Community Common Scripts

Details
Content
Dependencies
Version History

Download With Dependencies

A pack that contains community scripts

Pack Contributors:

Mandar Naik
nikstuckenbrock
Lizz Boice
Ali Sawyer

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Pack Contributors:

Mandar Naik
nikstuckenbrock
Lizz Boice
Ali Sawyer

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
RetrievePlaybookDependencies	Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts, Commands not using-brand, and lists for a provided Playbook name. Also accepts inputs for incident types, layouts, incident fields, indicator fields, jobs, mappers, and pre-process rules connected to the parent playbook. Results can be output as an HTML or Markdown list.
GetListDatawithKeyword	This transformer will get list of array elements by providing keyword. List data format [ { "folder": "abc", "username": "test" }, { "folder": "def", "username": "test123" }, { "folder": "ghi", "username": "admin" } ]
IPCalcCheckSubnetCollision	An automation script to return subnet collision result.
GetFilePathPreProcessing	This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. It should be configured as a pre-processing rule, and the logic for finding the right incident should be added to the code manually. The automation collects the paths and names of the attachments of the incoming incident and passes it to the "CreateFileFromPathObject" automation that is being executed on the existing incident.
CalculateTimeSpan	Calculates the time span between two dates using Powershell's `New-TimeSpan` command. A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 Hours : 1 Minutes : 12 Seconds : 19 Milliseconds : 0 Ticks : 8683390000000 TotalDays : 10.0502199074074 TotalHours : 241.205277777778 TotalMinutes : 14472.3166666667 TotalSeconds : 868339 TotalMilliseconds : 868339000
GenerateRandomJSON	Generate a list of random dictionaries, using Faker Python library. For more information, please visit https://faker.readthedocs.io
CreateFileFromPathObject	This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident.
ConvertUTCEpochTimeToTimeStamp	This transformer convert the Epoch or UTC timestamp to desired stamp.
Group	Splits a list into smaller groups (chunks) of a specified size.
BatchData	This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size.
Defang	Defangs IP, Mail and URL address to prevent them from being recognized.
IPCalcReturnSubnetNetwork	An Automation Script to return subnet network ID.
redactindicator	Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>.
MapRegex	This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { "Match 1": ".match 1.", "Match 2": ".match 2.", "Catch all": ".*" } The transformer will match in order of dictionary entries.
GetIndicatorDBotScoreFromContext	Get the final verdict from the DBotScore of the context. Provided that it has all of the latest source verdict, this script gives you the right final verdict.
VersionEqualTo	Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
GetIndexOfArrayValue	This transformer will get an index of an element from an array. ex:["phishing","Malware"], if we provide "Malware" to array_value argument, will get index as 1.
MarkdownToHTML	Converts Markdown to HTML.
DateTimeToADTime	Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet.
RemoveEmptyEvidence	The automation removes evidence based on a query performed on the evidence content, if the provided string is found within the evidence- it will be removed.
CreatePlbkDoc	Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Input2: Format type needed. Table or Paragraph. Paragraph is default. Input3: Name of the docx file that will be produced. Give the full name including the ".docx" extension. (Mandatory) Requirements: This automation requires "Core REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook.
CompareList	Compares two lists.
IPCalcReturnAddressBinary	An automation script to return address in binary format.
VersionGreaterThan	Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
StripAccentMarksFromString	Strip accent marks (diacritics) from a given string. For example: "Niño שָׁלוֹם Montréal اَلسَّلَامُ عَلَيْكُمْ‎" Will return: "Nino שלום Montreal السلام عليكم".
RandomElementFromList	randomly select elements from a list in Python.
delete_expired_indicator_with_exlusion	deletes expired indicators.
FindPlaybookCustomDependencies	Find custom scripts and integration dependencies used inside of playbooks.
IPCalcReturnAddressIANAAllocation	An automation script to return address IANA information.
DisplayTaggedWarroomEntries	Display warroom entries in a dynamic section which are tagged with 'report'.
RandomPhotoNasa	This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data.
DateTimeNowToEpoch	Returns the current datetime as an epoch value for use in timestamp comparisons.
VersionLessThan	Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
IPCalcReturnSubnetBroadcastAddress	An Automation Script to return subnet broadcast address.
RetrievePlaybooksAndIntegrations	Deprecated. Use RetrievePlaybookDependencies instead. Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name
GetFields	Retrieves fields from an object using dot notation.
MinList	Gets the minimum value from list e.g. ["25", "10", "25"] => "10".
InvertEveryTwoItems	This transformer will invert every two items in an array. Example: ["A", "B", "C", "D"] Result: ["B", "A", "D", "C"] If the total of items in the array is an odd number the last item will be removed Example: ["A", "B", "C", "D", "E"] Result: ["B", "A", "D", "C"] If the item is not an array the output will be same passed object.
DeleteIncidentsByQuery	Use this automation to delete incidents using query parameter with the same format as used in incidents search. Core REST API integration instance should be created.
IPCalcReturnSubnetAddresses	An automation script to return subnet addresses.
DateTimeToLDAPTime	Converts the given time to an LDAP timestamp.
isArrayItemInList	This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. inputArray: the context array/list data listName: the XSOAR system list.
CreateEDLInstance	Use this automation to create an EDL instance on XSOAR.
PHash	Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/
MaxList	Gets the maximum value from list e.g. ["25", "10", "25"] => "25".
GetAskLinks	Creates external ask links for the `Ask` task with the given name.
MissingElements	Returns the list of missing elements from an input list of integers. e.g. [12,14,16] -> [13,15].
jq	Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.
GetIndicatorCustomFieldsByQuery	Returns indicator custom fields into the context by the given query.
DeleteIndicators	Delete indicators based on query, values, or IDs.
SSLVerifier	Use this automation to check for validity of your SSL certificate and get the time until expiration.
Json2HtmlTable	Converts JSON objects to HTML tables.
ExtFilter	Advanced Filter. It enables you to make filters with complex conditions.
CreateArrayWithDuplicates	Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc.
DisplayIndicatorReputationContent	Display the indicator context object in markdown format in a dynamic section layout.

