This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident
Community Common Scripts
- Details
- Content
- Dependencies
- Version History
A pack that contains community scripts
Name | Description |
---|---|
CreateFileFromPathObject | |
MarkdownToHTML | Converts Markdown to HTML. |
IPCalcReturnSubnetNetwork | An Automation Script to return subnet network ID |
SSLVerifier | Use this automation to check for validity of your SSL certificate and get the time until expiration. |
RemoveEmptyEvidence | The automation removes evidence based on a query performed on the evidence content, |
IPCalcReturnSubnetAddresses | An automation script to return subnet addresses |
BatchData | This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size. |
StripAccentMarksFromString | Strip accent marks (diacritics) from a given string. |
GetIndicatorDBotScoreFromContext | Get the final verdict from the DBotScore of the context. |
IPCalcReturnSubnetBroadcastAddress | An Automation Script to return subnet broadcast address |
IPCalcCheckSubnetCollision | An automation script to return subnet collision result |
GetFilePathPreProcessing | This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. |
MapRegex | This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { The transformer will match in order of dictionary entries. |
isArrayItemInList | This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. |
MaxList | Gets the maximum value from list |
DeleteIncidentsByQuery | Use this automation to delete incidents using query parameter with the same format as used in incidents search. Demisto REST API integration instance should be created. |
VersionGreaterThan | Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
PHash | Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/ |
ExtFilter | Advanced Filter. It enables you to make filters with complex conditions. |
RandomElementFromList | randomly select elements from a list in Python |
redactindicator | Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED> |
RandomPhotoNasa | This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data. |
RetrievePlaybooksAndIntegrations | Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name |
IPCalcReturnAddressBinary | An automation script to return address in binary format |
DisplayTaggedWarroomEntries | Display warroom entries in a dynamic section which are tagged with 'report' |
CreateEDLInstance | Use this automation to create an EDL instance on XSOAR. |
VersionEqualTo | Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
DateTimeToADTime | Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet |
CreatePlbkDoc | Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Requirements: This automation requires "Demisto REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook. |
VersionLessThan | Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
IPCalcReturnAddressIANAAllocation | An automation script to return address IANA information |
InvertEveryTwoItems | This transformer will invert every two items in an array. If the total of items in the array is an odd number the last item will be removed If the item is not an array the output will be same passed object. |
GetFields | Retrieves fields from an object using dot notation |
jq | Run JQ Query. Check these links: |
DisplayIndicatorReputationContent | Display the indicator context object in markdown format in a dynamic section layout |
MinList | Gets the minimum value from list |
CalculateTimeSpan | Calculates the time span between two dates using Powershell's A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 |
Name | Description |
---|---|
CreateFileFromPathObject | This automation is being executed by the "GetFilePathPreProcessing" pre-processing script that collects the paths and names of attachments of an incoming incident, then passes it to this automation that reads the files and creates them in an existing incident |
MarkdownToHTML | Converts Markdown to HTML. |
IPCalcReturnSubnetNetwork | An Automation Script to return subnet network ID |
SSLVerifier | Use this automation to check for validity of your SSL certificate and get the time until expiration. |
RemoveEmptyEvidence | The automation removes evidence based on a query performed on the evidence content, |
IPCalcReturnSubnetAddresses | An automation script to return subnet addresses |
BatchData | This Automation takes in a string of comma separated items and returns a dictionary of with the defined chunk size. |
StripAccentMarksFromString | Strip accent marks (diacritics) from a given string. |
GetIndicatorDBotScoreFromContext | Get the final verdict from the DBotScore of the context. |
IPCalcReturnSubnetBroadcastAddress | An Automation Script to return subnet broadcast address |
IPCalcCheckSubnetCollision | An automation script to return subnet collision result |
GetFilePathPreProcessing | This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. |
MapRegex | This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "desired outcome": "regex to match" For example: { The transformer will match in order of dictionary entries. |
isArrayItemInList | This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. |
MaxList | Gets the maximum value from list |
DeleteIncidentsByQuery | Use this automation to delete incidents using query parameter with the same format as used in incidents search. Demisto REST API integration instance should be created. |
VersionGreaterThan | Tests whether left side version number is greater than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
