Community Common Scripts

Details
Content
Dependencies
Version History

Download With Dependencies

A pack that contains community scripts

Pack Contributors:

Mandar Naik
nikstuckenbrock
Lizz Boice
Ali Sawyer

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Pack Contributors:

Mandar Naik
nikstuckenbrock
Lizz Boice
Ali Sawyer

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
RemoveEmptyEvidence	The automation removes evidence based on a query performed on the evidence content, if the provided string is found within the evidence- it will be removed.
GetIndexOfArrayValue	This transformer will get an index of an element from an array. ex:["phishing","Malware"], if we provide "Malware" to array_value argument, will get index as 1.
InvertEveryTwoItems	This transformer will invert every two items in an array. Example: ["A", "B", "C", "D"] Result: ["B", "A", "D", "C"] If the total of items in the array is an odd number the last item will be removed Example: ["A", "B", "C", "D", "E"] Result: ["B", "A", "D", "C"] If the item is not an array the output will be same passed object.
IPCalcReturnAddressIANAAllocation	An automation script to return address IANA information.
MaxList	Gets the maximum value from list e.g. ["25", "10", "25"] => "25".
CreateEDLInstance	Use this automation to create an EDL instance on XSOAR.
Json2HtmlTable	Converts JSON objects to HTML tables.
StripAccentMarksFromString	Strip accent marks (diacritics) from a given string. For example: "Niño שָׁלוֹם Montréal اَلسَّلَامُ عَلَيْكُمْ‎" Will return: "Nino שלום Montreal السلام عليكم".
VersionEqualTo	Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
DeleteIndicators	Delete indicators based on query, values, or IDs.
DisplayIndicatorReputationContent	Display the indicator context object in markdown format in a dynamic section layout.
IPCalcReturnSubnetNetwork	An Automation Script to return subnet network ID.
CreateArrayWithDuplicates	Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc.
redactindicator	Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>.
IPCalcReturnAddressBinary	An automation script to return address in binary format.
RetrievePlaybookDependencies	Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts, Commands not using-brand, and lists for a provided Playbook name. Also accepts inputs for incident types, layouts, incident fields, indicator fields, jobs, mappers, and pre-process rules connected to the parent playbook. Results can be output as an HTML or Markdown list.
ConvertUTCEpochTimeToTimeStamp	This transformer convert the Epoch or UTC timestamp to desired stamp.
GetFilePathPreProcessing	This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. It should be configured as a pre-processing rule, and the logic for finding the right incident should be added to the code manually. The automation collects the paths and names of the attachments of the incoming incident and passes it to the "CreateFileFromPathObject" automation that is being executed on the existing incident.
MapRegex	This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { "Match 1": ".match 1.", "Match 2": ".match 2.", "Catch all": ".*" } The transformer will match in order of dictionary entries.
MissingElements	Returns the list of missing elements from an input list of integers. e.g. [12,14,16] -> [13,15].
RetrievePlaybooksAndIntegrations	Deprecated. Use RetrievePlaybookDependencies instead. Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name
CreatePlbkDoc	Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Input2: Format type needed. Table or Paragraph. Paragraph is default. Input3: Name of the docx file that will be produced. Give the full name including the ".docx" extension. (Mandatory) Requirements: This automation requires "Core REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook.
Defang	Defangs IP, Mail and URL address to prevent them from being recognized.
GetFields	Retrieves fields from an object using dot notation.
GetIndicatorCustomFieldsByQuery	Returns indicator custom fields into the context by the given query.
CompareList	Compares two lists.
DisplayTaggedWarroomEntries	Display warroom entries in a dynamic section which are tagged with 'report'.
DateTimeToADTime	Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet.
GetIndicatorDBotScoreFromContext	Get the final verdict from the DBotScore of the context. Provided that it has all of the latest source verdict, this script gives you the right final verdict.
DeleteIncidentsByQuery	Use this automation to delete incidents using query parameter with the same format as used in incidents search. Core REST API integration instance should be created.
GetListDatawithKeyword	This transformer will get list of array elements by providing keyword. List data format [ { "folder": "abc", "username": "test" }, { "folder": "def", "username": "test123" }, { "folder": "ghi", "username": "admin" } ]
VersionGreaterThan	Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
DateTimeToLDAPTime	Converts the given time to an LDAP timestamp.
FindPlaybookCustomDependencies	Find custom scripts and integration dependencies used inside of playbooks.
GetAskLinks	Creates external ask links for the `Ask` task with the given name.
isArrayItemInList	This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. inputArray: the context array/list data listName: the XSOAR system list.
CalculateTimeSpan	Calculates the time span between two dates using Powershell's `New-TimeSpan` command. A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 Hours : 1 Minutes : 12 Seconds : 19 Milliseconds : 0 Ticks : 8683390000000 TotalDays : 10.0502199074074 TotalHours : 241.205277777778 TotalMinutes : 14472.3166666667 TotalSeconds : 868339 TotalMilliseconds : 868339000
delete_expired_indicator_with_exlusion	deletes expired indicators.
SSLVerifier	Use this automation to check for validity of your SSL certificate and get the time until expiration.
RandomElementFromList	randomly select elements from a list in Python.
IPCalcCheckSubnetCollision	An automation script to return subnet collision result.
DateTimeNowToEpoch	Returns the current datetime as an epoch value for use in timestamp comparisons.
IPCalcReturnSubnetBroadcastAddress	An Automation Script to return subnet broadcast address.
RandomPhotoNasa	This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data.
VersionLessThan	Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
ExtFilter	Advanced Filter. It enables you to make filters with complex conditions.
GenerateRandomJSON	Generate a list of random dictionaries, using Faker Python library. For more information, please visit https://faker.readthedocs.io
PHash	Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/
MinList	Gets the minimum value from list e.g. ["25", "10", "25"] => "10".
jq	Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.
CreateFileFromPathObject	This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident.
MarkdownToHTML	Converts Markdown to HTML.
IPCalcReturnSubnetAddresses	An automation script to return subnet addresses.
BatchData	This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size.

