Community Common Scripts

Details
Content
Dependencies
Version History

Download With Dependencies

A pack that contains community scripts

Pack Contributors:

Mandar Naik
nikstuckenbrock
Lizz Boice
Ali Sawyer

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Pack Contributors:

Mandar Naik
nikstuckenbrock
Lizz Boice
Ali Sawyer

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
RandomElementFromList	randomly select elements from a list in Python.
GetIndicatorCustomFieldsByQuery	Returns indicator custom fields into the context by the given query.
RetrievePlaybooksAndIntegrations	Deprecated. Use RetrievePlaybookDependencies instead. Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name
Json2HtmlTable	Converts JSON objects to HTML tables.
PHash	Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/
StripAccentMarksFromString	Strip accent marks (diacritics) from a given string. For example: "Niño שָׁלוֹם Montréal اَلسَّلَامُ عَلَيْكُمْ‎" Will return: "Nino שלום Montreal السلام عليكم".
IPCalcReturnSubnetNetwork	An Automation Script to return subnet network ID.
RemoveEmptyEvidence	The automation removes evidence based on a query performed on the evidence content, if the provided string is found within the evidence- it will be removed.
GetFields	Retrieves fields from an object using dot notation.
MarkdownToHTML	Converts Markdown to HTML.
DisplayIndicatorReputationContent	Display the indicator context object in markdown format in a dynamic section layout.
DeleteIncidentsByQuery	Use this automation to delete incidents using query parameter with the same format as used in incidents search. Core REST API integration instance should be created.
GetAskLinks	Creates external ask links for the `Ask` task with the given name.
MaxList	Gets the maximum value from list e.g. ["25", "10", "25"] => "25".
MissingElements	Returns the list of missing elements from an input list of integers. e.g. [12,14,16] -> [13,15].
isArrayItemInList	This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. inputArray: the context array/list data listName: the XSOAR system list.
CalculateTimeSpan	Calculates the time span between two dates using Powershell's `New-TimeSpan` command. A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 Hours : 1 Minutes : 12 Seconds : 19 Milliseconds : 0 Ticks : 8683390000000 TotalDays : 10.0502199074074 TotalHours : 241.205277777778 TotalMinutes : 14472.3166666667 TotalSeconds : 868339 TotalMilliseconds : 868339000
Defang	Defangs IP, Mail and URL address to prevent them from being recognized.
DateTimeNowToEpoch	Returns the current datetime as an epoch value for use in timestamp comparisons.
GetFilePathPreProcessing	This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. It should be configured as a pre-processing rule, and the logic for finding the right incident should be added to the code manually. The automation collects the paths and names of the attachments of the incoming incident and passes it to the "CreateFileFromPathObject" automation that is being executed on the existing incident.
MapRegex	This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { "Match 1": ".match 1.", "Match 2": ".match 2.", "Catch all": ".*" } The transformer will match in order of dictionary entries.
VersionEqualTo	Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
InvertEveryTwoItems	This transformer will invert every two items in an array. Example: ["A", "B", "C", "D"] Result: ["B", "A", "D", "C"] If the total of items in the array is an odd number the last item will be removed Example: ["A", "B", "C", "D", "E"] Result: ["B", "A", "D", "C"] If the item is not an array the output will be same passed object.
redactindicator	Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>.
ConvertUTCEpochTimeToTimeStamp	This transformer convert the Epoch or UTC timestamp to desired stamp.
IPCalcReturnSubnetAddresses	An automation script to return subnet addresses.
jq	Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.
DisplayTaggedWarroomEntries	Display warroom entries in a dynamic section which are tagged with 'report'.
GetIndicatorDBotScoreFromContext	Get the final verdict from the DBotScore of the context. Provided that it has all of the latest source verdict, this script gives you the right final verdict.
CreateEDLInstance	Use this automation to create an EDL instance on XSOAR.
CreatePlbkDoc	Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Input2: Format type needed. Table or Paragraph. Paragraph is default. Input3: Name of the docx file that will be produced. Give the full name including the ".docx" extension. (Mandatory) Requirements: This automation requires "Core REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook.
ExtFilter	Advanced Filter. It enables you to make filters with complex conditions.
GetListDatawithKeyword	This transformer will get list of array elements by providing keyword. List data format [ { "folder": "abc", "username": "test" }, { "folder": "def", "username": "test123" }, { "folder": "ghi", "username": "admin" } ]
Group	Splits a list into smaller groups (chunks) of a specified size.
GetIndexOfArrayValue	This transformer will get an index of an element from an array. ex:["phishing","Malware"], if we provide "Malware" to array_value argument, will get index as 1.
IPCalcReturnSubnetBroadcastAddress	An Automation Script to return subnet broadcast address.
DateTimeToLDAPTime	Converts the given time to an LDAP timestamp.
delete_expired_indicator_with_exlusion	deletes expired indicators.
FindPlaybookCustomDependencies	Find custom scripts and integration dependencies used inside of playbooks.
DeleteIndicators	Delete indicators based on query, values, or IDs.
CompareList	Compares two lists.
CreateArrayWithDuplicates	Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc.
GenerateRandomJSON	Generate a list of random dictionaries, using Faker Python library. For more information, please visit https://faker.readthedocs.io
VersionLessThan	Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
VersionGreaterThan	Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
IPCalcCheckSubnetCollision	An automation script to return subnet collision result.
IPCalcReturnAddressIANAAllocation	An automation script to return address IANA information.
RandomPhotoNasa	This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data.
CreateFileFromPathObject	This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident.
BatchData	This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size.
DateTimeToADTime	Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet.
SSLVerifier	Use this automation to check for validity of your SSL certificate and get the time until expiration.
IPCalcReturnAddressBinary	An automation script to return address in binary format.
MinList	Gets the minimum value from list e.g. ["25", "10", "25"] => "10".
RetrievePlaybookDependencies	Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts, Commands not using-brand, and lists for a provided Playbook name. Also accepts inputs for incident types, layouts, incident fields, indicator fields, jobs, mappers, and pre-process rules connected to the parent playbook. Results can be output as an HTML or Markdown list.

