Filters And Transformers

Details
Content
Dependencies
Version History

Download With Dependencies

Frequently used filters and transformers pack.

Pack Contributors:

Samuel Kamar
Masahiko Inoue

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Pack Contributors:

Samuel Kamar
Masahiko Inoue

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
StringToArray	Converts string to array. For example: `http://example.com/?score:1,4,time:55` will be transformed to `["http://example.com/?score:1,4,time:55"]`.
StringContainsArray	Checks whether a substring or an array of substrings is within a string array(each item will be checked). Supports single strings as well. For example, for substrings ['a','b','c'] in a string 'a' the script will return true.
BetweenDates	Whether value is within a date range.
ProductJoin	Returns the product of two lists, joined by a separator, as a list of strings.
IPv4Whitelist	Transformer that returns a filtered list of IPv4 addresses, based on whether they match a comma-separated list of IPv4 ranges. Useful for filtering in internal IP address space.
JsonToTable	Accepts a json object and returns a markdown.
ConvertToSingleElementArray	Converts a single string to an array of that string.
Cut	Cut a string by delimiter and return specific fields. Example input: "A-B-C-D-E" delimiter: "-" fields: "1,5" return: "A-E".
FormatTemplate	Build text from a template that can include DT expressions.
WhereFieldEquals	Return all items from the list where their given 'field' attribute is equal to 'equalTo' argument E.g. !WhereFieldEquals with the following arguments: value=[{ "name": "192.1,0.82", "type": "IP" }, { "name": "myFile.txt", "type": "File" }, { "name": "172.0.0.2", "type": "IP" }] field='type' equalTo='IP' getField='name' Will return all items names where field 'type' equals 'IP' - ['192.1,0.82', '172.0.0.2'].
JoinIfSingleElementOnly	Return the single element in case the array has only 1 element in it, otherwise return the whole array.
RegexGroups	Extraction of elements which are contained in all the subgroups of the match to the pattern. For example, extracting from the string "The quick brown fox" the object `{"article":"The","noun":quick"}` (See arguments descriptions for more details).
ExtractEmailTransformer	Extracts email addresses from the given value.
LastArrayElement	Returns the last element of an array. If the value passed is not an array, it returns the original value that was passed.
FormattedDateToEpoch	Converts a custom-formatted timestamp to UNIX epoch time. Use it to convert custom time stamps to a XSOAR date field. If you pass formatter argument, we will use it to transform. If not, we will use dateparser.parse for transforming. For more info, see: https://docs.python.org/3.7/library/datetime.html#strftime-and-strptime-behavior
FirstArrayElement	Returns the first element of an array. If the value passed is not an array, it returns the original value that was passed.
RegexExpand	Extract the strings matched to the patterns by doing backslash substitution on the template string. This transformer allow to input multiple regex patterns and multiple match targets, and those can be given in the input value and the argument parameters.
DateStringToISOFormat	This is a thin wrapper around the `dateutil.parser.parse` function. It will parse a string containing a date/time stamp and return it in ISO 8601 format.
GetValuesOfMultipleFields	The script receives a list of fields and a context key base path. For example, Key=Test.result List=username,user and will get all of the values from Test.result.username and Test.result.user. The Get field of the task must have the value ${.=[]}.
ConcatFormat	Returns a string concatenated with given a prefix and suffix which supports DT expressions.
StringifyArray	Return the string encoded with JSON from the whole array
ModifyDateTime	Takes a date or time input and adds or subtracts a determined amount of time. Returns a string in date or time in ISO Format.
StripChars	Strip set of characters from prefix and/or suffix e.g. StripChar value=~!!~www.mydomain.com~!~!~ chars=!~ will return www.mydomain.com
SetIfEmpty	Checks an object for an empty value and returns a pre-set default value.
GetRange	Gets specified indexes of a list.
RemoveEmpty	Remove empty items, entries or nodes from the array.
RegexReplace	Format patterns matched with regex. If the regex does not match any pattern, the original value is returned. Example 1: value: user=john regex: user=(.) output_format: name=\1 -> output value: name=john Example 2: value: xxx=yyy regex: user=(.) output_format: name=\1 -> output value: xxx=yyy
AfterRelativeDate	Checks the given datetime has occured after the provided relative time.
MergeDictArray	Each entry in an array is merged into the existing array if the keyed-value matches.
ExtractInbetween	Extract a string from an existing string.
CIDRBiggerThanPrefix	Checks whether a given CIDR prefix is bigger than the defined maximum prefix.
GreaterCidrNumAddresses	Check if number of availble addresses in IPv4 or IPv6 CIDR is greater than given number.
URLDecode	Converts https:%2F%2Fexample.com into https://example.com
ParseJSON	Parse a given JSON string "value" to a representative object. Example: '{"a": "value"}' => {"a": "value"}.
TimeStampToDate	Converts UNIX Epoch time stamp to a simplified extended ISO format string. Use it to convert time stamp to Demisto date field e.g. 1525006939 will return '2018-04-29T13:02:19.000Z'
CheckIfSubdomain	Checks whether a given domain is a subdomain of one of the listed domains.
MapRangeValues	This script converts an input value into another value using two lists. The input value or range is searched in the first list (map_from). If it exists, the value at the same index from the second list (map_to) is returned. If there is no match, the original value is returned. This script supports mapping from either ranges of float numbers or text strings. Example 1: map_from = "1,2,3,4" map_to = "4,3,2,1" value = 3 Output is "2" Example 2: map_from = "1-3,4" map_to = "5,1" value = 3 Output is "5".
Base64Decode	Decodes an input in Base64 format.
LowerCidrNumAddresses	Check if number of availble addresses in IPv4 CIDR is lower than given number.
URLEncode	Encodes a URL string by replacing special characters in the string using the %xx escape. For example: https://example.com converts to https:%2F%2Fexample.com.
MapPattern	This transformer will take in a value and transform it based on multiple condition expressions (wildcard, regex, etc) defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "condition expression": "desired outcome" For example: { ".match 1.": "Dest Val1", ".match 2.": "Dest Val2", ".match 3(.)": "\1", "match 4": { "algorithm": "wildcard", "output": "Dest Val4" } } The transformer will return the value matched to a pattern following to the priority. When unmatched or the input value is structured (dict or list), it will simply return the input value.