Automations

Name	Description
PHash	Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/
BatchData	This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size.
GetFilePathPreProcessing	This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. It should be configured as a pre-processing rule, and the logic for finding the right incident should be added to the code manually. The automation collects the paths and names of the attachments of the incoming incident and passes it to the "CreateFileFromPathObject" automation that is being executed on the existing incident.
DeleteIncidentsByQuery	Use this automation to delete incidents using query parameter with the same format as used in incidents search. Core REST API integration instance should be created.
DeleteAlertsByQuery	Use this automation to delete alerts using query parameter with the same format as used in alerts search. Core REST API integration instance should be created.
DisplayIndicatorReputationContent	Display the indicator context object in markdown format in a dynamic section layout.
jq	Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.
IPCalcReturnAddressIANAAllocation	An automation script to return address IANA information.
CreateArrayWithDuplicates	Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc.
MapRegex	This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { "Match 1": ".match 1.", "Match 2": ".match 2.", "Catch all": ".*" } The transformer will match in order of dictionary entries.
GetAskLinks	Creates external ask links for the `Ask` task with the given name.
CreateEDLInstance	Use this automation to create an EDL instance on XSOAR.
IPCalcReturnSubnetBroadcastAddress	An Automation Script to return subnet broadcast address.
VersionLessThan	Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
GenerateRandomJSON	Generate a list of random dictionaries, using Faker Python library. For more information, please visit https://faker.readthedocs.io
IPCalcReturnAddressBinary	An automation script to return address in binary format.
ExtFilter	Advanced Filter. It enables you to make filters with complex conditions.
RandomPhotoNasa	This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data.
CreateFileFromPathObject	This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident.
MissingElements	Returns the list of missing elements from an input list of integers. e.g. [12,14,16] -> [13,15].
MaxList	Gets the maximum value from list e.g. ["25", "10", "25"] => "25".
StripAccentMarksFromString	Strip accent marks (diacritics) from a given string. For example: "Niño שָׁלוֹם Montréal اَلسَّلَامُ عَلَيْكُمْ‎" Will return: "Nino שלום Montreal السلام عليكم".
IPCalcCheckSubnetCollision	An automation script to return subnet collision result.
CreatePlbkDoc	Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Input2: Format type needed. Table or Paragraph. Paragraph is default. Input3: Name of the docx file that will be produced. Give the full name including the ".docx" extension. (Mandatory) Requirements: This automation requires "Core REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook.
DisplayTaggedWarroomEntries	Display warroom entries in a dynamic section which are tagged with 'report'.
MinList	Gets the minimum value from list e.g. ["25", "10", "25"] => "10".
VersionGreaterThan	Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
SSLVerifier	Use this automation to check for validity of your SSL certificate and get the time until expiration.
FindPlaybookCustomDependencies	Find custom scripts and integration dependencies used inside of playbooks.
IPCalcReturnSubnetNetwork	An Automation Script to return subnet network ID.
GetIndicatorCustomFieldsByQuery	Returns indicator custom fields into the context by the given query.
DateTimeNowToEpoch	Returns the current datetime as an epoch value for use in timestamp comparisons.
GetIndexOfArrayValue	This transformer will get an index of an element from an array. ex:["phishing","Malware"], if we provide "Malware" to array_value argument, will get index as 1.