Automations

Name	Description
VersionLessThan	Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
ConvertUTCEpochTimeToTimeStamp	This transformer convert the Epoch or UTC timestamp to desired stamp.
DateTimeNowToEpoch	Returns the current datetime as an epoch value for use in timestamp comparisons.
jq	Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.
DeleteIndicators	Delete indicators based on query, values, or IDs.
Json2HtmlTable	Converts JSON objects to HTML tables.
CreateFileFromPathObject	This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident.
IPCalcReturnSubnetBroadcastAddress	An Automation Script to return subnet broadcast address.
IPCalcReturnSubnetAddresses	An automation script to return subnet addresses.
GetFields	Retrieves fields from an object using dot notation.
isArrayItemInList	This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. inputArray: the context array/list data listName: the XSOAR system list.
MinList	Gets the minimum value from list e.g. ["25", "10", "25"] => "10".
GenerateRandomJSON	Generate a list of random dictionaries, using Faker Python library. For more information, please visit https://faker.readthedocs.io
CalculateTimeSpan	Calculates the time span between two dates using Powershell's `New-TimeSpan` command. A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 Hours : 1 Minutes : 12 Seconds : 19 Milliseconds : 0 Ticks : 8683390000000 TotalDays : 10.0502199074074 TotalHours : 241.205277777778 TotalMinutes : 14472.3166666667 TotalSeconds : 868339 TotalMilliseconds : 868339000
RandomElementFromList	randomly select elements from a list in Python.
ExtFilter	Advanced Filter. It enables you to make filters with complex conditions.
DisplayTaggedWarroomEntries	Display warroom entries in a dynamic section which are tagged with 'report'.
PHash	Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/
Defang	Defangs IP, Mail and URL address to prevent them from being recognized.
DateTimeToLDAPTime	Converts the given time to an LDAP timestamp.
StripAccentMarksFromString	Strip accent marks (diacritics) from a given string. For example: "Niño שָׁלוֹם Montréal اَلسَّلَامُ عَلَيْكُمْ‎" Will return: "Nino שלום Montreal السلام عليكم".
MaxList	Gets the maximum value from list e.g. ["25", "10", "25"] => "25".
IPCalcCheckSubnetCollision	An automation script to return subnet collision result.
CreatePlbkDoc	Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Input2: Format type needed. Table or Paragraph. Paragraph is default. Input3: Name of the docx file that will be produced. Give the full name including the ".docx" extension. (Mandatory) Requirements: This automation requires "Core REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook.
IPCalcReturnAddressIANAAllocation	An automation script to return address IANA information.
Group	Splits a list into smaller groups (chunks) of a specified size.
FindPlaybookCustomDependencies	Find custom scripts and integration dependencies used inside of playbooks.
DeleteIncidentsByQuery	Use this automation to delete incidents using query parameter with the same format as used in incidents search. Core REST API integration instance should be created.
DeleteAlertsByQuery	Use this automation to delete alerts using query parameter with the same format as used in alerts search. Core REST API integration instance should be created.
DateTimeToADTime	Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet.
RemoveEmptyEvidence	The automation removes evidence based on a query performed on the evidence content, if the provided string is found within the evidence- it will be removed.
RetrievePlaybooksAndIntegrations	Deprecated. Use RetrievePlaybookDependencies instead. Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name
GetIndicatorDBotScoreFromContext	Get the final verdict from the DBotScore of the context. Provided that it has all of the latest source verdict, this script gives you the right final verdict.
GetIndexOfArrayValue	This transformer will get an index of an element from an array. ex:["phishing","Malware"], if we provide "Malware" to array_value argument, will get index as 1.
IPCalcReturnAddressBinary	An automation script to return address in binary format.
BatchData	This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size.
CreateArrayWithDuplicates	Will create an array object in context from a given string input , allowing for duplicate values to be retained Output is to ContextKey.array as JSON does not permit duplicate key names e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc.
MissingElements	Returns the list of missing elements from an input list of integers. e.g. [12,14,16] -> [13,15].
VersionGreaterThan	Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
MapRegex	This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { "Match 1": ".match 1.", "Match 2": ".match 2.", "Catch all": ".*" } The transformer will match in order of dictionary entries.
GetAskLinks	Creates external ask links for the `Ask` task with the given name.
SSLVerifier	Use this automation to check for validity of your SSL certificate and get the time until expiration.
MarkdownToHTML	Converts Markdown to HTML.
RetrievePlaybookDependencies	Retrieves all Playbook (and Sub-Playbook) Names, Integrations, Automation Scripts, Commands not using-brand, and lists for a provided Playbook name. Also accepts inputs for incident types, layouts, incident fields, indicator fields, jobs, mappers, and pre-process rules connected to the parent playbook. Results can be output as an HTML or Markdown list.
CreateEDLInstance	Use this automation to create an EDL instance on XSOAR.
VersionEqualTo	Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0
DisplayIndicatorReputationContent	Display the indicator context object in markdown format in a dynamic section layout.
redactindicator	Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>.
delete_expired_indicator_with_exlusion	deletes expired indicators.
GetIndicatorCustomFieldsByQuery	Returns indicator custom fields into the context by the given query.
CompareList	Compares two lists.
GetListDatawithKeyword	This transformer will get list of array elements by providing keyword. List data format [ { "folder": "abc", "username": "test" }, { "folder": "def", "username": "test123" }, { "folder": "ghi", "username": "admin" } ]
InvertEveryTwoItems	This transformer will invert every two items in an array. Example: ["A", "B", "C", "D"] Result: ["B", "A", "D", "C"] If the total of items in the array is an odd number the last item will be removed Example: ["A", "B", "C", "D", "E"] Result: ["B", "A", "D", "C"] If the item is not an array the output will be same passed object.
IPCalcReturnSubnetNetwork	An Automation Script to return subnet network ID.
GetFilePathPreProcessing	This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. It should be configured as a pre-processing rule, and the logic for finding the right incident should be added to the code manually. The automation collects the paths and names of the attachments of the incoming incident and passes it to the "CreateFileFromPathObject" automation that is being executed on the existing incident.
RandomPhotoNasa	This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (4)

Pack Name	Pack By
Aggregated Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

1.5.1 - 8668717 (May 3, 2026)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.8544956.

Related pull requests:
- 44120

Download

1.5.0 - 7657193 (March 13, 2026)

Scripts

New: Group

Added the new Group script that splits a list into smaller groups (chunks) of a specified size.

Related pull requests:
- 43409

Download

1.4.4 - 7448282 (March 5, 2026)

Scripts

CreatePlbkDoc

Documentation and metadata improvements.

Related pull requests:
- 43266
- 43266

Download

1.4.3 - 6238358 (December 11, 2025)

Scripts

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFields

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CompareList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Defang

Updated the Docker image to: demisto/python3:3.12.12.6204436.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FindPlaybookCustomDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MaxList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.12.6204436.

BatchData

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MinList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.12.6204436.

redactindicator

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapRegex

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.12.6204436.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Related pull requests:
- 42247

Download

1.4.2 - 5940029 (November 20, 2025)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.5475267.

Related pull requests:
- 41956

Download

1.4.1 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.4.0 - 5158591 (September 28, 2025)

Scripts

jq

Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.

Related pull requests:
- 41352

Download

1.3.23 - 4901962 (September 16, 2025)

Scripts

CreatePlbkDoc

Updated the Docker image to: demisto/docxpy:1.0.0.4821271.

Related pull requests:
- 41277

Download

1.3.22 - 4847835 (September 11, 2025)

Scripts

MapRegex

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MaxList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.8.3296088.

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.8.3296088.

redactindicator

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CompareList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFields

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Defang

Updated the Docker image to: demisto/python3:3.12.8.3296088.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MinList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.8.3296088.

BatchData

Updated the Docker image to: demisto/python3:3.12.8.3296088.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41193

Download

1.3.21 - 4770511 (September 4, 2025)

Scripts

New: MissingElements

New: Added a new script- MissingElements that Returns the list of missing elements from an input list of integers.
e.g. [12,14,16] -> [13,15]

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

1.3.19 - 4186002 (July 16, 2025)

Scripts

Json2HtmlTable

Fixed a typo in the Json2HtmlTable script tags.

Related pull requests:
- 40614

Download

1.3.18 - R3980324 (June 26, 2025)

Scripts

Json2HtmlTable

Added support for the custom_styling argument to insert custom css styling before the table object.
Added support for the table_attributes argument to add various table attributes. e.g. pass id=”infotable” or class=”bootstrapclass”/data*.
Updated the Docker image to: demisto/py3-tools:1.0.0.3205634.

Related pull requests:
- 40089
- 40198

Download

1.3.17 - R3481649 (May 21, 2025)

Scripts

New: FindPlaybookCustomDependencies

New: Find custom scripts and integration dependencies used inside of playbooks.

Related pull requests:
- 39601
- 39836

Download

1.5.1 - 8668717 (May 3, 2026)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.8544956.

Related pull requests:
- 44120

Download

1.5.0 - 7657193 (March 13, 2026)

Scripts

New: Group

Added the new Group script that splits a list into smaller groups (chunks) of a specified size.

Related pull requests:
- 43409

Download

1.4.4 - 7448282 (March 5, 2026)

Scripts

CreatePlbkDoc

Documentation and metadata improvements.

Related pull requests:
- 43266
- 43266

Download

1.4.3 - 6238358 (December 11, 2025)

Scripts

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFields

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CompareList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Defang

Updated the Docker image to: demisto/python3:3.12.12.6204436.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FindPlaybookCustomDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MaxList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.12.6204436.

BatchData

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MinList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.12.6204436.

redactindicator

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapRegex

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.12.6204436.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Related pull requests:
- 42247

Download

1.4.2 - 5940029 (November 20, 2025)

Scripts

Json2HtmlTable

Updated the Docker image to: demisto/py3-tools:1.0.0.5475267.

Related pull requests:
- 41956

Download

1.4.1 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.4.0 - 5158591 (September 28, 2025)

Scripts

jq

Deprecated. Use JMESPath transformer from the Filters and Transformers content pack instead.

Related pull requests:
- 41352

Download

1.3.23 - 4901962 (September 16, 2025)

Scripts

CreatePlbkDoc

Updated the Docker image to: demisto/docxpy:1.0.0.4821271.

Related pull requests:
- 41277

Download

1.3.22 - 4847835 (September 11, 2025)

Scripts

MapRegex

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndexOfArrayValue

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MaxList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetNetwork

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SSLVerifier

Updated the Docker image to: demisto/python3:3.12.8.3296088.

StripAccentMarksFromString

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetAddresses

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomPhotoNasa

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateFileFromPathObject

Updated the Docker image to: demisto/python3:3.12.8.3296088.

redactindicator

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConvertUTCEpochTimeToTimeStamp

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFilePathPreProcessing

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CompareList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIndicators

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DeleteIncidentsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

InvertEveryTwoItems

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToLDAPTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressBinary

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorCustomFieldsByQuery

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayTaggedWarroomEntries

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RemoveEmptyEvidence

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetFields

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetListDatawithKeyword

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Defang

Updated the Docker image to: demisto/python3:3.12.8.3296088.

isArrayItemInList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MinList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateEDLInstance

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnAddressIANAAllocation

Updated the Docker image to: demisto/python3:3.12.8.3296088.

BatchData

Updated the Docker image to: demisto/python3:3.12.8.3296088.

delete_expired_indicator_with_exlusion

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CreateArrayWithDuplicates

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcReturnSubnetBroadcastAddress

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DisplayIndicatorReputationContent

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeToADTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IPCalcCheckSubnetCollision

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RetrievePlaybookDependencies

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RandomElementFromList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41193

Download

1.3.21 - 4761438 (September 4, 2025)

Scripts

New: MissingElements

New: Added a new script- MissingElements that Returns the list of missing elements from an input list of integers.
e.g. [12,14,16] -> [13,15]

GetAskLinks

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetIndicatorDBotScoreFromContext

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ExtFilter

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateTimeNowToEpoch

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

1.3.19 - 4186002 (July 16, 2025)

Scripts

Json2HtmlTable

Fixed a typo in the Json2HtmlTable script tags.

Related pull requests:
- 40614

Download

1.3.18 - R3980324 (June 26, 2025)

Scripts

Json2HtmlTable

Added support for the custom_styling argument to insert custom css styling before the table object.
Added support for the table_attributes argument to add various table attributes. e.g. pass id=”infotable” or class=”bootstrapclass”/data*.
Updated the Docker image to: demisto/py3-tools:1.0.0.3205634.

Related pull requests:
- 40089
- 40198

Download

1.3.17 - R3481649 (May 21, 2025)

Scripts

New: FindPlaybookCustomDependencies

New: Find custom scripts and integration dependencies used inside of playbooks.

Related pull requests:
- 39601
- 39836

Download

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	January 9, 2023
Last Release	May 3, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.