AnyMatch	Returns all elements from the left side that have a substring that is equal to an element from the right side. Note: This filter is case-insensitive. E.g -AnyMatch left=baby right=A will return baby. For more examples see the filter's Readme.
EmailDomainWhitelist	Accepts an array of domains as an allow list, and a list of email addresses. The script then filters out any email address whose domain is not in the allow list. The filtered list will be returned as an array.
MapValuesTransformer	This script converts the input value into another value using two lists. The input value is searched in the first list (input_values). If it exists, the value from the second list (mapped_values) at the same index is retutrned. If there is no match, the original value is returned. If the original input is a dictionary, then the script will look for a "stringified" version of the key/:/value pair in the input_values and then map the result in the output_values into the original "value". Example 1: input_values = "1,2,3,4" mapper_values = "4,3,2,1" value = 3 Output would be "2" Example 2: input_values ="firstkey: datahere,secondkey: datathere" mapper_values = "datathere,datahere" value(dict)= { "firstkey": "datahere" } Output would be: { "firstkey": "datathere" } The reason for matching the key AND value pair in a dictionary is to allow the mappig of values that have a specific key name. In most cases, dictionaries will continan key-value pairs in which the values are the same. You might want to change the value of KeyA, but not the value of KeyB. This method gives control over which key is changed. When the input is a dict, str , int, or list, the output is ALWAYS returned as a string.
If-Then-Else	A transformer for simple if-then-else logic.
SumList	Sums a List e.g. ["25", "10", "25"] => "60" This is an example for number transformer.
InRange	checks if left side is in range of right side (from,to anotation) e.g. - InRange left=4right=1,8 will return true.
RemoveMatches	Removes items from the given list of values if they match any of the patterns in the provided `filters`. If the match_exact argument is 'yes', direct string compare is used, otherwise the comparison is done using regex.
ConvertAllExcept	Convert all chosen values but exceptions.
AppendIfNotEmpty	Append item(s) to the end of the list if they are not empty.
jmespath	Performs a JMESPath search on an input JSON format, when using a transformer.
IgnoreFieldsFromJson	Removed selected fields from the JSON object.
BetweenHours	Checks whether the given value is within the specified time (hour) range.
IsRFC1918Address	A filter that receives a single IPv4 address string as an input and determines whether it is in the private RFC-1918 address space (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). For more information, see https://en.wikipedia.org/wiki/Private_network
If-Elif	A transformer for if-elif-else logic.
IsInCidrRanges	Determines whether an IPv4 or IPv6 address is contained in at least one of the comma-delimited CIDR ranges. Multiple IPv4/IPv6 addresses can be passed comma-delimited and each will be tested. A mix of IPv4 and IPv6 addresses will always return false.
DedupBy	This transformer will remove elements of the array that contain an identical combination of values for the keys given.
TimeComponents	Takes a date or time input and get time components in a specific time zone. Returns a dictionary with the following components. year year_4_digit month month_3_letter month_full_name month_2_digit day day_2_digit day_of_week (Sun:0, Sat:6) day_of_week_3_letter day_of_week_full_name day_of_year day_of_year_3_digit hour hour_12_clock hour_2_digit_24_clock hour_2_digit_12_clock hour_of_day minute minute_2_digit minute_of_day second second_2_digit second_of_day millisecond period_12_clock time_zone_hhmm time_zone_offset time_zone_abbreviations unix_epoch_time iso_8601 y-m-d yyyy-mm-dd hⓂ️s HⓂ️s hh:mm:ss HH:mm:ss.
ConvertKeysToTableFieldFormat	Convert object keys to match table keys. Use when mapping object/collection to table (grid) field. (Array of objects/collections is also supported). Example: Input: { "Engine": "val1", "Max Results": 13892378, "Key_With^Special (characters)": true } Output: { "engine": "val1", "maxresults": 13892378, "keywithspecialcharacters": true }
IPv4Blacklist	Transformer that returns a filtered list of IPv4 addresses, based on whether they do not match a comma-separated list of IPv4 ranges. Useful for filtering out internal IP address space.
SortBy	This transformer will sort an array of dictionary values by keys in ascending or descending order.
IsNotInCidrRanges	Checks whether an IPv4 or IPv6 address is not contained in one or more comma-delimited CIDR ranges.
MakePair	This transformer will create a list of dictionary by aggregating elements from two arrays. The one is given by `value` (with `array1_key`), another is given by `array2` (with `array2_key`).
EmailDomainBlacklist	Accepts an array of domains as a block list, and a list of email addresses. The script then filters out any email address whose domain is in the block list. The filtered list will be returned as an array.
ParseHTMLTables	Find tables inside HTML and extract the contents into objects using the following logic: If table has 2 columns and has no header row, treat the first column as key and second as value and create a table of key/value If table has a header row, create a table of objects where attribute names are the headers If table does not have a header row, create table of objects where attribute names are cell1, cell2, cell3…
PadZeros	Adds zeros (0) to the beginning of the string, until the string reaches the specified length.
ReverseList	Reverse a list e.g. ["Mars", "Jupiter", "Saturn"] => ["Saturn", "Jupiter", "Mars"] This is an example for entire-list transformer - it operates the argument as a list (note the "entirelist" tag).
RegexExtractAll	Extraction of all matches from a specified regular expression pattern from a provided string. Returns an array of results. This differs from RegexGroups in several ways: It returns all matches of the specified pattern, not just specific groups. This is useful for extracting things using a pattern where the content of the source string is indeterminate, such as extracting all email addresses. Some "convenience" arguments have been added to enhance usability: multi-line, ignore_case, period_matches_newline Added a new argument, "error_if_no_match". The script will not ordinarily throw an error if a match is not found but if not using as a transformer within a playbook, it may, in certain limited circumstances, be desirable to throw an error if the expression doesn't match. It uses the 'regex' library, which supports more some more advanced regex functionality than the standard 're' library. For more info, see https://pypi.org/project/regex/.
DT	This automation allows the usage of DT scripts within playbooks transformers

