Filters And Transformers

Details
Content
Dependencies
Version History

Download With Dependencies

Frequently used filters and transformers pack.

Pack Contributors:

Samuel Kamar
Masahiko Inoue
Jaden Evanger
Mandar Naik
Ryan McVicar

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Pack Contributors:

Samuel Kamar
Masahiko Inoue
Jaden Evanger
Mandar Naik
Ryan McVicar

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
URLEncode	Encodes a URL string by replacing special characters in the string using the %xx escape. For example: https://example.com converts to https:%2F%2Fexample.com.
ConvertAllExcept	Convert all chosen values but exceptions.
StringifyArray	Return the string encoded with JSON from the whole array
If-Then-Else	A transformer for simple if-then-else logic.
ArrayAnyMatch	Returns true if an element is shared between two lists.
StringToArray	Converts string to array. For example: `http://example.com/?score:1,4,time:55` will be transformed to `["http://example.com/?score:1,4,time:55"]`.
RegexExpand	Extract the strings matched to the patterns by doing backslash substitution on the template string. This transformer allow to input multiple regex patterns and multiple match targets, and those can be given in the input value and the argument parameters.
IsInCidrRanges	Determines whether an IPv4 or IPv6 address is contained in at least one of the comma-delimited CIDR ranges. Multiple IPv4/IPv6 addresses can be passed comma-delimited and each will be tested. A mix of IPv4 and IPv6 addresses will always return false.
TimeStampToDate	Converts UNIX Epoch time stamp to a simplified extended ISO format string. Use it to convert time stamp to Demisto date field e.g. 1525006939 will return '2018-04-29T13:02:19.000Z'
ConcatFormat	Returns a string concatenated with given a prefix and suffix which supports DT expressions.
URLDecode	Converts https:%2F%2Fexample.com into https://example.com
DT	This automation allows the usage of DT scripts within playbooks transformers.
IPv4Whitelist	Transformer that returns a filtered list of IPv4 addresses, based on whether they match a comma-separated list of IPv4 ranges. Useful for filtering in internal IP address space.
RemoveNullBytes	Removes null bytes from string.
MapRangeValues	This script converts an input value into another value using two lists. The input value or range is searched in the first list (map_from). If it exists, the value at the same index from the second list (map_to) is returned. If there is no match, the original value is returned. This script supports mapping from either ranges of float numbers or text strings. Example 1: map_from = "1,2,3,4" map_to = "4,3,2,1" value = 3 Output is "2" Example 2: map_from = "1-3,4" map_to = "5,1" value = 3 Output is "5".
ProductJoin	Returns the product of two lists, joined by a separator, as a list of strings.
IPv4Blacklist	Transformer that returns a filtered list of IPv4 addresses, based on whether they do not match a comma-separated list of IPv4 ranges. Useful for filtering out internal IP address space.
SortBy	This transformer will sort an array of dictionary values by keys in ascending or descending order.
CheckIfSubdomain	Checks whether a given domain is a subdomain of one of the listed domains.
FormatTemplate	Build text from a template that can include DT expressions.
LowerCidrNumAddresses	Check if number of availble addresses in IPv4 CIDR is lower than given number.
ParseHTMLTables	Find tables inside HTML and extract the contents into objects using the following logic: If table has 2 columns and has no header row, treat the first column as key and second as value and create a table of key/value If table has a header row, create a table of objects where attribute names are the headers If table does not have a header row, create table of objects where attribute names are cell1, cell2, cell3…
JsonToTable	Accepts a json object and returns a markdown. Supports clickable links.
ModifyDateTime	Takes a date or time input and adds or subtracts a determined amount of time. Returns a string in date or time in ISO Format.
BetweenDates	Whether value is within a date range.
RemoveEmpty	Remove empty items, entries or nodes from the array.
If-Elif	A transformer for if-elif-else logic.
WhereFieldEquals	Return all items from the list where their given 'field' attribute is equal to 'equalTo' argument E.g. !WhereFieldEquals with the following arguments: value=[{ "name": "192.1,0.82", "type": "IP" }, { "name": "myFile.txt", "type": "File" }, { "name": "172.0.0.2", "type": "IP" }] field='type' equalTo='IP' getField='name' Will return all items names where field 'type' equals 'IP' - ['192.1,0.82', '172.0.0.2'].
MapPattern	This transformer will take in a value and transform it based on multiple condition expressions (wildcard, regex, etc) defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "condition expression": "desired outcome" For example: { ".match 1.": "Dest Val1", ".match 2.": "Dest Val2", ".match 3(.)": "\1", "match 4": { "algorithm": "wildcard", "output": "Dest Val4" } } The transformer will return the value matched to a pattern following to the priority. When unmatched or the input value is structured (dict or list), it will simply return the input value.
IgnoreFieldsFromJson	Removed selected fields from the JSON object.
GetListContent	Returns the content of the List with the given Name as a string or JSON object, depending on the selected `type`.
RegexExtractAll	Extraction of all matches from a specified regular expression pattern from a provided string. Returns an array of results. This differs from RegexGroups in several ways: It returns all matches of the specified pattern, not just specific groups. This is useful for extracting things using a pattern where the content of the source string is indeterminate, such as extracting all email addresses. Some "convenience" arguments have been added to enhance usability: multi-line, ignore_case, period_matches_newline Added a new argument, "error_if_no_match". The script will not ordinarily throw an error if a match is not found but if not using as a transformer within a playbook, it may, in certain limited circumstances, be desirable to throw an error if the expression doesn't match. It uses the 'regex' library, which supports more some more advanced regex functionality than the standard 're' library. For more info, see https://pypi.org/project/regex/.
MakePair	This transformer will create a list of dictionary by aggregating elements from two arrays. The one is given by `value` (with `array1_key`), another is given by `array2` (with `array2_key`).
SetIfEmpty	Checks an object for an empty value and returns a pre-set default value.
BeforeRelativeDate	Checks the given datetime has occured before the provided relative time.
AfterRelativeDate	Checks the given datetime has occured after the provided relative time.
LastArrayElement	Returns the last element of an array. If the value passed is not an array, it returns the original value that was passed.
RegexGroups	Extraction of elements which are contained in all the subgroups of the match to the pattern. For example, extracting from the string "The quick brown fox" the object `{"article":"The","noun":quick"}` (See arguments descriptions for more details).