RemoveEmptyEvidence	The automation removes evidence based on a query performed on the evidence content, if the provided string is found within the evidence- it will be removed.
CompareList	Compares two lists.
CalculateTimeSpan	Calculates the time span between two dates using Powershell's `New-TimeSpan` command. A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 Hours : 1 Minutes : 12 Seconds : 19 Milliseconds : 0 Ticks : 8683390000000 TotalDays : 10.0502199074074 TotalHours : 241.205277777778 TotalMinutes : 14472.3166666667 TotalSeconds : 868339 TotalMilliseconds : 868339000
RandomElementFromList	randomly select elements from a list in Python.
DateTimeToLDAPTime	Converts the given time to an LDAP timestamp.
DateTimeToADTime	Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet.
redactindicator	Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>.
GetFields	Retrieves fields from an object using dot notation.
InvertEveryTwoItems	This transformer will invert every two items in an array. Example: ["A", "B", "C", "D"] Result: ["B", "A", "D", "C"] If the total of items in the array is an odd number the last item will be removed Example: ["A", "B", "C", "D", "E"] Result: ["B", "A", "D", "C"] If the item is not an array the output will be same passed object.
delete_expired_indicator_with_exlusion	deletes expired indicators.
Defang	Defangs IP, Mail and URL address to prevent them from being recognized.
MarkdownToHTML	Converts Markdown to HTML.
ConvertUTCEpochTimeToTimeStamp	This transformer convert the Epoch or UTC timestamp to desired stamp.
RetrievePlaybooksAndIntegrations	Deprecated. Use RetrievePlaybookDependencies instead. Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name
isArrayItemInList	This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. inputArray: the context array/list data listName: the XSOAR system list.
IPCalcReturnSubnetAddresses	An automation script to return subnet addresses.
VersionEqualTo	Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
RetrievePlaybookDependencies	Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts, Commands not using-brand, and lists for a provided Playbook name. Also accepts inputs for incident types, layouts, incident fields, indicator fields, jobs, mappers, and pre-process rules connected to the parent playbook. Results can be output as an HTML or Markdown list.
GetIndicatorDBotScoreFromContext	Get the final verdict from the DBotScore of the context. Provided that it has all of the latest source verdict, this script gives you the right final verdict.
DeleteIndicators	Delete indicators based on query, values, or IDs.
GetListDatawithKeyword	This transformer will get list of array elements by providing keyword. List data format [ { "folder": "abc", "username": "test" }, { "folder": "def", "username": "test123" }, { "folder": "ghi", "username": "admin" } ]
Json2HtmlTable	Converts JSON objects to HTML tables.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (4)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

1.4.3 - 6238358 (December 11, 2025)

Scripts

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFields

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CompareList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Defang

Updated the Docker image to: demisto/python3:3.12.12.6204436.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FindPlaybookCustomDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MaxList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.12.6204436.

BatchData

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MinList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.12.6204436.

redactindicator

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapRegex

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.12.6204436.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Related pull requests:
- 42247

Download

1.4.2 - 5940029 (November 20, 2025)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.5475267.

Related pull requests:
- 41956

Download

1.4.1 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.4.0 - 5158591 (September 28, 2025)

Scripts

jq

Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.

Related pull requests:
- 41352

Download

1.3.23 - 4901962 (September 16, 2025)

Scripts

CreatePlbkDoc

Updated the Docker image to: demisto/docxpy:1.0.0.4821271.

Related pull requests:
- 41277

Download

1.3.22 - 4847835 (September 11, 2025)

Scripts

MapRegex

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MaxList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.8.3296088.

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.8.3296088.

redactindicator

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CompareList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFields

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Defang

Updated the Docker image to: demisto/python3:3.12.8.3296088.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MinList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.8.3296088.

BatchData

Updated the Docker image to: demisto/python3:3.12.8.3296088.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41193

Download

1.3.21 - 4770511 (September 4, 2025)

Scripts

New: MissingElements

New: Added a new script- MissingElements that Returns the list of missing elements from an input list of integers.
e.g. [12,14,16] -> [13,15]

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

1.3.19 - 4186002 (July 16, 2025)

Scripts

Json2HtmlTable

Fixed a typo in the Json2HtmlTable script tags.

Related pull requests:
- 40614

Download

1.3.18 - R3980324 (June 26, 2025)

Scripts

Json2HtmlTable

Added support for the custom_styling argument to insert custom css styling before the table object.
Added support for the table_attributes argument to add various table attributes. e.g. pass id=”infotable” or class=”bootstrapclass”/data*.
Updated the Docker image to: demisto/py3-tools:1.0.0.3205634.

Related pull requests:
- 40089
- 40198

Download

1.3.17 - R3481649 (May 21, 2025)

Scripts

New: FindPlaybookCustomDependencies

New: Find custom scripts and integration dependencies used inside of playbooks.

Related pull requests:
- 39601
- 39836

Download

1.3.16 - R2988287 (March 26, 2025)

Scripts

MaxList

Metadata and documentation improvements.

IPCalcReturnSubnetAddresses

Metadata and documentation improvements.

SSLVerifier

Metadata and documentation improvements.

redactindicator

Metadata and documentation improvements.

MinList

Metadata and documentation improvements.

GetListDatawithKeyword

Metadata and documentation improvements.

CreatePlbkDoc

Metadata and documentation improvements.

CreateArrayWithDuplicates

Metadata and documentation improvements.

BatchData

Metadata and documentation improvements.

IPCalcReturnSubnetNetwork

Metadata and documentation improvements.

RandomElementFromList

Metadata and documentation improvements.

GetFields

Metadata and documentation improvements.

RetrievePlaybookDependencies

Metadata and documentation improvements.

MapRegex

Metadata and documentation improvements.

DisplayTaggedWarroomEntries

Metadata and documentation improvements.

CompareList

Metadata and documentation improvements.

isArrayItemInList

Metadata and documentation improvements.

DeleteIndicators

Metadata and documentation improvements.

IPCalcReturnAddressBinary

Metadata and documentation improvements.

DateTimeToADTime

Metadata and documentation improvements.

IPCalcReturnSubnetBroadcastAddress

Metadata and documentation improvements.

CreateEDLInstance

Metadata and documentation improvements.

RandomPhotoNasa

Metadata and documentation improvements.

GetAskLinks

Metadata and documentation improvements.

ConvertUTCEpochTimeToTimeStamp

Metadata and documentation improvements.

Defang

Metadata and documentation improvements.

GetIndicatorCustomFieldsByQuery

Metadata and documentation improvements.

GetIndicatorDBotScoreFromContext

Metadata and documentation improvements.

GetFilePathPreProcessing

Metadata and documentation improvements.

Json2HtmlTable

Metadata and documentation improvements.

MarkdownToHTML

Metadata and documentation improvements.

DateTimeNowToEpoch

Metadata and documentation improvements.

CreateFileFromPathObject

Metadata and documentation improvements.

DeleteIncidentsByQuery

Metadata and documentation improvements.

GenerateRandomJSON

Metadata and documentation improvements.

DateTimeToLDAPTime

Metadata and documentation improvements.

IPCalcCheckSubnetCollision

Metadata and documentation improvements.

DisplayIndicatorReputationContent

Metadata and documentation improvements.

GetIndexOfArrayValue

Metadata and documentation improvements.

ExtFilter

Metadata and documentation improvements.

IPCalcReturnAddressIANAAllocation

Metadata and documentation improvements.

delete_expired_indicator_with_exlusion

Metadata and documentation improvements.

jq

Metadata and documentation improvements.

PHash

Metadata and documentation improvements.

StripAccentMarksFromString

Metadata and documentation improvements.

Related pull requests:
- 39009

Download

1.3.15 - 2395597 (February 10, 2025)

Scripts

VersionLessThan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

VersionGreaterThan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

VersionEqualTo

Updated the Docker image to: demisto/powershell:7.4.6.117357.

CalculateTimeSpan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 38552
- 38543
- 38544
- 38546
- 38547

Download

1.3.14 - 2074399 (January 26, 2025)

Scripts

CreatePlbkDoc

Updated the Docker image to: demisto/sane-doc-reports:1.0.0.2023828.

Related pull requests:
- 38288
- 38283
- 38281
- 38280
- 38279
- 38278
- 38276
- 38275
- 38274
- 38272
- 38271
- 38273
- 38277
- 38282

Download

1.3.13 - 2060535 (January 23, 2025)

Scripts

Defang

Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38065

Download

1.3.12 - 2013343 (January 19, 2025)

Scripts

DeleteIndicators

Code functionality improvements.

Related pull requests:
- 38115

Download

1.3.11 - R1977897 (January 13, 2025)

Scripts

ExtFilter

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38043

Download

1.3.10 - 1950870 (January 8, 2025)

Scripts

CreatePlbkDoc

Documentation and metadata improvements.

Related pull requests:
- 38028

Download

1.4.3 - 6238358 (December 11, 2025)

Scripts

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFields

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CompareList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Defang

Updated the Docker image to: demisto/python3:3.12.12.6204436.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FindPlaybookCustomDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MaxList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.12.6204436.

BatchData

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MinList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.12.6204436.

redactindicator

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapRegex

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.12.6204436.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Related pull requests:
- 42247

Download

1.4.2 - 5940029 (November 20, 2025)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.5475267.

Related pull requests:
- 41956

Download

1.4.1 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.4.0 - 5158591 (September 28, 2025)

Scripts

jq

Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.

Related pull requests:
- 41352

Download

1.3.23 - 4901962 (September 16, 2025)

Scripts

CreatePlbkDoc

Updated the Docker image to: demisto/docxpy:1.0.0.4821271.

Related pull requests:
- 41277

Download

1.3.22 - 4847835 (September 11, 2025)

Scripts

MapRegex

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MaxList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.8.3296088.

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.8.3296088.

redactindicator

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CompareList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFields

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Defang

Updated the Docker image to: demisto/python3:3.12.8.3296088.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MinList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.8.3296088.

BatchData

Updated the Docker image to: demisto/python3:3.12.8.3296088.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41193

Download

1.3.21 - 4761438 (September 4, 2025)

Scripts

New: MissingElements

New: Added a new script- MissingElements that Returns the list of missing elements from an input list of integers.
e.g. [12,14,16] -> [13,15]

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

1.3.19 - 4186002 (July 16, 2025)

Scripts

Json2HtmlTable

Fixed a typo in the Json2HtmlTable script tags.

Related pull requests:
- 40614

Download

1.3.18 - R3980324 (June 26, 2025)

Scripts

Json2HtmlTable

Added support for the custom_styling argument to insert custom css styling before the table object.
Added support for the table_attributes argument to add various table attributes. e.g. pass id=”infotable” or class=”bootstrapclass”/data*.
Updated the Docker image to: demisto/py3-tools:1.0.0.3205634.

Related pull requests:
- 40089
- 40198

Download

1.3.17 - R3481649 (May 21, 2025)

Scripts

New: FindPlaybookCustomDependencies

New: Find custom scripts and integration dependencies used inside of playbooks.

Related pull requests:
- 39601
- 39836

Download

1.3.16 - R2988287 (March 26, 2025)

Scripts

MaxList

Metadata and documentation improvements.