PHash | Script to create a perceptual hash of an image (or file) stored in the incident. Wrapps https://pypi.org/project/ImageHash/ |
ExtFilter | Advanced Filter. It enables you to make filters with complex conditions. |
RandomElementFromList | randomly select elements from a list in Python |
redactindicator | Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED> |
RandomPhotoNasa | This automation script will pull a random image from https://images.nasa.gov based on the search parameter provided. If the script is used within a widget, it will output an image in markdown format. If it is used anywhere else it will output an image in markdown format and also context data. |
RetrievePlaybooksAndIntegrations | Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook name |
IPCalcReturnAddressBinary | An automation script to return address in binary format |
DisplayTaggedWarroomEntries | Display warroom entries in a dynamic section which are tagged with 'report' |
CreateEDLInstance | Use this automation to create an EDL instance on XSOAR. |
VersionEqualTo | Tests whether left side version number is equal to right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
DateTimeToADTime | Converts unix time to AD Integer8 time. This is used in many AD date fields like pwdLastSet |
CreatePlbkDoc | Purpose: This automation will produce docx file detailing the tasks in the given playbook. It can produce a table or paragraph format of the report. Author: Mahmood Azmat Input1: Name of the playbook (Mandatory) Requirements: This automation requires "Demisto REST API" integration enabled and connected to the XSOAR itself. Automation uses it to read the objects of the playbook. |
VersionLessThan | Tests whether left side version number is less than right side version number. Version numbers need to have at least a major and minor version component to be considered valid. E.g. 1.0 |
IPCalcReturnAddressIANAAllocation | An automation script to return address IANA information |
InvertEveryTwoItems | This transformer will invert every two items in an array. If the total of items in the array is an odd number the last item will be removed If the item is not an array the output will be same passed object. |
GetFields | Retrieves fields from an object using dot notation |
jq | Run JQ Query. Check these links: |
DisplayIndicatorReputationContent | Display the indicator context object in markdown format in a dynamic section layout |
MinList | Gets the minimum value from list |
CalculateTimeSpan | Calculates the time span between two dates using Powershell's A timespan with a start date of "2022-04-02T15:42:48" and end date of "2022-04-12T16:55:07" would return the following: Days : 10 |
Pack Name | Pack By |
---|---|
Base | By: Cortex XSOAR |
Common Scripts | By: Cortex XSOAR |
Pack Name | Pack By |
---|---|
Cortex REST API | By: Cortex XSOAR |
Pack Name | Pack By |
---|---|
Google Maps | By: Cortex XSOAR |
Common Scripts | By: Cortex XSOAR |
MITRE ATT&CK | By: Cortex XSOAR |
Active Directory Query | By: Cortex XSOAR |
Slack | By: Cortex XSOAR |
Remote Access | By: Cortex XSOAR |
Scripts
RemoveEmptyEvidence
- Moved from Remove Empty Evidence.
- Updated the Docker image to: demisto/python3:3.10.5.31928.
redactindicator
- Moved from Redact/Defang Indicators (URLs, IPs, Email).
- Updated the Docker image to: demisto/python3:3.9.7.24076.
SSLVerifier
- Moved from SSL Certificate Verifier.
- Updated the Docker image to: demisto/python3:3.9.7.24076.
StripAccentMarksFromString
- Moved from Strip Accent Marks From String.
- Updated the Docker image to: demisto/python3:3.9.7.24076.
RetrievePlaybooksAndIntegrations
- Moved from RetrievePlaybooksAndIntegrations.
- Updated the Docker image to: demisto/python3:3.10.5.33323.
- 23701
Download
Scripts
RandomPhotoNasa
- Moved from RandomImages_VideosAndAudio
- Updated the Docker image to: demisto/python3:3.9.7.24076.
VersionGreaterThan
- Moved from PowerShellUtilities
- Updated the Docker image to: demisto/powershell:7.2.1.26295.
CalculateTimeSpan
- Moved from PowerShellUtilities
- Updated the Docker image to: demisto/powershell:7.2.1.26295.
VersionLessThan
- Moved from PowerShellUtilities
- Updated the Docker image to: demisto/powershell:7.2.1.26295.
RandomElementFromList
- Moved from RandomElementFromList
- Updated the Docker image to: demisto/python3:3.10.4.27798.
VersionEqualTo
- Moved from PowerShellUtilities
- Updated the Docker image to: demisto/powershell:7.2.1.26295.
- 23661
Download
Scripts
IPCalcReturnSubnetAddresses
- Moved from Network Calculator.
- Updated the Docker image to: demisto/python3:3.9.8.24399.
IPCalcCheckSubnetCollision
- Moved from Network Calculator.
- Updated the Docker image to: demisto/python3:3.9.8.24399.
IPCalcReturnAddressIANAAllocation
- Moved from Network Calculator.
- Updated the Docker image to: demisto/python3:3.9.8.24399.
IPCalcReturnAddressBinary
- Moved from Network Calculator.
- Updated the Docker image to: demisto/python3:3.9.8.24399.
IPCalcReturnSubnetBroadcastAddress
- Moved from Network Calculator.
- Updated the Docker image to: demisto/python3:3.9.8.24399.
PHash
- Moved from PHash.
- Updated the Docker image to: demisto/python-phash:1.0.0.25389.
IPCalcReturnSubnetNetwork
- Moved from Network Calculator.
- Updated the Docker image to: demisto/python3:3.9.8.24399.
- 23635
Download
PUBLISHER
PLATFORMS
INFO
Supported By | Community | |
Created | January 9, 2023 | |
Last Release | January 17, 2023 |
WORKS WITH THE FOLLOWING INTEGRATIONS:

