This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data.
Community Common Scripts
- Details
- Content
- Dependencies
- Version History
A pack that contains community scripts
Name | Description |
---|---|
RandomPhotoNasa | |
delete_expired_indicator_with_exlusion | deletes expired indicators. |
RemoveEmptyEvidence | The automation removes evidence based on a query performed on the evidence content, |
IPCalcReturnSubnetAddresses | An automation script to return subnet addresses |
SSLVerifier | Use this automation to check for validity of your SSL certificate and get the time until expiration. |
RetrievePlaybooksAndIntegrations | Deprecated. Use RetrievePlaybookDependencies instead. Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name |
GetIndicatorDBotScoreFromContext | Get the final verdict from the DBotScore of the context. |
RetrievePlaybookDependencies | Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts, Commands not using-brand, and lists for a provided Playbook name. Also accepts inputs for incident types, layouts, incident fields, indicator fields, jobs, mappers, and pre-process rules connected to the parent playbook. Results can be output as an HTML or Markdown list. |
IPCalcReturnSubnetBroadcastAddress | An Automation Script to return subnet broadcast address |
PHash | Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/ |
VersionLessThan | Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
BatchData | This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size. |
GetIndicatorCustomFieldsByQuery | Returns indicator custom fields into the context by the given query. |
DateTimeNowToEpoch | Returns the current datetime as an epoch value for use in timestamp comparisons. |
GetFields | Retrieves fields from an object using dot notation |
GetListDatawithKeyword | This transformer will get list of array elements by providing keyword. List data format |
IPCalcReturnSubnetNetwork | An Automation Script to return subnet network ID |
jq | Run JQ Query. Check these links: |
ConvertUTCEpochTimeToTimeStamp | This transformer convert the Epoch or UTC timestamp to desired stamp |
MinList | Gets the minimum value from list |
IPCalcReturnAddressIANAAllocation | An automation script to return address IANA information |
DateTimeToADTime | Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet |
CompareList | Compares two lists. |
GetAskLinks | Creates external ask links for the |
MarkdownToHTML | Converts Markdown to HTML. |
VersionEqualTo | Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
isArrayItemInList | This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. |
CreatePlbkDoc | Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Requirements: This automation requires "Core REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook. |
CreateFileFromPathObject | This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident |
CreateArrayWithDuplicates | Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc. |
RandomElementFromList | randomly select elements from a list in Python |
GetFilePathPreProcessing | This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. |
redactindicator | Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>. |
CalculateTimeSpan | Calculates the time span between two dates using Powershell's A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 |
DeleteIncidentsByQuery | Use this automation to delete incidents using query parameter with the same format as used in incidents search. Core REST API integration instance should be created. |
IPCalcReturnAddressBinary | An automation script to return address in binary format |
CreateEDLInstance | Use this automation to create an EDL instance on XSOAR. |
ExtFilter | Advanced Filter. It enables you to make filters with complex conditions. |
IPCalcCheckSubnetCollision | An automation script to return subnet collision result |
VersionGreaterThan | Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
InvertEveryTwoItems | This transformer will invert every two items in an array. If the total of items in the array is an odd number the last item will be removed If the item is not an array the output will be same passed object. |
GetIndexOfArrayValue | This transformer will get an index of an element from an array. |
MapRegex | This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { The transformer will match in order of dictionary entries. |
MaxList | Gets the maximum value from list |
StripAccentMarksFromString | Strip accent marks (diacritics) from a given string. |
DisplayIndicatorReputationContent | Display the indicator context object in markdown format in a dynamic section layout |
DisplayTaggedWarroomEntries | Display warroom entries in a dynamic section which are tagged with 'report' |
Name | Description |
---|---|
SSLVerifier | Use this automation to check for validity of your SSL certificate and get the time until expiration. |
CompareList | Compares two lists. |
VersionGreaterThan | Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
GetListDatawithKeyword | This transformer will get list of array elements by providing keyword. List data format |
RandomElementFromList | randomly select elements from a list in Python |
RandomPhotoNasa | This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data. |
PHash | Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/ |
CreatePlbkDoc | Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Requirements: This automation requires "Core REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook. |
GetFields | Retrieves fields from an object using dot notation |