IPCalcReturnSubnetAddresses

Metadata and documentation improvements.

SSLVerifier

Metadata and documentation improvements.

redactindicator

Metadata and documentation improvements.

MinList

Metadata and documentation improvements.

GetListDatawithKeyword

Metadata and documentation improvements.

CreatePlbkDoc

Metadata and documentation improvements.

CreateArrayWithDuplicates

Metadata and documentation improvements.

BatchData

Metadata and documentation improvements.

IPCalcReturnSubnetNetwork

Metadata and documentation improvements.

RandomElementFromList

Metadata and documentation improvements.

GetFields

Metadata and documentation improvements.

RetrievePlaybookDependencies

Metadata and documentation improvements.

MapRegex

Metadata and documentation improvements.

DisplayTaggedWarroomEntries

Metadata and documentation improvements.

CompareList

Metadata and documentation improvements.

isArrayItemInList

Metadata and documentation improvements.

DeleteIndicators

Metadata and documentation improvements.

IPCalcReturnAddressBinary

Metadata and documentation improvements.

DateTimeToADTime

Metadata and documentation improvements.

IPCalcReturnSubnetBroadcastAddress

Metadata and documentation improvements.

CreateEDLInstance

Metadata and documentation improvements.

RandomPhotoNasa

Metadata and documentation improvements.

GetAskLinks

Metadata and documentation improvements.

ConvertUTCEpochTimeToTimeStamp

Metadata and documentation improvements.

Defang

Metadata and documentation improvements.

GetIndicatorCustomFieldsByQuery

Metadata and documentation improvements.

GetIndicatorDBotScoreFromContext

Metadata and documentation improvements.

GetFilePathPreProcessing

Metadata and documentation improvements.

Json2HtmlTable

Metadata and documentation improvements.

MarkdownToHTML

Metadata and documentation improvements.

DateTimeNowToEpoch

Metadata and documentation improvements.

CreateFileFromPathObject

Metadata and documentation improvements.

DeleteIncidentsByQuery

Metadata and documentation improvements.

GenerateRandomJSON

Metadata and documentation improvements.

DateTimeToLDAPTime

Metadata and documentation improvements.

IPCalcCheckSubnetCollision

Metadata and documentation improvements.

DisplayIndicatorReputationContent

Metadata and documentation improvements.

GetIndexOfArrayValue

Metadata and documentation improvements.

ExtFilter

Metadata and documentation improvements.

IPCalcReturnAddressIANAAllocation

Metadata and documentation improvements.

delete_expired_indicator_with_exlusion

Metadata and documentation improvements.

jq

Metadata and documentation improvements.

PHash

Metadata and documentation improvements.

StripAccentMarksFromString

Metadata and documentation improvements.

Related pull requests:
- 39009

Download

1.3.15 - 2429474 (February 11, 2025)

Scripts

VersionLessThan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

VersionGreaterThan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

VersionEqualTo

Updated the Docker image to: demisto/powershell:7.4.6.117357.

CalculateTimeSpan

Updated the Docker image to: demisto/powershell:7.4.6.117357.

Related pull requests:
- 38552
- 38543
- 38544
- 38546
- 38547

Download

1.3.14 - 2074399 (January 26, 2025)

Scripts

CreatePlbkDoc

Updated the Docker image to: demisto/sane-doc-reports:1.0.0.2023828.

Related pull requests:
- 38288
- 38283
- 38281
- 38280
- 38279
- 38278
- 38276
- 38275
- 38274
- 38272
- 38271
- 38273
- 38277
- 38282

Download

1.3.13 - 2060535 (January 23, 2025)

Scripts

Defang

Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38065

Download

1.3.12 - 2013343 (January 19, 2025)

Scripts

DeleteIndicators

Code functionality improvements.

Related pull requests:
- 38115

Download

1.3.11 - R1977897 (January 13, 2025)

Scripts

ExtFilter

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38043

Download

1.3.10 - 1950870 (January 8, 2025)

Scripts

CreatePlbkDoc

Documentation and metadata improvements.

Related pull requests:
- 38028

Download

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	January 9, 2023
Last Release	December 11, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.