Automations

Name	Description
TimeStampToDate	Converts UNIX Epoch time stamp to a simplified extended ISO format string. Use it to convert time stamp to Demisto date field e.g. 1525006939 will return '2018-04-29T13:02:19.000Z'
GetValuesOfMultipleFields	The script receives a list of fields and a context key base path. For example, Key=Test.result List=username,user and will get all of the values from Test.result.username and Test.result.user. The Get field of the task must have the value ${.=[]}.
Cut	Cut a string by delimiter and return specific fields. Example input: "A-B-C-D-E" delimiter: "-" fields: "1,5" return: "A-E".
If-Elif	A transformer for if-elif-else logic.
RemoveEmpty	Remove empty items, entries or nodes from the array.
IsNotInCidrRanges	Checks whether an IPv4 or IPv6 address is not contained in one or more comma-delimited CIDR ranges.
MergeDictArray	Each entry in an array is merged into the existing array if the keyed-value matches.
ConcatFormat	Returns a string concatenated with given a prefix and suffix which supports DT expressions.
IPv4Whitelist	Transformer that returns a filtered list of IPv4 addresses, based on whether they match a comma-separated list of IPv4 ranges. Useful for filtering in internal IP address space.
ConvertKeysToTableFieldFormat	Convert object keys to match table keys. Use when mapping object/collection to table (grid) field. (Array of objects/collections is also supported). Example: Input: { "Engine": "val1", "Max Results": 13892378, "Key_With^Special (characters)": true } Output: { "engine": "val1", "maxresults": 13892378, "keywithspecialcharacters": true }
If-Then-Else	A transformer for simple if-then-else logic.
ExtractInbetween	Extract a string from an existing string.
StringifyArray	Return the string encoded with JSON from the whole array
ExtractEmailTransformer	Extracts email addresses from the given value.
StripChars	Strip set of characters from prefix and/or suffix e.g. StripChar value=~!!~www.mydomain.com~!~!~ chars=!~ will return www.mydomain.com
ProductJoin	Returns the product of two lists, joined by a separator, as a list of strings.
ParseJSON	Parse a given JSON string "value" to a representative object. Example: '{"a": "value"}' => {"a": "value"}.
JsonToTable	Accepts a json object and returns a markdown.
BetweenHours	Checks whether the given value is within the specified time (hour) range.
MapPattern	This transformer will take in a value and transform it based on multiple condition expressions (wildcard, regex, etc) defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: "condition expression": "desired outcome" For example: { ".match 1.": "Dest Val1", ".match 2.": "Dest Val2", ".match 3(.)": "\1", "match 4": { "algorithm": "wildcard", "output": "Dest Val4" } } The transformer will return the value matched to a pattern following to the priority. When unmatched or the input value is structured (dict or list), it will simply return the input value.
GetRange	Gets specified indexes of a list.
IgnoreFieldsFromJson	Removed selected fields from the JSON object.
JoinIfSingleElementOnly	Return the single element in case the array has only 1 element in it, otherwise return the whole array.
FormatTemplate	Build text from a template that can include DT expressions.
StringToArray	Converts string to array. For example: `http://example.com/?score:1,4,time:55` will be transformed to `["http://example.com/?score:1,4,time:55"]`.
Base64Decode	Decodes an input in Base64 format.
InRange	checks if left side is in range of right side (from,to anotation) e.g. - InRange left=4right=1,8 will return true.
CheckIfSubdomain	Checks whether a given domain is a subdomain of one of the listed domains.
MapValuesTransformer	This script converts the input value into another value using two lists. The input value is searched in the first list (input_values). If it exists, the value from the second list (mapped_values) at the same index is retutrned. If there is no match, the original value is returned. If the original input is a dictionary, then the script will look for a "stringified" version of the key/:/value pair in the input_values and then map the result in the output_values into the original "value". Example 1: input_values = "1,2,3,4" mapper_values = "4,3,2,1" value = 3 Output would be "2" Example 2: input_values ="firstkey: datahere,secondkey: datathere" mapper_values = "datathere,datahere" value(dict)= { "firstkey": "datahere" } Output would be: { "firstkey": "datathere" } The reason for matching the key AND value pair in a dictionary is to allow the mappig of values that have a specific key name. In most cases, dictionaries will continan key-value pairs in which the values are the same. You might want to change the value of KeyA, but not the value of KeyB. This method gives control over which key is changed. When the input is a dict, str , int, or list, the output is ALWAYS returned as a string.
CIDRBiggerThanPrefix	Checks whether a given CIDR prefix is bigger than the defined maximum prefix.
SortBy	This transformer will sort an array of dictionary values by keys in ascending or descending order.
IsInCidrRanges	Determines whether an IPv4 or IPv6 address is contained in at least one of the comma-delimited CIDR ranges. Multiple IPv4/IPv6 addresses can be passed comma-delimited and each will be tested. A mix of IPv4 and IPv6 addresses will always return false.
IPv4Blacklist	Transformer that returns a filtered list of IPv4 addresses, based on whether they do not match a comma-separated list of IPv4 ranges. Useful for filtering out internal IP address space.
TimeComponents	Takes a date or time input and get time components in a specific time zone. Returns a dictionary with the following components. year year_4_digit month month_3_letter month_full_name month_2_digit day day_2_digit day_of_week (Sun:0, Sat:6) day_of_week_3_letter day_of_week_full_name day_of_year day_of_year_3_digit hour hour_12_clock hour_2_digit_24_clock hour_2_digit_12_clock hour_of_day minute minute_2_digit minute_of_day second second_2_digit second_of_day millisecond period_12_clock time_zone_hhmm time_zone_offset time_zone_abbreviations unix_epoch_time iso_8601 y-m-d yyyy-mm-dd hⓂ️s HⓂ️s hh:mm:ss HH:mm:ss.
MapRangeValues	This script converts an input value into another value using two lists. The input value or range is searched in the first list (map_from). If it exists, the value at the same index from the second list (map_to) is returned. If there is no match, the original value is returned. This script supports mapping from either ranges of float numbers or text strings. Example 1: map_from = "1,2,3,4" map_to = "4,3,2,1" value = 3 Output is "2" Example 2: map_from = "1-3,4" map_to = "5,1" value = 3 Output is "5".
FirstArrayElement	Returns the first element of an array. If the value passed is not an array, it returns the original value that was passed.
PadZeros	Adds zeros (0) to the beginning of the string, until the string reaches the specified length.
DT	This automation allows the usage of DT scripts within playbooks transformers
AppendIfNotEmpty	Append item(s) to the end of the list if they are not empty.
ReverseList	Reverse a list e.g. ["Mars", "Jupiter", "Saturn"] => ["Saturn", "Jupiter", "Mars"] This is an example for entire-list transformer - it operates the argument as a list (note the "entirelist" tag).
jmespath	Performs a JMESPath search on an input JSON format, when using a transformer.
ModifyDateTime	Takes a date or time input and adds or subtracts a determined amount of time. Returns a string in date or time in ISO Format.
LastArrayElement	Returns the last element of an array. If the value passed is not an array, it returns the original value that was passed.
DateStringToISOFormat	This is a thin wrapper around the `dateutil.parser.parse` function. It will parse a string containing a date/time stamp and return it in ISO 8601 format.
URLDecode	Converts https:%2F%2Fexample.com into https://example.com
GreaterCidrNumAddresses	Check if number of availble addresses in IPv4 or IPv6 CIDR is greater than given number.
RegexExpand	Extract the strings matched to the patterns by doing backslash substitution on the template string. This transformer allow to input multiple regex patterns and multiple match targets, and those can be given in the input value and the argument parameters.
AfterRelativeDate	Checks the given datetime has occured after the provided relative time.
WhereFieldEquals	Return all items from the list where their given 'field' attribute is equal to 'equalTo' argument E.g. !WhereFieldEquals with the following arguments: value=[{ "name": "192.1,0.82", "type": "IP" }, { "name": "myFile.txt", "type": "File" }, { "name": "172.0.0.2", "type": "IP" }] field='type' equalTo='IP' getField='name' Will return all items names where field 'type' equals 'IP' - ['192.1,0.82', '172.0.0.2'].
LowerCidrNumAddresses	Check if number of availble addresses in IPv4 CIDR is lower than given number.
MakePair	This transformer will create a list of dictionary by aggregating elements from two arrays. The one is given by `value` (with `array1_key`), another is given by `array2` (with `array2_key`).
AnyMatch	Returns all elements from the left side that have a substring that is equal to an element from the right side. Note: This filter is case-insensitive. E.g -AnyMatch left=baby right=A will return baby. For more examples see the filter's Readme.
SetIfEmpty	Checks an object for an empty value and returns a pre-set default value.
RegexGroups	Extraction of elements which are contained in all the subgroups of the match to the pattern. For example, extracting from the string "The quick brown fox" the object `{"article":"The","noun":quick"}` (See arguments descriptions for more details).
RegexExtractAll	Extraction of all matches from a specified regular expression pattern from a provided string. Returns an array of results. This differs from RegexGroups in several ways: It returns all matches of the specified pattern, not just specific groups. This is useful for extracting things using a pattern where the content of the source string is indeterminate, such as extracting all email addresses. Some "convenience" arguments have been added to enhance usability: multi-line, ignore_case, period_matches_newline Added a new argument, "error_if_no_match". The script will not ordinarily throw an error if a match is not found but if not using as a transformer within a playbook, it may, in certain limited circumstances, be desirable to throw an error if the expression doesn't match. It uses the 'regex' library, which supports more some more advanced regex functionality than the standard 're' library. For more info, see https://pypi.org/project/regex/.
RegexReplace	Format patterns matched with regex. If the regex does not match any pattern, the original value is returned. Example 1: value: user=john regex: user=(.) output_format: name=\1 -> output value: name=john Example 2: value: xxx=yyy regex: user=(.) output_format: name=\1 -> output value: xxx=yyy
DedupBy	This transformer will remove elements of the array that contain an identical combination of values for the keys given.
ConvertAllExcept	Convert all chosen values but exceptions.
BetweenDates	Whether value is within a date range.
ParseHTMLTables	Find tables inside HTML and extract the contents into objects using the following logic: If table has 2 columns and has no header row, treat the first column as key and second as value and create a table of key/value If table has a header row, create a table of objects where attribute names are the headers If table does not have a header row, create table of objects where attribute names are cell1, cell2, cell3…
RemoveMatches	Removes items from the given list of values if they match any of the patterns in the provided `filters`. If the match_exact argument is 'yes', direct string compare is used, otherwise the comparison is done using regex.
EmailDomainWhitelist	Accepts an array of domains as an allow list, and a list of email addresses. The script then filters out any email address whose domain is not in the allow list. The filtered list will be returned as an array.
URLEncode	Encodes a URL string by replacing special characters in the string using the %xx escape. For example: https://example.com converts to https:%2F%2Fexample.com.
StringContainsArray	Checks whether a substring or an array of substrings is within a string array(each item will be checked). Supports single strings as well. For example, for substrings ['a','b','c'] in a string 'a' the script will return true.
FormattedDateToEpoch	Converts a custom-formatted timestamp to UNIX epoch time. Use it to convert custom time stamps to a XSOAR date field. If you pass formatter argument, we will use it to transform. If not, we will use dateparser.parse for transforming. For more info, see: https://docs.python.org/3.7/library/datetime.html#strftime-and-strptime-behavior
ConvertToSingleElementArray	Converts a single string to an array of that string.
SumList	Sums a List e.g. ["25", "10", "25"] => "60" This is an example for number transformer.
IsRFC1918Address	A filter that receives a single IPv4 address string as an input and determines whether it is in the private RFC-1918 address space (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). For more information, see https://en.wikipedia.org/wiki/Private_network
EmailDomainBlacklist	Accepts an array of domains as a block list, and a list of email addresses. The script then filters out any email address whose domain is in the block list. The filtered list will be returned as an array.

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

1.2.88 - 1977897 (January 13, 2025)

Scripts

IPv4Blacklist

Updated the Docker image to: demisto/netutils:1.0.0.118055.

IsRFC1918Address

Updated the Docker image to: demisto/netutils:1.0.0.118055.

IPv4Whitelist

Updated the Docker image to: demisto/netutils:1.0.0.118055.

Related pull requests:
- 37977
- 37961
- 37959
- 37957

Download

1.2.87 - 1935630 (January 6, 2025)

Scripts

EmailDomainBlacklist

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

EmailDomainWhitelist

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

MapValuesTransformer

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

ParseHTMLTables

Code functionality and documentation improvements.

Related pull requests:
- 37472

Download

1.2.86 - 1812905 (December 15, 2024)

Scripts

FormattedDateToEpoch

Updated the Docker image to: demisto/python3:3.11.10.115186.

DateStringToISOFormat

Updated the Docker image to: demisto/python3:3.11.10.115186.

TimeComponents

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37630

Download

1.2.85 - 1718057 (November 28, 2024)

Scripts

URLDecode

Updated the Docker image to: demisto/python3:3.11.10.115186.

RegexExpand

Updated the Docker image to: demisto/python3:3.11.10.115186.

LowerCidrNumAddresses

Updated the Docker image to: demisto/python3:3.11.10.115186.

ProductJoin

Updated the Docker image to: demisto/python3:3.11.10.115186.

GreaterCidrNumAddresses

Updated the Docker image to: demisto/python3:3.11.10.115186.

EmailDomainBlacklist

Updated the Docker image to: demisto/python3:3.11.10.115186.

JoinIfSingleElementOnly

Updated the Docker image to: demisto/python3:3.11.10.115186.

StringToArray

Updated the Docker image to: demisto/python3:3.11.10.115186.

CIDRBiggerThanPrefix

Updated the Docker image to: demisto/python3:3.11.10.115186.

ExtractEmailTransformer

Updated the Docker image to: demisto/python3:3.11.10.115186.

EmailDomainWhitelist

Updated the Docker image to: demisto/python3:3.11.10.115186.

RegexReplace

Updated the Docker image to: demisto/python3:3.11.10.115186.

SortBy

Updated the Docker image to: demisto/python3:3.11.10.115186.

MapRangeValues

Updated the Docker image to: demisto/python3:3.11.10.115186.

BetweenDates

Updated the Docker image to: demisto/python3:3.11.10.115186.

InRange

Updated the Docker image to: demisto/python3:3.11.10.115186.

ConvertToSingleElementArray

Updated the Docker image to: demisto/python3:3.11.10.115186.

BetweenHours

Updated the Docker image to: demisto/python3:3.11.10.115186.

PadZeros

Updated the Docker image to: demisto/python3:3.11.10.115186.

DedupBy

Updated the Docker image to: demisto/python3:3.11.10.115186.

ModifyDateTime

Updated the Docker image to: demisto/python3:3.11.10.115186.

MapValuesTransformer

Updated the Docker image to: demisto/python3:3.11.10.115186.

If-Elif

Updated the Docker image to: demisto/python3:3.11.10.115186.

AnyMatch

Updated the Docker image to: demisto/python3:3.11.10.115186.

FormatTemplate

Updated the Docker image to: demisto/python3:3.11.10.115186.

ConcatFormat

Updated the Docker image to: demisto/python3:3.11.10.115186.

AfterRelativeDate

Updated the Docker image to: demisto/python3:3.11.10.115186.

RegexExtractAll

Updated the Docker image to: demisto/python3:3.11.10.115186.

Base64Decode

Updated the Docker image to: demisto/python3:3.11.10.115186.

ConvertAllExcept

Updated the Docker image to: demisto/python3:3.11.10.115186.

IgnoreFieldsFromJson

Updated the Docker image to: demisto/python3:3.11.10.115186.

URLEncode

Updated the Docker image to: demisto/python3:3.11.10.115186.

ExtractInbetween

Updated the Docker image to: demisto/python3:3.11.10.115186.

DT

Updated the Docker image to: demisto/python3:3.11.10.115186.

JsonToTable

Updated the Docker image to: demisto/python3:3.11.10.115186.

ReverseList

Updated the Docker image to: demisto/python3:3.11.10.115186.

RemoveMatches

Updated the Docker image to: demisto/python3:3.11.10.115186.

StripChars

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetRange

Updated the Docker image to: demisto/python3:3.11.10.115186.