RegexReplace	Format patterns matched with regex. If the regex does not match any pattern, the original value is returned. Example 1: value: user=john regex: user=(.) output_format: name=\1 -> output value: name=john Example 2: value: xxx=yyy regex: user=(.) output_format: name=\1 -> output value: xxx=yyy.
DateStringToISOFormat	This is a thin wrapper around the `dateutil.parser.parse` function. It will parse a string containing a date/time stamp and return it in ISO 8601 format.
AppendIfNotEmpty	Append item(s) to the end of the list if they are not empty.
InRange	checks if left side is in range of right side (from,to anotation) e.g. - InRange left=4right=1,8 will return true.
JoinIfSingleElementOnly	Return the single element in case the array has only 1 element in it, otherwise return the whole array.
jmespath	Performs a JMESPath search on an input JSON format, when using a transformer.
CIDRBiggerThanPrefix	Checks whether a given CIDR prefix is bigger than the defined maximum prefix.
EmailDomainBlacklist	Accepts an array of domains as a block list, and a list of email addresses. The script then filters out any email address whose domain is in the block list. The filtered list will be returned as an array.
ExtractEmailTransformer	Extracts email addresses from the given value.
GetRange	Gets specified indexes of a list.
StringContainsArray	Checks whether a substring or an array of substrings is within a string array(each item will be checked). Supports single strings as well. For example, for substrings ['a','b','c'] in a string 'a' the script will return true.
RemoveMatches	Removes items from the given list of values if they match any of the patterns in the provided `filters`. If the match_exact argument is 'yes', direct string compare is used, otherwise the comparison is done using regex.
EmailDomainWhitelist	Accepts an array of domains as an allow list, and a list of email addresses. The script then filters out any email address whose domain is not in the allow list. The filtered list will be returned as an array.
BetweenHours	Checks whether the given value is within the specified time (hour) range.
TimeComponents	Takes a date or time input and get time components in a specific time zone. Returns a dictionary with the following components. year year_4_digit month month_3_letter month_full_name month_2_digit day day_2_digit day_of_week (Sun:0, Sat:6) day_of_week_3_letter day_of_week_full_name day_of_year day_of_year_3_digit hour hour_12_clock hour_2_digit_24_clock hour_2_digit_12_clock hour_of_day minute minute_2_digit minute_of_day second second_2_digit second_of_day millisecond period_12_clock time_zone_hhmm time_zone_offset time_zone_abbreviations unix_epoch_time iso_8601 y-m-d yyyy-mm-dd hⓂ️s HⓂ️s hh:mm:ss HH:mm:ss.
DedupBy	This transformer will remove elements of the array that contain an identical combination of values for the keys given.
StripChars	Strip set of characters from prefix and/or suffix e.g. StripChar value=~!!~www.mydomain.com~!~!~ chars=!~ will return www.mydomain.com
GetValuesOfMultipleFields	The script receives a list of fields and a context key base path. For example, Key=Test.result List=username,user gets all of the values from Test.result.username and Test.result.user. The Get field of the task must have the value ${.=[]}.
MergeDictArray	Each entry in an array is merged into the existing array if the keyed-value matches.
Base64Decode	Decodes an input in Base64 format.
FormattedDateToEpoch	Converts a custom-formatted timestamp to UNIX epoch time. Use it to convert custom time stamps to a XSOAR date field. If you pass formatter argument, we will use it to transform. If not, we will use dateparser.parse for transforming. For more info, see: https://docs.python.org/3.7/library/datetime.html#strftime-and-strptime-behavior
GreaterCidrNumAddresses	Check if number of availble addresses in IPv4 or IPv6 CIDR is greater than given number.
IsRFC1918Address	A filter that receives a single IPv4 address string as an input and determines whether it is in the private RFC-1918 address space (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). For more information, see https://en.wikipedia.org/wiki/Private_network
ConvertKeysToTableFieldFormat	Convert object keys to match table keys. Use when mapping object/collection to table (grid) field. (Array of objects/collections is also supported). Example: Input: { "Engine": "val1", "Max Results": 13892378, "Key_With^Special (characters)": true } Output: { "engine": "val1", "maxresults": 13892378, "keywithspecialcharacters": true }
SumList	Sums a List e.g. ["25", "10", "25"] => "60" This is an example for number transformer.
ExtractInbetween	Extract a string from an existing string.
AnyMatch	Returns all elements from the left side that have a substring that is equal to an element from the right side. Note: This filter is case-insensitive. E.g -AnyMatch left=baby right=A will return baby. For more examples see the filter's Readme.
Cut	Cut a string by delimiter and return specific fields. Example input: "A-B-C-D-E" delimiter: "-" fields: "1,5" return: "A-E".
ParseJSON	Parse a given JSON string "value" to a representative object. Example: '{"a": "value"}' => {"a": "value"}.
IsNotInCidrRanges	Checks whether an IPv4 or IPv6 address is not contained in one or more comma-delimited CIDR ranges.
ReverseList	Reverse a list e.g. ["Mars", "Jupiter", "Saturn"] => ["Saturn", "Jupiter", "Mars"] This is an example for entire-list transformer - it operates the argument as a list (note the "entirelist" tag).
ConvertToSingleElementArray	Converts a single string to an array of that string.
FirstArrayElement	Returns the first element of an array. If the value passed is not an array, it returns the original value that was passed.
PadZeros	Adds zeros (0) to the beginning of the string, until the string reaches the specified length.
MapValuesTransformer	This script converts the input value into another value using two lists. The input value is searched in the first list (input_values). If it exists, the value from the second list (mapped_values) at the same index is retutrned. If there is no match, the original value is returned. If the original input is a dictionary, then the script will look for a "stringified" version of the key/:/value pair in the input_values and then map the result in the output_values into the original "value". Example 1: input_values = "1,2,3,4" mapper_values = "4,3,2,1" value = 3 Output would be "2" Example 2: input_values ="firstkey: datahere,secondkey: datathere" mapper_values = "datathere,datahere" value(dict)= { "firstkey": "datahere" } Output would be: { "firstkey": "datathere" } The reason for matching the key AND value pair in a dictionary is to allow the mappig of values that have a specific key name. In most cases, dictionaries will continan key-value pairs in which the values are the same. You might want to change the value of KeyA, but not the value of KeyB. This method gives control over which key is changed. When the input is a dict, str , int, or list, the output is ALWAYS returned as a string.