CalculateTimeSpan | Calculates the time span between two dates using Powershell's A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 |
jq | Run JQ Query. Check these links: |
GetIndexOfArrayValue | This transformer will get an index of an element from an array. |
GetIndicatorDBotScoreFromContext | Get the final verdict from the DBotScore of the context. |
RetrievePlaybookDependencies | Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts, Commands not using-brand, and lists for a provided Playbook name. Also accepts inputs for incident types, layouts, incident fields, indicator fields, jobs, mappers, and pre-process rules connected to the parent playbook. Results can be output as an HTML or Markdown list. |
DeleteIncidentsByQuery | Use this automation to delete incidents using query parameter with the same format as used in incidents search. Core REST API integration instance should be created. |
DeleteAlertsByQuery | Use this automation to delete alerts using query parameter with the same format as used in alerts search. Core REST API integration instance should be created. |
GetFilePathPreProcessing | This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. |
VersionLessThan | Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
DisplayTaggedWarroomEntries | Display warroom entries in a dynamic section which are tagged with 'report' |
MaxList | Gets the maximum value from list |
DateTimeToADTime | Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet |
MapRegex | This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { The transformer will match in order of dictionary entries. |
GetAskLinks | Creates external ask links for the |
MinList | Gets the minimum value from list |
IPCalcReturnSubnetNetwork | An Automation Script to return subnet network ID |
ConvertUTCEpochTimeToTimeStamp | This transformer convert the Epoch or UTC timestamp to desired stamp |
RetrievePlaybooksAndIntegrations | Deprecated. Use RetrievePlaybookDependencies instead. Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name |
CreateFileFromPathObject | This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident |
MarkdownToHTML | Converts Markdown to HTML. |
RemoveEmptyEvidence | The automation removes evidence based on a query performed on the evidence content, |
IPCalcReturnAddressBinary | An automation script to return address in binary format |
redactindicator | Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>. |
ExtFilter | Advanced Filter. It enables you to make filters with complex conditions. |
VersionEqualTo | Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
DisplayIndicatorReputationContent | Display the indicator context object in markdown format in a dynamic section layout |
IPCalcReturnSubnetAddresses | An automation script to return subnet addresses |
CreateArrayWithDuplicates | Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc. |
BatchData | This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size. |
StripAccentMarksFromString | Strip accent marks (diacritics) from a given string. |
delete_expired_indicator_with_exlusion | deletes expired indicators. |
isArrayItemInList | This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. |
IPCalcCheckSubnetCollision | An automation script to return subnet collision result |
IPCalcReturnSubnetBroadcastAddress | An Automation Script to return subnet broadcast address |
DateTimeNowToEpoch | Returns the current datetime as an epoch value for use in timestamp comparisons. |
GetIndicatorCustomFieldsByQuery | Returns indicator custom fields into the context by the given query. |
IPCalcReturnAddressIANAAllocation | An automation script to return address IANA information |
CreateEDLInstance | Use this automation to create an EDL instance on XSOAR. |
InvertEveryTwoItems | This transformer will invert every two items in an array. If the total of items in the array is an odd number the last item will be removed If the item is not an array the output will be same passed object. |
Pack Name | Pack By |
---|---|
Base | By: Cortex XSOAR |
Common Scripts | By: Cortex XSOAR |
Cortex REST API | By: Cortex XSOAR |
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|---|
Common Scripts | By: Cortex XSOAR |
Cortex REST API | By: Cortex XSOAR |
Base | By: Cortex XSOAR |
Scripts
RetrievePlaybookDependencies
- Fixed bug where XSOAR lists in sub playbooks and in complex script arguments were not included in final results
- Added HTML list documentation as alternative to markdown
- Added optional arguments to build full documentation string within the automation
- Previously those values had to be added manually
- New arguments:
- incident_types
- layouts
- incident_fields
- indicator_fields
- jobs
- mappers
- pre_process_rules
- Clarified documentation and argument descriptions
- Updated the Docker image to: demisto/python3:3.10.13.86272.
- 32564
- 32699
Download
Scripts
New: GetListDatawithKeyword
- This transformer will get list of array elements by providing keyword
[
{
"folder": "abc",
"username": "test"
},
{
"folder": "def",
"username": "test123"
},
{
"folder": "ghi",
"username": "admin"
}
] (Available from Cortex XSOAR 6.8.0).
New: GetIndexOfArrayValue
- This transformer will get an index of an element from an array.
ex:["phishing","Malware"], if we provide "Malware" to array_value argument, will get index as 1. (Available from Cortex XSOAR 6.8.0).
- 32273
- 32127
Download
Scripts
RemoveEmptyEvidence
- Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
- Updated the Docker image to: demisto/python3:3.10.13.83255.