SumList

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetValuesOfMultipleFields

Updated the Docker image to: demisto/python3:3.11.10.115186.

MakePair

Updated the Docker image to: demisto/python3:3.11.10.115186.

MapPattern

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

1.2.84 - 1699115 (November 25, 2024)

Scripts

ParseHTMLTables

Updated the Docker image to: demisto/bs4-py3:1.0.0.117152.

Related pull requests:
- 37405
- 37407
- 37403
- 37355
- 37378
- 37402
- 37356
- 37404
- 37357
- 37406

Download

1.2.83 - 1693004 (November 24, 2024)

Scripts

CheckIfSubdomain

Updated the script to extract the domain list from a file instead of making an HTTP request.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37300

Download

1.2.82 - 1675652 (November 20, 2024)

Scripts

RegexGroups

Updated the Docker image to: demisto/python3:3.11.10.116439.

Related pull requests:
- 37271

Download

1.2.81 - 1619437 (November 10, 2024)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.114656.

Related pull requests:
- 37059
- 37052
- 37051

Download

1.2.80 - 1615839 (November 10, 2024)

Scripts

IPv4Whitelist

Updated the Docker image to: demisto/netutils:1.0.0.115452.

IPv4Blacklist

Updated the Docker image to: demisto/netutils:1.0.0.115452.

IsRFC1918Address

Updated the Docker image to: demisto/netutils:1.0.0.115452.

Related pull requests:
- 37122
- 37108

Download

1.2.79 - 1502510 (October 13, 2024)

Scripts

AnyMatch

Fixed an issue where the script would fail when one of the arguments was missing.

Related pull requests:
- 36560

Download

1.2.78 - 1491068 (October 10, 2024)

Scripts

MapPattern

Fixed an issue where caseless=true doesn't work on algorithm=literal.

Related pull requests:
- 36648
- 36590

Download

1.2.77 - R1324639 (August 29, 2024)

Scripts

AfterRelativeDate

Fixed an issue where the script failed to compare offset-aware dates.
Updated the Docker image to: demisto/python3:3.11.9.107902.

Related pull requests:
- 35962

Download

1.2.76 - 1200812 (July 22, 2024)

Scripts

MergeDictArray

Fixed an issue that out_key doesn't affect to unmatched values.

Related pull requests:
- 35517
- 35551

Download

1.2.75 - 1197130 (July 21, 2024)

Scripts

ExtractEmailTransformer

Fixed an issue where the script was not visible in the UI.

Related pull requests:
- 35527

Download

1.2.74 - 1096899 (June 16, 2024)

Scripts

MapRangeValues

Fixed an issue where certain numbers were treated as strings instead of float numbers.

Related pull requests:
- 34863

Download

1.2.73 - 1082615 (June 10, 2024)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34804

Download

1.2.72 - 1054698 (May 29, 2024)

Scripts

New: RemoveMatches

New: Removes items from the given list of values if they match any of the patterns in the provided filters.
(Available from Cortex XSOAR 6.10.0).

Related pull requests:
- 34414
- 34610

Download

1.2.71 - 1051712 (May 28, 2024)

Scripts

TimeComponents

Updated the Docker image to: demisto/python3:3.10.14.95956.

Related pull requests:
- 34554

Download

1.2.70 - 1021616 (May 16, 2024)

Scripts

IsRFC1918Address

Documentation and metadata improvements.
Updated the Docker image to: demisto/netutils:1.0.0.92795.

Related pull requests:
- 34341

Download

1.2.69 - 998827 (May 6, 2024)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34212

Download

1.2.68 - 965684 (April 18, 2024)

Scripts

MapRangeValues

Fixed an issue where numbers were automatically converted to float instead of int.
Documentation and metadata improvements.
Updated the sep argument to be not required.
Updated the Docker image to: demisto/python3:3.10.14.92207.

Related pull requests:
- 34013

Download

1.2.67 - 956366 (April 15, 2024)

Scripts

BetweenHours

Added support for handling time ranges that span across midnight.
Updated the Docker image to: demisto/python3:3.10.14.91134.

Related pull requests:
- 33774
- 33932

Download

1.2.66 - 904622 (March 20, 2024)

Scripts

IsNotInCidrRanges

Fixed an issue where the automation incorrectly returned a positive result in some cases.

Cut

Fixed an issue where the transformer returned an error when used on date fields.

Related pull requests:
- 33438

Download

1.2.64 - R889167 (March 13, 2024)

Scripts

IsNotInCidrRanges

Fixed an issue where the automation returned an error when used as a filter.

Related pull requests:
- 33313

Download

1.2.63 - 876540 (March 7, 2024)

Scripts

IsInCidrRanges

Fixed an issue where using different protocol versions (IPv4 and IPv6), which could return erroneous results.

Related pull requests:
- 33246

Download

1.2.62 - 860845 (March 1, 2024)

Scripts

Cut

Improved implementation for better performance.

IsNotInCidrRanges

Improved implementation for better performance.

Related pull requests:
- 33135

Download

1.2.61 - 836299 (February 18, 2024)

Scripts

DT

Updated the Docker image to: demisto/python3:3.10.13.86272.

StripChars

Updated the Docker image to: demisto/python3:3.10.13.86272.

GetValuesOfMultipleFields

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32446

Download

1.2.60 - 829761 (February 15, 2024)

Scripts

ParseHTMLTables

Updated the Docker image to: demisto/bs4-py3:1.0.0.86348.

Related pull requests:
- 32938
- 32763
- 32762
- 32741
- 32744
- 32745
- 32752
- 32753
- 32754
- 32759
- 32761

Download

1.2.59 - 828628 (February 14, 2024)

Scripts

IsNotInCidrRanges

Updated the automation to handle nested lists of IPs.
Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32854
- 32120

Download

1.2.58 - 823153 (February 12, 2024)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.87415.