Automations

Name	Description
RegexReplace	Format patterns matched with regex. If the regex does not match any pattern, the original value is returned. Example 1: value: user=john regex: user=(.) output_format: name=\1 -> output value: name=john Example 2: value: xxx=yyy regex: user=(.) output_format: name=\1 -> output value: xxx=yyy.
BeforeRelativeDate	Checks the given datetime has occured before the provided relative time.
LastArrayElement	Returns the last element of an array. If the value passed is not an array, it returns the original value that was passed.
ConvertAllExcept	Convert all chosen values but exceptions.
Base64Decode	Decodes an input in Base64 format.
ArrayAnyMatch	Returns true if an element is shared between two lists.
SetIfEmpty	Checks an object for an empty value and returns a pre-set default value.
IPv4Blacklist	Transformer that returns a filtered list of IPv4 addresses, based on whether they do not match a comma-separated list of IPv4 ranges. Useful for filtering out internal IP address space.
ModifyDateTime	Takes a date or time input and adds or subtracts a determined amount of time. Returns a string in date or time in ISO Format.
EmailDomainBlacklist	Accepts an array of domains as a block list, and a list of email addresses. The script then filters out any email address whose domain is in the block list. The filtered list will be returned as an array.
ProductJoin	Returns the product of two lists, joined by a separator, as a list of strings.
MapPattern	This transformer will take in a value and transform it based on multiple condition expressions (wildcard, regex, etc) defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "condition expression": "desired outcome" For example: { ".match 1.": "Dest Val1", ".match 2.": "Dest Val2", ".match 3(.)": "\1", "match 4": { "algorithm": "wildcard", "output": "Dest Val4" } } The transformer will return the value matched to a pattern following to the priority. When unmatched or the input value is structured (dict or list), it will simply return the input value.
FormattedDateToEpoch	Converts a custom-formatted timestamp to UNIX epoch time. Use it to convert custom time stamps to a XSOAR date field. If you pass formatter argument, we will use it to transform. If not, we will use dateparser.parse for transforming. For more info, see: https://docs.python.org/3.7/library/datetime.html#strftime-and-strptime-behavior
MapValuesTransformer	This script converts the input value into another value using two lists. The input value is searched in the first list (input_values). If it exists, the value from the second list (mapped_values) at the same index is retutrned. If there is no match, the original value is returned. If the original input is a dictionary, then the script will look for a "stringified" version of the key/:/value pair in the input_values and then map the result in the output_values into the original "value". Example 1: input_values = "1,2,3,4" mapper_values = "4,3,2,1" value = 3 Output would be "2" Example 2: input_values ="firstkey: datahere,secondkey: datathere" mapper_values = "datathere,datahere" value(dict)= { "firstkey": "datahere" } Output would be: { "firstkey": "datathere" } The reason for matching the key AND value pair in a dictionary is to allow the mappig of values that have a specific key name. In most cases, dictionaries will continan key-value pairs in which the values are the same. You might want to change the value of KeyA, but not the value of KeyB. This method gives control over which key is changed. When the input is a dict, str , int, or list, the output is ALWAYS returned as a string.
IsRFC1918Address	A filter that receives a single IPv4 address string as an input and determines whether it is in the private RFC-1918 address space (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). For more information, see https://en.wikipedia.org/wiki/Private_network
StringifyArray	Return the string encoded with JSON from the whole array
RemoveEmpty	Remove empty items, entries or nodes from the array.
WhereFieldEquals	Return all items from the list where their given 'field' attribute is equal to 'equalTo' argument E.g. !WhereFieldEquals with the following arguments: value=[{ "name": "192.1,0.82", "type": "IP" }, { "name": "myFile.txt", "type": "File" }, { "name": "172.0.0.2", "type": "IP" }] field='type' equalTo='IP' getField='name' Will return all items names where field 'type' equals 'IP' - ['192.1,0.82', '172.0.0.2'].
BetweenHours	Checks whether the given value is within the specified time (hour) range.
DedupBy	This transformer will remove elements of the array that contain an identical combination of values for the keys given.
StringContainsArray	Checks whether a substring or an array of substrings is within a string array(each item will be checked). Supports single strings as well. For example, for substrings ['a','b','c'] in a string 'a' the script will return true.
RemoveMatches	Removes items from the given list of values if they match any of the patterns in the provided `filters`. If the match_exact argument is 'yes', direct string compare is used, otherwise the comparison is done using regex.
RegexExpand	Extract the strings matched to the patterns by doing backslash substitution on the template string. This transformer allow to input multiple regex patterns and multiple match targets, and those can be given in the input value and the argument parameters.
JoinIfSingleElementOnly	Return the single element in case the array has only 1 element in it, otherwise return the whole array.
GetListContent	Returns the content of the List with the given Name as a string or JSON object, depending on the selected `type`.
IPv4Whitelist	Transformer that returns a filtered list of IPv4 addresses, based on whether they match a comma-separated list of IPv4 ranges. Useful for filtering in internal IP address space.
IsInCidrRanges	Determines whether an IPv4 or IPv6 address is contained in at least one of the comma-delimited CIDR ranges. Multiple IPv4/IPv6 addresses can be passed comma-delimited and each will be tested. A mix of IPv4 and IPv6 addresses will always return false.
GreaterCidrNumAddresses	Check if number of availble addresses in IPv4 or IPv6 CIDR is greater than given number.
StringToArray	Converts string to array. For example: `http://example.com/?score:1,4,time:55` will be transformed to `["http://example.com/?score:1,4,time:55"]`.
ParseHTMLTables	Find tables inside HTML and extract the contents into objects using the following logic: If table has 2 columns and has no header row, treat the first column as key and second as value and create a table of key/value If table has a header row, create a table of objects where attribute names are the headers If table does not have a header row, create table of objects where attribute names are cell1, cell2, cell3…
ParseJSON	Parse a given JSON string "value" to a representative object. Example: '{"a": "value"}' => {"a": "value"}.
CIDRBiggerThanPrefix	Checks whether a given CIDR prefix is bigger than the defined maximum prefix.
MergeDictArray	Each entry in an array is merged into the existing array if the keyed-value matches.
GetValuesOfMultipleFields	The script receives a list of fields and a context key base path. For example, Key=Test.result List=username,user gets all of the values from Test.result.username and Test.result.user. The Get field of the task must have the value ${.=[]}.
RemoveNullBytes	Removes null bytes from string.
SortBy	This transformer will sort an array of dictionary values by keys in ascending or descending order.
ExtractInbetween	Extract a string from an existing string.
CheckIfSubdomain	Checks whether a given domain is a subdomain of one of the listed domains.
AnyMatch	Returns all elements from the left side that have a substring that is equal to an element from the right side. Note: This filter is case-insensitive. E.g -AnyMatch left=baby right=A will return baby. For more examples see the filter's Readme.
StripChars	Strip set of characters from prefix and/or suffix e.g. StripChar value=~!!~www.mydomain.com~!~!~ chars=!~ will return www.mydomain.com
SumList	Sums a List e.g. ["25", "10", "25"] => "60" This is an example for number transformer.
InRange	checks if left side is in range of right side (from,to anotation) e.g. - InRange left=4right=1,8 will return true.
TimeComponents	Takes a date or time input and get time components in a specific time zone. Returns a dictionary with the following components. year year_4_digit month month_3_letter month_full_name month_2_digit day day_2_digit day_of_week (Sun:0, Sat:6) day_of_week_3_letter day_of_week_full_name day_of_year day_of_year_3_digit hour hour_12_clock hour_2_digit_24_clock hour_2_digit_12_clock hour_of_day minute minute_2_digit minute_of_day second second_2_digit second_of_day millisecond period_12_clock time_zone_hhmm time_zone_offset time_zone_abbreviations unix_epoch_time iso_8601 y-m-d yyyy-mm-dd hⓂ️s HⓂ️s hh:mm:ss HH:mm:ss.
JsonToTable	Accepts a json object and returns a markdown. Supports clickable links.
URLEncode	Encodes a URL string by replacing special characters in the string using the %xx escape. For example: https://example.com converts to https:%2F%2Fexample.com.
TimeStampToDate	Converts UNIX Epoch time stamp to a simplified extended ISO format string. Use it to convert time stamp to Demisto date field e.g. 1525006939 will return '2018-04-29T13:02:19.000Z'
IgnoreFieldsFromJson	Removed selected fields from the JSON object.
FirstArrayElement	Returns the first element of an array. If the value passed is not an array, it returns the original value that was passed.
ConcatFormat	Returns a string concatenated with given a prefix and suffix which supports DT expressions.
ReverseList	Reverse a list e.g. ["Mars", "Jupiter", "Saturn"] => ["Saturn", "Jupiter", "Mars"] This is an example for entire-list transformer - it operates the argument as a list (note the "entirelist" tag).
MapRangeValues	This script converts an input value into another value using two lists. The input value or range is searched in the first list (map_from). If it exists, the value at the same index from the second list (map_to) is returned. If there is no match, the original value is returned. This script supports mapping from either ranges of float numbers or text strings. Example 1: map_from = "1,2,3,4" map_to = "4,3,2,1" value = 3 Output is "2" Example 2: map_from = "1-3,4" map_to = "5,1" value = 3 Output is "5".
DT	This automation allows the usage of DT scripts within playbooks transformers.
FormatTemplate	Build text from a template that can include DT expressions.
RegexExtractAll	Extraction of all matches from a specified regular expression pattern from a provided string. Returns an array of results. This differs from RegexGroups in several ways: It returns all matches of the specified pattern, not just specific groups. This is useful for extracting things using a pattern where the content of the source string is indeterminate, such as extracting all email addresses. Some "convenience" arguments have been added to enhance usability: multi-line, ignore_case, period_matches_newline Added a new argument, "error_if_no_match". The script will not ordinarily throw an error if a match is not found but if not using as a transformer within a playbook, it may, in certain limited circumstances, be desirable to throw an error if the expression doesn't match. It uses the 'regex' library, which supports more some more advanced regex functionality than the standard 're' library. For more info, see https://pypi.org/project/regex/.
AppendIfNotEmpty	Append item(s) to the end of the list if they are not empty.
ConvertToSingleElementArray	Converts a single string to an array of that string.
If-Then-Else	A transformer for simple if-then-else logic.
DateStringToISOFormat	This is a thin wrapper around the `dateutil.parser.parse` function. It will parse a string containing a date/time stamp and return it in ISO 8601 format.
If-Elif	A transformer for if-elif-else logic.
jmespath	Performs a JMESPath search on an input JSON format, when using a transformer.
LowerCidrNumAddresses	Check if number of availble addresses in IPv4 CIDR is lower than given number.
ExtractEmailTransformer	Extracts email addresses from the given value.
GetRange	Gets specified indexes of a list.
EmailDomainWhitelist	Accepts an array of domains as an allow list, and a list of email addresses. The script then filters out any email address whose domain is not in the allow list. The filtered list will be returned as an array.
PadZeros	Adds zeros (0) to the beginning of the string, until the string reaches the specified length.
BetweenDates	Whether value is within a date range.
ConvertKeysToTableFieldFormat	Convert object keys to match table keys. Use when mapping object/collection to table (grid) field. (Array of objects/collections is also supported). Example: Input: { "Engine": "val1", "Max Results": 13892378, "Key_With^Special (characters)": true } Output: { "engine": "val1", "maxresults": 13892378, "keywithspecialcharacters": true }
RegexGroups	Extraction of elements which are contained in all the subgroups of the match to the pattern. For example, extracting from the string "The quick brown fox" the object `{"article":"The","noun":quick"}` (See arguments descriptions for more details).
MakePair	This transformer will create a list of dictionary by aggregating elements from two arrays. The one is given by `value` (with `array1_key`), another is given by `array2` (with `array2_key`).
URLDecode	Converts https:%2F%2Fexample.com into https://example.com
IsNotInCidrRanges	Checks whether an IPv4 or IPv6 address is not contained in one or more comma-delimited CIDR ranges.
AfterRelativeDate	Checks the given datetime has occured after the provided relative time.
Cut	Cut a string by delimiter and return specific fields. Example input: "A-B-C-D-E" delimiter: "-" fields: "1,5" return: "A-E".