CreatePlbkDoc
- Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
- Updated the Docker image to: demisto/sane-doc-reports:1.0.0.82656.
RetrievePlaybooksAndIntegrations
- Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
CreateEDLInstance
- Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
- Updated the Docker image to: demisto/python3:3.10.13.83255.
RetrievePlaybookDependencies
- Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
- Updated the Docker image to: demisto/python3:3.10.13.83255.
DeleteIncidentsByQuery
- Deprecated demisto-delete-incidents command and replaced with the core-delete-incidents command. (Commands are identical, no effect is expected)
- Updated the Docker image to: demisto/python3:3.10.13.83255.
- 31388
Download
Scripts
ExtFilter
- Updated the Docker image to: demisto/python3:3.10.13.78960.
RetrievePlaybooksAndIntegrations
- Deprecated. Use RetrievePlaybookDependencies instead.
New: RetrievePlaybookDependencies
- New: Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts and Commands (not using-brand), and lists for a provided Playbook name. (Available from Cortex XSOAR 6.8.0).
- 30357
- 29645
Download
Scripts
GetFilePathPreProcessing
- Updated the Docker image to: demisto/python3:3.10.12.63474.
RandomElementFromList
- Updated the Docker image to: demisto/python3:3.10.12.63474.
IPCalcReturnAddressIANAAllocation
- Updated the Docker image to: demisto/python3:3.10.12.63474.
IPCalcReturnSubnetAddresses
- Updated the Docker image to: demisto/python3:3.10.12.63474.
IPCalcReturnSubnetBroadcastAddress
- Updated the Docker image to: demisto/python3:3.10.12.63474.
isArrayItemInList
- Updated the Docker image to: demisto/python3:3.10.12.63474.
GetFields
- Updated the Docker image to: demisto/python3:3.10.12.63474.
MapRegex
- Updated the Docker image to: demisto/python3:3.10.12.63474.
InvertEveryTwoItems
- Updated the Docker image to: demisto/python3:3.10.12.63474.
BatchData
- Updated the Docker image to: demisto/python3:3.10.12.63474.
DisplayIndicatorReputationContent
- Updated the Docker image to: demisto/python3:3.10.12.63474.
RetrievePlaybooksAndIntegrations
- Updated the Docker image to: demisto/python3:3.10.12.63474.
redactindicator
- Updated the Docker image to: demisto/python3:3.10.12.63474.
SSLVerifier
- Updated the Docker image to: demisto/python3:3.10.12.63474.
RemoveEmptyEvidence
- Updated the Docker image to: demisto/python3:3.10.12.63474.
CreateFileFromPathObject
- Updated the Docker image to: demisto/python3:3.10.12.63474.
CompareList
- Updated the Docker image to: demisto/python3:3.10.12.63474.
DeleteIncidentsByQuery
- Updated the Docker image to: demisto/python3:3.10.12.63474.
DisplayTaggedWarroomEntries
- Updated the Docker image to: demisto/python3:3.10.12.63474.
IPCalcReturnSubnetNetwork
- Updated the Docker image to: demisto/python3:3.10.12.63474.
CreateArrayWithDuplicates
- Updated the Docker image to: demisto/python3:3.10.12.63474.
RandomPhotoNasa
- Updated the Docker image to: demisto/python3:3.10.12.63474.
IPCalcReturnAddressBinary
- Updated the Docker image to: demisto/python3:3.10.12.63474.
MaxList
- Updated the Docker image to: demisto/python3:3.10.12.63474.
DateTimeToADTime
- Updated the Docker image to: demisto/python3:3.10.12.63474.
CreateEDLInstance
- Updated the Docker image to: demisto/python3:3.10.12.63474.
MinList
- Updated the Docker image to: demisto/python3:3.10.12.63474.
IPCalcCheckSubnetCollision
- Updated the Docker image to: demisto/python3:3.10.12.63474.
ConvertUTCEpochTimeToTimeStamp
- Updated the Docker image to: demisto/python3:3.10.12.63474.
StripAccentMarksFromString
- Updated the Docker image to: demisto/python3:3.10.12.63474.
- 28251
Download
Scripts
New: CreateArrayWithDuplicates
- Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc.
- 24832
- 24964
Download
PUBLISHER
PLATFORMS
INFO
Supported By | Community | |
Created | January 9, 2023 | |
Last Release | February 12, 2024 |