Related pull requests:
- 32840

Download

1.2.57 - 793334 (January 30, 2024)

Scripts

GetRange

Updated the Docker image to: demisto/python3:3.10.13.86272.

AfterRelativeDate

Updated the Docker image to: demisto/python3:3.10.13.86272.

RegexReplace

Updated the Docker image to: demisto/python3:3.10.13.86272.

ConvertAllExcept

Updated the Docker image to: demisto/python3:3.10.13.86272.

Cut

Updated the Docker image to: demisto/python3:3.10.13.86272.

SumList

Updated the Docker image to: demisto/python3:3.10.13.86272.

InRange

Updated the Docker image to: demisto/python3:3.10.13.86272.

CheckIfSubdomain

Updated the Docker image to: demisto/python3:3.10.13.86272.

FormatTemplate

Updated the Docker image to: demisto/python3:3.10.13.86272.

RegexExtractAll

Updated the Docker image to: demisto/python3:3.10.13.86272.

ExtractInbetween

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32408

Download

1.2.56 - 790023 (January 28, 2024)

Scripts

SetIfEmpty

Fixed an issue where the script incorrectly parsed values when chaining transformers.

Related pull requests:
- 32448

Download

1.2.55 - 778227 (January 22, 2024)

Filters And Transformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 32331

Download

1.2.54 - 772178 (January 19, 2024)

Scripts

SetIfEmpty

Fixed an issue in the defaultValue argument, where it failed to handle values from context paths.

Related pull requests:
- 32310

Download

1.2.53 - 760302 (January 14, 2024)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.84811.

Related pull requests:
- 32154

Download

1.2.52 - 743135 (January 4, 2024)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.84236.

Related pull requests:
- 31969

Download

1.2.51 - 729445 (January 1, 2024)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.84025.

Related pull requests:
- 31880

Download

1.2.50 - 722180 (December 28, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.83976.

Related pull requests:
- 31830

Download

1.2.49 - 721233 (December 27, 2023)

Scripts

URLEncode

Updated the Docker image to: demisto/python3:3.10.13.83255.

EmailDomainBlacklist

Updated the Docker image to: demisto/python3:3.10.13.83255.

CIDRBiggerThanPrefix

Updated the Docker image to: demisto/python3:3.10.13.83255.

MapValuesTransformer

Updated the Docker image to: demisto/python3:3.10.13.83255.

Base64Decode

Updated the Docker image to: demisto/python3:3.10.13.83255.

BetweenHours

Updated the Docker image to: demisto/python3:3.10.13.83255.

GreaterCidrNumAddresses

Updated the Docker image to: demisto/python3:3.10.13.83255.

SortBy

Updated the Docker image to: demisto/python3:3.10.13.83255.

ConvertToSingleElementArray

Updated the Docker image to: demisto/python3:3.10.13.83255.

IgnoreFieldsFromJson

Updated the Docker image to: demisto/python3:3.10.13.83255.

ProductJoin

Updated the Docker image to: demisto/python3:3.10.13.83255.

MakePair

Updated the Docker image to: demisto/python3:3.10.13.83255.

JoinIfSingleElementOnly

Updated the Docker image to: demisto/python3:3.10.13.83255.

PadZeros

Updated the Docker image to: demisto/python3:3.10.13.83255.

FormattedDateToEpoch

Updated the Docker image to: demisto/python3:3.10.13.83255.

ReverseList

Updated the Docker image to: demisto/python3:3.10.13.83255.

BetweenDates

Updated the Docker image to: demisto/python3:3.10.13.83255.

AnyMatch

Updated the Docker image to: demisto/python3:3.10.13.83255.

RegexExpand

Updated the Docker image to: demisto/python3:3.10.13.83255.

ConcatFormat

Updated the Docker image to: demisto/python3:3.10.13.83255.

LowerCidrNumAddresses

Updated the Docker image to: demisto/python3:3.10.13.83255.

MapPattern

Updated the Docker image to: demisto/python3:3.10.13.83255.

DedupBy

Updated the Docker image to: demisto/python3:3.10.13.83255.

ModifyDateTime

Updated the Docker image to: demisto/python3:3.10.13.83255.

MapRangeValues

Updated the Docker image to: demisto/python3:3.10.13.83255.

URLDecode

Updated the Docker image to: demisto/python3:3.10.13.83255.

TimeComponents

Updated the Docker image to: demisto/python3:3.10.13.83255.

StringToArray

Updated the Docker image to: demisto/python3:3.10.13.83255.

EmailDomainWhitelist

Updated the Docker image to: demisto/python3:3.10.13.83255.

ExtractEmailTransformer

Updated the Docker image to: demisto/python3:3.10.13.83255.

DateStringToISOFormat

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31808

Download

1.2.48 - 7232090 (December 21, 2023)

Scripts

JsonToTable

Fixed an issue where the JsonToTable script not returning Human-Readable output.
Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31511

Download

1.2.47 - 7209615 (December 19, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.83687.

Related pull requests:
- 31553

Download

1.2.46 - 7153835 (December 13, 2023)

Scripts

IPv4Blacklist

Updated the Docker image to: demisto/netutils:1.0.0.83404.

IsRFC1918Address

Updated the Docker image to: demisto/netutils:1.0.0.83404.

IPv4Whitelist

Updated the Docker image to: demisto/netutils:1.0.0.83404.

IsNotInCidrRanges

Updated the Docker image to: demisto/netutils:1.0.0.83404.

Related pull requests:
- 31428

Download

1.2.45 - 7149458 (December 13, 2023)

Scripts

If-Elif

Fixed an issue where an error would be returned when Common Arguments were provided.
Updated the docker image to demisto/python3:3.10.13.83255.