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (2)

Pack Name	Pack By
Aggregated Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.4.21 - 9008008 (May 14, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 44301

Download

1.4.20 - 8994397 (May 13, 2026)

Scripts

FormatTemplate

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DateStringToISOFormat

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GreaterCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ConvertAllExcept

Updated the Docker image to: demisto/python3:3.12.13.8428455.

PadZeros

Updated the Docker image to: demisto/python3:3.12.13.8428455.

BetweenHours

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RegexExtractAll

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ProductJoin

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ModifyDateTime

Updated the Docker image to: demisto/python3:3.12.13.8428455.

AfterRelativeDate

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DedupBy

Updated the Docker image to: demisto/python3:3.12.13.8428455.

URLEncode

Updated the Docker image to: demisto/python3:3.12.13.8428455.

BetweenDates

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ConvertToSingleElementArray

Updated the Docker image to: demisto/python3:3.12.13.8428455.

URLDecode

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ExtractInbetween

Updated the Docker image to: demisto/python3:3.12.13.8428455.

JsonToTable

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetValuesOfMultipleFields

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ReverseList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

EmailDomainBlacklist

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ConcatFormat

Updated the Docker image to: demisto/python3:3.12.13.8428455.

AnyMatch

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RegexGroups

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MapPattern

Updated the Docker image to: demisto/python3:3.12.13.8428455.

JoinIfSingleElementOnly

Updated the Docker image to: demisto/python3:3.12.13.8428455.