Automations

Name	Description
GetIndexOfArrayValue	This transformer will get an index of an element from an array. ex:["phishing","Malware"], if we provide "Malware" to array_value argument, will get index as 1.
RetrievePlaybookDependencies	Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts, Commands not using-brand, and lists for a provided Playbook name. Also accepts inputs for incident types, layouts, incident fields, indicator fields, jobs, mappers, and pre-process rules connected to the parent playbook. Results can be output as an HTML or Markdown list.
MissingElements	Returns the list of missing elements from an input list of integers. e.g. [12,14,16] -> [13,15].
ConvertUTCEpochTimeToTimeStamp	This transformer convert the Epoch or UTC timestamp to desired stamp.
CalculateTimeSpan	Calculates the time span between two dates using Powershell's `New-TimeSpan` command. A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 Hours : 1 Minutes : 12 Seconds : 19 Milliseconds : 0 Ticks : 8683390000000 TotalDays : 10.0502199074074 TotalHours : 241.205277777778 TotalMinutes : 14472.3166666667 TotalSeconds : 868339 TotalMilliseconds : 868339000
DeleteIndicators	Delete indicators based on query, values, or IDs.
VersionGreaterThan	Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
IPCalcReturnSubnetAddresses	An automation script to return subnet addresses.
IPCalcReturnSubnetNetwork	An Automation Script to return subnet network ID.
CompareList	Compares two lists.
DateTimeToADTime	Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet.
CreateEDLInstance	Use this automation to create an EDL instance on XSOAR.
ExtFilter	Advanced Filter. It enables you to make filters with complex conditions.
IPCalcReturnSubnetBroadcastAddress	An Automation Script to return subnet broadcast address.
IPCalcCheckSubnetCollision	An automation script to return subnet collision result.
VersionEqualTo	Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
RetrievePlaybooksAndIntegrations	Deprecated. Use RetrievePlaybookDependencies instead. Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name
FindPlaybookCustomDependencies	Find custom scripts and integration dependencies used inside of playbooks.
PHash	Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/
DateTimeToLDAPTime	Converts the given time to an LDAP timestamp.
SSLVerifier	Use this automation to check for validity of your SSL certificate and get the time until expiration.
Json2HtmlTable	Converts JSON objects to HTML tables.
DisplayIndicatorReputationContent	Display the indicator context object in markdown format in a dynamic section layout.
InvertEveryTwoItems	This transformer will invert every two items in an array. Example: ["A", "B", "C", "D"] Result: ["B", "A", "D", "C"] If the total of items in the array is an odd number the last item will be removed Example: ["A", "B", "C", "D", "E"] Result: ["B", "A", "D", "C"] If the item is not an array the output will be same passed object.
RandomElementFromList	randomly select elements from a list in Python.
MinList	Gets the minimum value from list e.g. ["25", "10", "25"] => "10".
Group	Splits a list into smaller groups (chunks) of a specified size.
delete_expired_indicator_with_exlusion	deletes expired indicators.
GetIndicatorDBotScoreFromContext	Get the final verdict from the DBotScore of the context. Provided that it has all of the latest source verdict, this script gives you the right final verdict.
StripAccentMarksFromString	Strip accent marks (diacritics) from a given string. For example: "Niño שָׁלוֹם Montréal اَلسَّلَامُ عَلَيْكُمْ‎" Will return: "Nino שלום Montreal السلام عليكم".
CreatePlbkDoc	Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Input2: Format type needed. Table or Paragraph. Paragraph is default. Input3: Name of the docx file that will be produced. Give the full name including the ".docx" extension. (Mandatory) Requirements: This automation requires "Core REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook.
GetAskLinks	Creates external ask links for the `Ask` task with the given name.
Defang	Defangs IP, Mail and URL address to prevent them from being recognized.
MarkdownToHTML	Converts Markdown to HTML.
IPCalcReturnAddressBinary	An automation script to return address in binary format.
isArrayItemInList	This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. inputArray: the context array/list data listName: the XSOAR system list.
CreateArrayWithDuplicates	Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc.
DisplayTaggedWarroomEntries	Display warroom entries in a dynamic section which are tagged with 'report'.
GetFields	Retrieves fields from an object using dot notation.
MaxList	Gets the maximum value from list e.g. ["25", "10", "25"] => "25".
RemoveEmptyEvidence	The automation removes evidence based on a query performed on the evidence content, if the provided string is found within the evidence- it will be removed.
redactindicator	Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>.
DateTimeNowToEpoch	Returns the current datetime as an epoch value for use in timestamp comparisons.
DeleteIncidentsByQuery	Use this automation to delete incidents using query parameter with the same format as used in incidents search. Core REST API integration instance should be created.
DeleteAlertsByQuery	Use this automation to delete alerts using query parameter with the same format as used in alerts search. Core REST API integration instance should be created.
GetFilePathPreProcessing	This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. It should be configured as a pre-processing rule, and the logic for finding the right incident should be added to the code manually. The automation collects the paths and names of the attachments of the incoming incident and passes it to the "CreateFileFromPathObject" automation that is being executed on the existing incident.
VersionLessThan	Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
GetListDatawithKeyword	This transformer will get list of array elements by providing keyword. List data format [ { "folder": "abc", "username": "test" }, { "folder": "def", "username": "test123" }, { "folder": "ghi", "username": "admin" } ]
jq	Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.
GenerateRandomJSON	Generate a list of random dictionaries, using Faker Python library. For more information, please visit https://faker.readthedocs.io
IPCalcReturnAddressIANAAllocation	An automation script to return address IANA information.
MapRegex	This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { "Match 1": ".match 1.", "Match 2": ".match 2.", "Catch all": ".*" } The transformer will match in order of dictionary entries.
CreateFileFromPathObject	This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident.
RandomPhotoNasa	This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data.
BatchData	This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size.
GetIndicatorCustomFieldsByQuery	Returns indicator custom fields into the context by the given query.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (4)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.5.2 - 8994397 (May 13, 2026)

Scripts

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.13.8428455.

CompareList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

BatchData

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.13.8428455.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.13.8428455.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.13.8428455.

FindPlaybookCustomDependencies

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.13.8428455.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.13.8428455.

redactindicator

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MinList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.13.8428455.

Defang

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.13.8428455.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MapRegex

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MaxList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.13.8428455.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetFields

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.13.8428455.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MissingElements

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.13.8428455.

Related pull requests:
- 44128

Download

1.5.1 - 8668717 (May 3, 2026)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.8544956.

Related pull requests:
- 44120

Download

1.5.0 - 7657193 (March 13, 2026)

Scripts

New: Group

Added the new Group script that splits a list into smaller groups (chunks) of a specified size.

Related pull requests:
- 43409

Download

1.4.4 - 7448282 (March 5, 2026)

Scripts

CreatePlbkDoc

Documentation and metadata improvements.

Related pull requests:
- 43266
- 43266

Download

1.4.3 - 6238358 (December 11, 2025)

Scripts

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFields

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CompareList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Defang

Updated the Docker image to: demisto/python3:3.12.12.6204436.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FindPlaybookCustomDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MaxList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.12.6204436.

BatchData

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MinList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.12.6204436.

redactindicator

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapRegex

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.12.6204436.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Related pull requests:
- 42247

Download

1.4.2 - 5940029 (November 20, 2025)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.5475267.

Related pull requests:
- 41956

Download

1.4.1 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.4.0 - 5158591 (September 28, 2025)

Scripts

jq

Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.

Related pull requests:
- 41352

Download

1.3.23 - 4901962 (September 16, 2025)

Scripts

CreatePlbkDoc

Updated the Docker image to: demisto/docxpy:1.0.0.4821271.

Related pull requests:
- 41277

Download

1.3.22 - 4847835 (September 11, 2025)

Scripts

MapRegex

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MaxList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.8.3296088.

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.8.3296088.

redactindicator

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CompareList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFields

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Defang

Updated the Docker image to: demisto/python3:3.12.8.3296088.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MinList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.8.3296088.

BatchData

Updated the Docker image to: demisto/python3:3.12.8.3296088.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41193

Download

1.3.21 - 4770511 (September 4, 2025)

Scripts

New: MissingElements

New: Added a new script- MissingElements that Returns the list of missing elements from an input list of integers.
e.g. [12,14,16] -> [13,15]

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

1.3.19 - 4186002 (July 16, 2025)

Scripts

Json2HtmlTable

Fixed a typo in the Json2HtmlTable script tags.

Related pull requests:
- 40614

Download

1.3.18 - R3980324 (June 26, 2025)

Scripts

Json2HtmlTable

Added support for the custom_styling argument to insert custom css styling before the table object.
Added support for the table_attributes argument to add various table attributes. e.g. pass id=”infotable” or class=”bootstrapclass”/data*.
Updated the Docker image to: demisto/py3-tools:1.0.0.3205634.

Related pull requests:
- 40089
- 40198

Download

1.3.17 - R3481649 (May 21, 2025)

Scripts

New: FindPlaybookCustomDependencies

New: Find custom scripts and integration dependencies used inside of playbooks.

Related pull requests:
- 39601
- 39836

Download

1.5.2 - 8994397 (May 13, 2026)

Scripts

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.13.8428455.

CompareList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

BatchData

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.13.8428455.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.13.8428455.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.13.8428455.

FindPlaybookCustomDependencies

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.13.8428455.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.13.8428455.

redactindicator

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MinList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.13.8428455.

Defang

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.13.8428455.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MapRegex

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MaxList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.13.8428455.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetFields

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.13.8428455.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MissingElements

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.13.8428455.

Related pull requests:
- 44128

Download

1.5.1 - 8668717 (May 3, 2026)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.8544956.

Related pull requests:
- 44120

Download

1.5.0 - 7657193 (March 13, 2026)

Scripts

New: Group

Added the new Group script that splits a list into smaller groups (chunks) of a specified size.

Related pull requests:
- 43409

Download

1.4.4 - 7448282 (March 5, 2026)

Scripts

CreatePlbkDoc

Documentation and metadata improvements.

Related pull requests:
- 43266
- 43266

Download

1.4.3 - 6238358 (December 11, 2025)

Scripts

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFields

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CompareList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Defang

Updated the Docker image to: demisto/python3:3.12.12.6204436.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FindPlaybookCustomDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MaxList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.12.6204436.

BatchData

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MinList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.12.6204436.

redactindicator

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapRegex

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.12.6204436.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Related pull requests:
- 42247

Download

1.4.2 - 5940029 (November 20, 2025)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.5475267.

Related pull requests:
- 41956

Download

1.4.1 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.4.0 - 5158591 (September 28, 2025)

Scripts

jq

Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.

Related pull requests:
- 41352

Download

1.3.23 - 4901962 (September 16, 2025)

Scripts

CreatePlbkDoc

Updated the Docker image to: demisto/docxpy:1.0.0.4821271.

Related pull requests:
- 41277

Download

1.3.22 - 4847835 (September 11, 2025)

Scripts

MapRegex

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MaxList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.8.3296088.

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.8.3296088.

redactindicator

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CompareList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFields

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Defang

Updated the Docker image to: demisto/python3:3.12.8.3296088.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MinList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.8.3296088.

BatchData

Updated the Docker image to: demisto/python3:3.12.8.3296088.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41193

Download

1.3.21 - 4761438 (September 4, 2025)

Scripts

New: MissingElements

New: Added a new script- MissingElements that Returns the list of missing elements from an input list of integers.
e.g. [12,14,16] -> [13,15]

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

1.3.19 - 4186002 (July 16, 2025)

Scripts

Json2HtmlTable

Fixed a typo in the Json2HtmlTable script tags.

Related pull requests:
- 40614

Download

1.3.18 - R3980324 (June 26, 2025)

Scripts

Json2HtmlTable

Added support for the custom_styling argument to insert custom css styling before the table object.
Added support for the table_attributes argument to add various table attributes. e.g. pass id=”infotable” or class=”bootstrapclass”/data*.
Updated the Docker image to: demisto/py3-tools:1.0.0.3205634.

Related pull requests:
- 40089
- 40198

Download

1.3.17 - R3481649 (May 21, 2025)

Scripts

New: FindPlaybookCustomDependencies

New: Find custom scripts and integration dependencies used inside of playbooks.

Related pull requests:
- 39601
- 39836

Download

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	January 9, 2023
Last Release	May 13, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.