324639 (August 29, 2024)

Scripts

New: Json2HtmlTable

New: Converts JSON objects to HTML tables.

Related pull requests:
- 35758
- 35633

Download

1.2.5 - R1189290 (July 18, 2024)

Scripts

VersionGreaterThan

Updated the Docker image to: demisto/powershell:7.4.0.80528.

CalculateTimeSpan

Updated the Docker image to: demisto/powershell:7.4.0.80528.

VersionEqualTo

Updated the Docker image to: demisto/powershell:7.4.0.80528.

VersionLessThan

Updated the Docker image to: demisto/powershell:7.4.0.80528.

Related pull requests:
- 35346
- 35333
- 35335
- 35334
- 35336

Download

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	January 9, 2023
Last Release	July 16, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.