Base64Decode

Updated the Docker image to: demisto/python3:3.12.13.8428455.

FormattedDateToEpoch

Updated the Docker image to: demisto/python3:3.12.13.8428455.

StripChars

Updated the Docker image to: demisto/python3:3.12.13.8428455.

InRange

Updated the Docker image to: demisto/python3:3.12.13.8428455.

EmailDomainWhitelist

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RegexExpand

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RegexReplace

Updated the Docker image to: demisto/python3:3.12.13.8428455.

CIDRBiggerThanPrefix

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MapValuesTransformer

Updated the Docker image to: demisto/python3:3.12.13.8428455.

If-Elif

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetRange

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DT

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MakePair

Updated the Docker image to: demisto/python3:3.12.13.8428455.

TimeComponents

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MapRangeValues

Updated the Docker image to: demisto/python3:3.12.13.8428455.

SortBy

Updated the Docker image to: demisto/python3:3.12.13.8428455.

LowerCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RemoveMatches

Updated the Docker image to: demisto/python3:3.12.13.8428455.

StringToArray

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IgnoreFieldsFromJson

Updated the Docker image to: demisto/python3:3.12.13.8428455.

SumList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

Related pull requests:
- 44128

Download

1.4.19 - 8668717 (May 3, 2026)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.8544956.

Related pull requests:
- 44120

Download

1.4.18 - 8382811 (April 20, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43976

Download

1.4.17 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

1.4.16 - 7609529 (March 11, 2026)

Scripts

GetListContent

Fixed an issue where the GetListContent was disabled by default and therefore was not listed in the transformers UI.

Related pull requests:
- 43473
- 43475

Download

1.4.15 - 7533454 (March 9, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43414

Download

1.4.14 - 7489104 (March 8, 2026)

Scripts

New: GetListContent

Added a new GetListContent script that returns the content of the list with the given name as a string or JSON object, depending on specified value of the type argument.

Related pull requests:
- 43405
- 43145

Download

1.4.13 - R7448282 (March 5, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43262

Download

1.4.12 - 7289906 (February 23, 2026)

Scripts

DedupBy

Improved implementation of the internal hashing algorithm for large inputs.

Related pull requests:
- 43182

Download

1.4.11 - 7188558 (February 17, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43146

Download

1.4.10 - 7140315 (February 13, 2026)

Scripts

CheckIfSubdomain

Updated the Docker image to: demisto/python3:3.12.12.7090913.

Related pull requests:
- 43008

Download

1.4.9 - 6580350 (January 6, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 42564

Download

1.4.8 - 6238358 (December 11, 2025)

Scripts

If-Elif

Updated the Docker image to: demisto/python3:3.12.12.6204436.

StripChars

Updated the Docker image to: demisto/python3:3.12.12.6204436.

EmailDomainWhitelist

Updated the Docker image to: demisto/python3:3.12.12.6204436.

JsonToTable

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetRange

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateStringToISOFormat

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConvertToSingleElementArray

Updated the Docker image to: demisto/python3:3.12.12.6204436.

BetweenDates

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RegexExtractAll

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ProductJoin

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapRangeValues

Updated the Docker image to: demisto/python3:3.12.12.6204436.

SortBy

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CheckIfSubdomain

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConcatFormat

Updated the Docker image to: demisto/python3:3.12.12.6204436.

PadZeros

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConvertAllExcept

Updated the Docker image to: demisto/python3:3.12.12.6204436.

StringToArray

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RegexExpand

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FormatTemplate

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Base64Decode

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DedupBy

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GreaterCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.12.6204436.

SumList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapPattern

Updated the Docker image to: demisto/python3:3.12.12.6204436.

EmailDomainBlacklist

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ModifyDateTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RegexGroups

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RemoveMatches

Updated the Docker image to: demisto/python3:3.12.12.6204436.

URLEncode

Updated the Docker image to: demisto/python3:3.12.12.6204436.

InRange

Updated the Docker image to: demisto/python3:3.12.12.6204436.

JoinIfSingleElementOnly

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapValuesTransformer

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IgnoreFieldsFromJson

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CIDRBiggerThanPrefix

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ReverseList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

URLDecode

Updated the Docker image to: demisto/python3:3.12.12.6204436.

TimeComponents

Updated the Docker image to: demisto/python3:3.12.12.6204436.

LowerCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FormattedDateToEpoch

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetValuesOfMultipleFields

Updated the Docker image to: demisto/python3:3.12.12.6204436.

BetweenHours

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RegexReplace

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ExtractInbetween

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Related pull requests:
- 42247

Download

1.4.7 - 6187133 (December 8, 2025)

Scripts

MapPattern

Fixed an issue where evaluation for an entire object with dt didn't work.
Updated the Docker image to: demisto/python3:3.12.11.4819260.

Related pull requests:
- 41468
- 41701

Download

1.4.6 - 6088397 (December 1, 2025)

Scripts

MakePair

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 42096

Download

1.4.5 - 5940029 (November 20, 2025)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.5475267.

DT

Updated the Docker image to: demisto/python3:3.12.12.5490952.

AfterRelativeDate

Updated the Docker image to: demisto/python3:3.12.12.5490952.

AnyMatch

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41956

Download

1.4.4 - R5902470 (November 17, 2025)

Filters And Transformers

Documentation and Metadata improvements.

Related pull requests:
- 41936

Download

1.4.3 - 5888286 (November 16, 2025)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41916

Download

1.4.2 - 5620515 (October 28, 2025)

Scripts

New: ArrayAnyMatch

New: Added a new script- ArrayAnyMatch that Returns true if an element is shared between two lists.
(Available from Cortex XSOAR 6.10.0).

Related pull requests:
- 41657

Download

1.4.1 - 5538136 (October 23, 2025)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41627

Download

1.4.0 - 4923734 (September 17, 2025)

Scripts

New: BeforeRelativeDate

New: Added a new script- BeforeRelativeDate that Checks the given datetime has occured before the provided relative time.

Related pull requests:
- 41276
- 41348

Download

1.3.10 - 4803087 (September 8, 2025)

Scripts

MergeDictArray

Fixed an issue where an error occurred when an empty array was passed to the merge_with parameter.

Related pull requests:
- 41161
- 41115

Download

1.3.9 - 4669908 (August 27, 2025)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41087

Download

1.3.8 - 4583601 (August 20, 2025)

Scripts

StripChars

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

1.3.7 - 4431069 (August 5, 2025)

Scripts

New: RemoveNullBytes

New: Added a new script- RemoveNullBytes that Removes null bytes from string.
(Available from Cortex XSOAR 6.10.0).

Related pull requests:
- 40773
- 40815

Download

1.3.6 - 4341046 (July 28, 2025)

Scripts

If-Elif

Fixed an issue where the script failed to run due to a syntax warning.

Related pull requests:
- 40736

Download

1.3.5 - 4261213 (July 22, 2025)

Scripts

DedupBy

Fixed an issue where the script returned an invalid escape character error.

Related pull requests:
- 40667

Download

1.3.4 - 4239826 (July 21, 2025)

Filters And Transformers

Added Exposure Management and ASM as supported modules.

Related pull requests:
- 40649
- 40555

Download

1.3.3 - 4193314 (July 16, 2025)

Scripts

DT

Reverted changes made in version 1.3.2

Related pull requests:
- 40619

Download

1.3.2 - 4166662 (July 14, 2025)

Scripts

DT

Fixed an issue where performing operations on array values would return an incorrect result.
Updated the Docker image to: demisto/python3:3.12.11.4095827.

Related pull requests:
- 40576

Download

1.3.1 - 4130170 (July 10, 2025)

Filters And Transformers

Documentation and Metadata improvements.

Related pull requests:
- 40577

Download

1.3.0 - 4121830 (July 10, 2025)

Scripts

RegexGroups

Fixed an issue where the regex has no matches.

Related pull requests:
- 40554

Download

1.2.99 - 4096037 (July 8, 2025)

Scripts

ExtractEmailTransformer

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateStringToISOFormat

Updated the Docker image to: demisto/python3:3.12.8.3296088.

BetweenDates

Updated the Docker image to: demisto/python3:3.12.8.3296088.

TimeComponents

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MakePair

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MapPattern

Updated the Docker image to: demisto/python3:3.12.8.3296088.

LowerCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GreaterCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.8.3296088.

BetweenHours

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MapValuesTransformer

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Base64Decode

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DedupBy

Updated the Docker image to: demisto/python3:3.12.8.3296088.

FormattedDateToEpoch

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ExtractInbetween

Updated the Docker image to: demisto/python3:3.12.8.3296088.

InRange

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetRange

Updated the Docker image to: demisto/python3:3.12.8.3296088.

PadZeros

Updated the Docker image to: demisto/python3:3.12.8.3296088.

URLDecode

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CIDRBiggerThanPrefix

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RegexExtractAll

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SortBy

Updated the Docker image to: demisto/python3:3.12.8.3296088.

URLEncode

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConvertToSingleElementArray

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CheckIfSubdomain

Updated the Docker image to: demisto/python3:3.12.8.3296088.

FormatTemplate

Updated the Docker image to: demisto/python3:3.12.8.3296088.

StringToArray

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IgnoreFieldsFromJson

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RegexReplace

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ProductJoin

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SumList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ModifyDateTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConcatFormat

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RegexExpand

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConvertAllExcept

Updated the Docker image to: demisto/python3:3.12.8.3296088.

EmailDomainWhitelist

Updated the Docker image to: demisto/python3:3.12.8.3296088.

EmailDomainBlacklist

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RegexGroups

Updated the Docker image to: demisto/python3:3.12.8.3296088.

AnyMatch

Updated the Docker image to: demisto/python3:3.12.8.3296088.

If-Elif

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ReverseList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

JoinIfSingleElementOnly

Updated the Docker image to: demisto/python3:3.12.8.3296088.

AfterRelativeDate

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RemoveMatches

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MapRangeValues

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.2.98 - 4049458 (July 3, 2025)

Filters And Transformers

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.2.97 - 3887930 (June 20, 2025)

Scripts

IPv4Whitelist

Updated the Docker image to: demisto/netutils:1.0.0.3562043.

IPv4Blacklist

Updated the Docker image to: demisto/netutils:1.0.0.3562043.

IsRFC1918Address

Updated the Docker image to: demisto/netutils:1.0.0.3562043.

Related pull requests:
- 40309

Download

1.2.96 - 3642121 (June 4, 2025)

Scripts

JsonToTable

Added support for the url_keys argument to specify a list of keys in a given JSON table that should become clickable links.
Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40167
- 40057

Download

1.2.95 - R3481649 (May 21, 2025)

Scripts

GetValuesOfMultipleFields

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39986

Download

1.2.94 - 3444919 (May 18, 2025)

Scripts

FirstArrayElement

Fixed an issue where non-empty data was returned for an empty value.

LastArrayElement

Fixed an issue where non-empty data was returned for an empty value.

Related pull requests:
- 39944
- 39966

Download

1.4.21 - 9008008 (May 14, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 44301

Download

1.4.20 - 8994397 (May 13, 2026)

Scripts

FormatTemplate

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DateStringToISOFormat

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GreaterCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ConvertAllExcept

Updated the Docker image to: demisto/python3:3.12.13.8428455.

PadZeros

Updated the Docker image to: demisto/python3:3.12.13.8428455.

BetweenHours

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RegexExtractAll

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ProductJoin

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ModifyDateTime

Updated the Docker image to: demisto/python3:3.12.13.8428455.

AfterRelativeDate

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DedupBy

Updated the Docker image to: demisto/python3:3.12.13.8428455.

URLEncode

Updated the Docker image to: demisto/python3:3.12.13.8428455.

BetweenDates

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ConvertToSingleElementArray

Updated the Docker image to: demisto/python3:3.12.13.8428455.

URLDecode

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ExtractInbetween

Updated the Docker image to: demisto/python3:3.12.13.8428455.

JsonToTable

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetValuesOfMultipleFields

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ReverseList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

EmailDomainBlacklist

Updated the Docker image to: demisto/python3:3.12.13.8428455.

ConcatFormat

Updated the Docker image to: demisto/python3:3.12.13.8428455.

AnyMatch

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RegexGroups

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MapPattern

Updated the Docker image to: demisto/python3:3.12.13.8428455.

JoinIfSingleElementOnly

Updated the Docker image to: demisto/python3:3.12.13.8428455.

Base64Decode

Updated the Docker image to: demisto/python3:3.12.13.8428455.

FormattedDateToEpoch

Updated the Docker image to: demisto/python3:3.12.13.8428455.

StripChars

Updated the Docker image to: demisto/python3:3.12.13.8428455.

InRange

Updated the Docker image to: demisto/python3:3.12.13.8428455.

EmailDomainWhitelist

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RegexExpand

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RegexReplace

Updated the Docker image to: demisto/python3:3.12.13.8428455.

CIDRBiggerThanPrefix

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MapValuesTransformer

Updated the Docker image to: demisto/python3:3.12.13.8428455.

If-Elif

Updated the Docker image to: demisto/python3:3.12.13.8428455.

GetRange

Updated the Docker image to: demisto/python3:3.12.13.8428455.

DT

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MakePair

Updated the Docker image to: demisto/python3:3.12.13.8428455.

TimeComponents

Updated the Docker image to: demisto/python3:3.12.13.8428455.

MapRangeValues

Updated the Docker image to: demisto/python3:3.12.13.8428455.

SortBy

Updated the Docker image to: demisto/python3:3.12.13.8428455.

LowerCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.13.8428455.

RemoveMatches

Updated the Docker image to: demisto/python3:3.12.13.8428455.

StringToArray

Updated the Docker image to: demisto/python3:3.12.13.8428455.

IgnoreFieldsFromJson

Updated the Docker image to: demisto/python3:3.12.13.8428455.

SumList

Updated the Docker image to: demisto/python3:3.12.13.8428455.

Related pull requests:
- 44128

Download

1.4.19 - 8668717 (May 3, 2026)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.8544956.

Related pull requests:
- 44120

Download

1.4.18 - 8382811 (April 20, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43976

Download

1.4.17 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

1.4.16 - 7609529 (March 11, 2026)

Scripts

GetListContent

Fixed an issue where the GetListContent was disabled by default and therefore was not listed in the transformers UI.

Related pull requests:
- 43473
- 43475

Download

1.4.15 - 7502515 (March 9, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43414

Download

1.4.14 - 7489104 (March 8, 2026)

Scripts

New: GetListContent

Added a new GetListContent script that returns the content of the list with the given name as a string or JSON object, depending on specified value of the type argument.

Related pull requests:
- 43405
- 43145

Download

1.4.13 - R7448282 (March 5, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43262

Download

1.4.12 - 7289906 (February 23, 2026)

Scripts

DedupBy

Improved implementation of the internal hashing algorithm for large inputs.

Related pull requests:
- 43182

Download

1.4.11 - 7188558 (February 17, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43146

Download

1.4.10 - 7140315 (February 13, 2026)

Scripts

CheckIfSubdomain

Updated the Docker image to: demisto/python3:3.12.12.7090913.

Related pull requests:
- 43008

Download

1.4.9 - 6580350 (January 6, 2026)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 42564

Download

1.4.8 - 6238358 (December 11, 2025)

Scripts

If-Elif

Updated the Docker image to: demisto/python3:3.12.12.6204436.

StripChars

Updated the Docker image to: demisto/python3:3.12.12.6204436.

EmailDomainWhitelist

Updated the Docker image to: demisto/python3:3.12.12.6204436.

JsonToTable

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetRange

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DateStringToISOFormat

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConvertToSingleElementArray

Updated the Docker image to: demisto/python3:3.12.12.6204436.

BetweenDates

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RegexExtractAll

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ProductJoin

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapRangeValues

Updated the Docker image to: demisto/python3:3.12.12.6204436.

SortBy

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CheckIfSubdomain

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConcatFormat

Updated the Docker image to: demisto/python3:3.12.12.6204436.

PadZeros

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ConvertAllExcept

Updated the Docker image to: demisto/python3:3.12.12.6204436.

StringToArray

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RegexExpand

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FormatTemplate

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Base64Decode

Updated the Docker image to: demisto/python3:3.12.12.6204436.

DedupBy

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GreaterCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.12.6204436.

SumList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapPattern

Updated the Docker image to: demisto/python3:3.12.12.6204436.

EmailDomainBlacklist

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ModifyDateTime

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RegexGroups

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RemoveMatches

Updated the Docker image to: demisto/python3:3.12.12.6204436.

URLEncode

Updated the Docker image to: demisto/python3:3.12.12.6204436.

InRange

Updated the Docker image to: demisto/python3:3.12.12.6204436.

JoinIfSingleElementOnly

Updated the Docker image to: demisto/python3:3.12.12.6204436.

MapValuesTransformer

Updated the Docker image to: demisto/python3:3.12.12.6204436.

IgnoreFieldsFromJson

Updated the Docker image to: demisto/python3:3.12.12.6204436.

CIDRBiggerThanPrefix

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ReverseList

Updated the Docker image to: demisto/python3:3.12.12.6204436.

URLDecode

Updated the Docker image to: demisto/python3:3.12.12.6204436.

TimeComponents

Updated the Docker image to: demisto/python3:3.12.12.6204436.

LowerCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FormattedDateToEpoch

Updated the Docker image to: demisto/python3:3.12.12.6204436.

GetValuesOfMultipleFields

Updated the Docker image to: demisto/python3:3.12.12.6204436.

BetweenHours

Updated the Docker image to: demisto/python3:3.12.12.6204436.

RegexReplace

Updated the Docker image to: demisto/python3:3.12.12.6204436.

ExtractInbetween

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Related pull requests:
- 42247

Download

1.4.7 - 6187133 (December 8, 2025)

Scripts

MapPattern

Fixed an issue where evaluation for an entire object with dt didn't work.
Updated the Docker image to: demisto/python3:3.12.11.4819260.

Related pull requests:
- 41468
- 41701

Download

1.4.6 - 6088397 (December 1, 2025)

Scripts

MakePair

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 42096

Download

1.4.5 - 5940029 (November 20, 2025)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.5475267.

DT

Updated the Docker image to: demisto/python3:3.12.12.5490952.

AfterRelativeDate

Updated the Docker image to: demisto/python3:3.12.12.5490952.

AnyMatch

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41956

Download

1.4.4 - R5902470 (November 17, 2025)

Filters And Transformers

Documentation and Metadata improvements.

Related pull requests:
- 41936

Download

1.4.3 - 5888286 (November 16, 2025)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41916

Download

1.4.2 - 5620515 (October 28, 2025)

Scripts

New: ArrayAnyMatch

New: Added a new script- ArrayAnyMatch that Returns true if an element is shared between two lists.

Related pull requests:
- 41657

Download

1.4.1 - 5538136 (October 23, 2025)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41627

Download

1.4.0 - 4923734 (September 17, 2025)

Scripts

New: BeforeRelativeDate

New: Added a new script- BeforeRelativeDate that Checks the given datetime has occured before the provided relative time.

Related pull requests:
- 41276
- 41348

Download

1.3.10 - 4803087 (September 8, 2025)

Scripts

MergeDictArray

Fixed an issue where an error occurred when an empty array was passed to the merge_with parameter.

Related pull requests:
- 41161
- 41115

Download

1.3.9 - 4669908 (August 27, 2025)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41087

Download

1.3.8 - 4583601 (August 20, 2025)

Scripts

StripChars

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

1.3.7 - 4431069 (August 5, 2025)

Scripts

New: RemoveNullBytes

New: Added a new script- RemoveNullBytes that Removes null bytes from string.

Related pull requests:
- 40773
- 40815

Download

1.3.6 - 4350237 (July 29, 2025)

Scripts

If-Elif

Fixed an issue where the script failed to run due to a syntax warning.

Related pull requests:
- 40736

Download

1.3.5 - 4261213 (July 22, 2025)

Scripts

DedupBy

Fixed an issue where the script returned an invalid escape character error.

Related pull requests:
- 40667

Download

1.3.4 - 4239826 (July 21, 2025)

Filters And Transformers

Added Exposure Management and ASM as supported modules.

Related pull requests:
- 40649
- 40555

Download

1.3.3 - 4193314 (July 16, 2025)

Scripts

DT

Reverted changes made in version 1.3.2

Related pull requests:
- 40619

Download

1.3.2 - 4166662 (July 14, 2025)

Scripts

DT

Fixed an issue where performing operations on array values would return an incorrect result.
Updated the Docker image to: demisto/python3:3.12.11.4095827.

Related pull requests:
- 40576

Download

1.3.1 - 4130170 (July 10, 2025)

Filters And Transformers

Documentation and Metadata improvements.

Related pull requests:
- 40577

Download

1.3.0 - 4118212 (July 9, 2025)

Scripts

RegexGroups

Fixed an issue where the regex has no matches.

Related pull requests:
- 40554

Download

1.2.99 - 4096037 (July 8, 2025)

Scripts

ExtractEmailTransformer

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DateStringToISOFormat

Updated the Docker image to: demisto/python3:3.12.8.3296088.

BetweenDates

Updated the Docker image to: demisto/python3:3.12.8.3296088.

TimeComponents

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MakePair

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MapPattern

Updated the Docker image to: demisto/python3:3.12.8.3296088.

LowerCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GreaterCidrNumAddresses

Updated the Docker image to: demisto/python3:3.12.8.3296088.

BetweenHours

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MapValuesTransformer

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Base64Decode

Updated the Docker image to: demisto/python3:3.12.8.3296088.

DedupBy

Updated the Docker image to: demisto/python3:3.12.8.3296088.

FormattedDateToEpoch

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ExtractInbetween

Updated the Docker image to: demisto/python3:3.12.8.3296088.

InRange

Updated the Docker image to: demisto/python3:3.12.8.3296088.

GetRange

Updated the Docker image to: demisto/python3:3.12.8.3296088.

PadZeros

Updated the Docker image to: demisto/python3:3.12.8.3296088.

URLDecode

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CIDRBiggerThanPrefix

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RegexExtractAll

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SortBy

Updated the Docker image to: demisto/python3:3.12.8.3296088.

URLEncode

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConvertToSingleElementArray

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CheckIfSubdomain

Updated the Docker image to: demisto/python3:3.12.8.3296088.

FormatTemplate

Updated the Docker image to: demisto/python3:3.12.8.3296088.

StringToArray

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IgnoreFieldsFromJson

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RegexReplace

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ProductJoin

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SumList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ModifyDateTime

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConcatFormat

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RegexExpand

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ConvertAllExcept

Updated the Docker image to: demisto/python3:3.12.8.3296088.

EmailDomainWhitelist

Updated the Docker image to: demisto/python3:3.12.8.3296088.

EmailDomainBlacklist

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RegexGroups

Updated the Docker image to: demisto/python3:3.12.8.3296088.

AnyMatch

Updated the Docker image to: demisto/python3:3.12.8.3296088.

If-Elif

Updated the Docker image to: demisto/python3:3.12.8.3296088.

ReverseList

Updated the Docker image to: demisto/python3:3.12.8.3296088.

JoinIfSingleElementOnly

Updated the Docker image to: demisto/python3:3.12.8.3296088.

AfterRelativeDate

Updated the Docker image to: demisto/python3:3.12.8.3296088.

RemoveMatches

Updated the Docker image to: demisto/python3:3.12.8.3296088.

MapRangeValues

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.2.98 - 4049458 (July 3, 2025)

Filters And Transformers

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.2.97 - 3887930 (June 20, 2025)

Scripts

IPv4Whitelist

Updated the Docker image to: demisto/netutils:1.0.0.3562043.

IPv4Blacklist

Updated the Docker image to: demisto/netutils:1.0.0.3562043.

IsRFC1918Address

Updated the Docker image to: demisto/netutils:1.0.0.3562043.

Related pull requests:
- 40309

Download

1.2.96 - 3648597 (June 5, 2025)

Scripts

JsonToTable

Added support for the url_keys argument to specify a list of keys in a given JSON table that should become clickable links.
Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40167
- 40057

Download

1.2.95 - R3481649 (May 21, 2025)

Scripts

GetValuesOfMultipleFields

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39986

Download

1.2.94 - 3444919 (May 18, 2025)

Scripts

FirstArrayElement

Fixed an issue where non-empty data was returned for an empty value.

LastArrayElement

Fixed an issue where non-empty data was returned for an empty value.

Related pull requests:
- 39944
- 39966

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	January 4, 2022
Last Release	May 14, 2026

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.

Filters And Transformers

Pack Contributors:

Pack Contributors:

Example

Example

Filters And Transformers

Scripts

FormatTemplate

DateStringToISOFormat

GreaterCidrNumAddresses

ConvertAllExcept

PadZeros

BetweenHours

RegexExtractAll

ProductJoin

ModifyDateTime

AfterRelativeDate

DedupBy

URLEncode

BetweenDates

ConvertToSingleElementArray

URLDecode

ExtractInbetween

JsonToTable

GetValuesOfMultipleFields

ReverseList

EmailDomainBlacklist

ConcatFormat

AnyMatch

RegexGroups

MapPattern

JoinIfSingleElementOnly

Base64Decode

FormattedDateToEpoch

StripChars

InRange

EmailDomainWhitelist

RegexExpand

RegexReplace

CIDRBiggerThanPrefix

MapValuesTransformer

If-Elif

GetRange

DT

MakePair

TimeComponents

MapRangeValues

SortBy

LowerCidrNumAddresses

RemoveMatches

StringToArray

IgnoreFieldsFromJson

SumList

Scripts

jmespath

Filters And Transformers

Scripts

GetListContent

Filters And Transformers

Scripts

New: GetListContent

Filters And Transformers

Scripts

DedupBy

Filters And Transformers

Scripts

CheckIfSubdomain

Filters And Transformers

Scripts

If-Elif

StripChars

EmailDomainWhitelist

JsonToTable

GetRange

DateStringToISOFormat

ConvertToSingleElementArray

BetweenDates

RegexExtractAll

ProductJoin

MapRangeValues