Related pull requests:
- 31418

Download

1.2.44 - 7132024 (December 11, 2023)

Scripts

ExtractEmailTransformer

Improved implementation for better performance.
Updated to catch emails with unicode as well (Available from Cortex XSOAR 6.11.0).

Related pull requests:
- 31159

Download

1.2.43 - 7066068 (December 4, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.82341.

Related pull requests:
- 31289

Download

1.2.42 - 7033788 (November 30, 2023)

Scripts

FirstArrayElement

Improved implementation for better performance.

LastArrayElement

Improved implementation for better performance.

Related pull requests:
- 31228

Download

1.2.41 - 7029664 (November 30, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.81890.

Related pull requests:
- 31217

Download

1.2.39 - 7018867 (November 29, 2023)

Scripts

WhereFieldEquals

Improved implementation for better performance.

SetIfEmpty

Improved implementation for better performance.

Related pull requests:
- 30897

Download

1.2.38 - 6992191 (November 26, 2023)

Scripts

MapRangeValues

Updated the script to allow range values of float numbers.
Updated the Docker image to: demisto/python3:3.10.13.80593.

Related pull requests:
- 31095

Download

1.2.37 - 6910634 (November 16, 2023)

Scripts

IsInCidrRanges

Improved implementation for better performance.

Related pull requests:
- 30907

Download

1.2.36 - 6864790 (November 12, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.80312.

Related pull requests:
- 30812

Download

1.2.35 - 6711018 (October 26, 2023)

Scripts

RegexGroups

Changed the script to return empty results upon failures to extract groups via regex.
Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30386

Download

1.2.34 - 6636841 (October 18, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.77497.

Related pull requests:
- 30237

Download

1.2.33 - 6608983 (October 15, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.77054.

Related pull requests:
- 30136

Download

1.2.32 - 6437102 (September 27, 2023)

Scripts

IPv4Blacklist

Updated the Docker image to: demisto/netutils:1.0.0.74582.

IPv4Whitelist

Updated the Docker image to: demisto/netutils:1.0.0.74582.

IsNotInCidrRanges

Updated the Docker image to: demisto/netutils:1.0.0.74582.

IsRFC1918Address

Updated the Docker image to: demisto/netutils:1.0.0.74582.

Related pull requests:
- 29576

Download

1.2.31 - 6389447 (September 21, 2023)

Scripts

New: If-Elif

New: A transformer for if-elif-else logic. (Available from Cortex XSOAR 6.9.0).

Related pull requests:
- 27763

Download

1.2.30 - R6303396 (September 12, 2023)

FiltersAndTransformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 29466

Download

1.2.29 - 6259960 (September 7, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.73055.

Related pull requests:
- 29532

Download

1.2.28 - 6117817 (August 22, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.71964.

Related pull requests:
- 29105

Download

1.2.27 - 5969979 (August 6, 2023)

FiltersAndTransformers

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 28753

Download

1.2.26 - 5950262 (August 3, 2023)

Scripts

New: AnyMatch

New: Returns all elements from the left side that have a substring that exists on the right side.

Related pull requests:
- 28696

Download

1.2.25 - 5907671 (July 30, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.67089.

Related pull requests:
- 28582

Download

1.2.24 - R5866730 (July 25, 2023)

Scripts

FormattedDateToEpoch

Updated the Docker image to: demisto/python3:3.10.12.63474.

ReverseList

Updated the Docker image to: demisto/python3:3.10.12.63474.

BetweenDates

Updated the Docker image to: demisto/python3:3.10.12.63474.

RegexExpand

Updated the Docker image to: demisto/python3:3.10.12.63474.

DT

Updated the Docker image to: demisto/python3:3.10.12.63474.

WhereFieldEquals

Updated the Docker image to: demisto/python3:3.10.12.63474.

ConcatFormat

Updated the Docker image to: demisto/python3:3.10.12.63474.

LowerCidrNumAddresses

Updated the Docker image to: demisto/python3:3.10.12.63474.

MapPattern

Updated the Docker image to: demisto/python3:3.10.12.63474.

RegexExtractAll

Updated the Docker image to: demisto/python3:3.10.12.63474.

DedupBy

Updated the Docker image to: demisto/python3:3.10.12.63474.

ModifyDateTime

Updated the Docker image to: demisto/python3:3.10.12.63474.

MapRangeValues

Updated the Docker image to: demisto/python3:3.10.12.63474.

URLDecode

Updated the Docker image to: demisto/python3:3.10.12.63474.

StripChars

Updated the Docker image to: demisto/python3:3.10.12.63474.

TimeComponents

Updated the Docker image to: demisto/python3:3.10.12.63474.

IsInCidrRanges

Updated the Docker image to: demisto/python3:3.10.12.63474.

StringToArray

Updated the Docker image to: demisto/python3:3.10.12.63474.

EmailDomainWhitelist

Updated the Docker image to: demisto/python3:3.10.12.63474.

DateStringToISOFormat

Updated the Docker image to: demisto/python3:3.10.12.63474.

RegexGroups

Updated the Docker image to: demisto/python3:3.10.12.63474.

JsonToTable

Updated the Docker image to: demisto/python3:3.10.12.63474.

AfterRelativeDate

Updated the Docker image to: demisto/python3:3.10.12.63474.

FormatTemplate

Updated the Docker image to: demisto/python3:3.10.12.63474.

ConvertAllExcept

Updated the Docker image to: demisto/python3:3.10.12.63474.

InRange

Updated the Docker image to: demisto/python3:3.10.12.63474.

GetRange

Updated the Docker image to: demisto/python3:3.10.12.63474.

Cut

Updated the Docker image to: demisto/python3:3.10.12.63474.

CheckIfSubdomain

Updated the Docker image to: demisto/python3:3.10.12.63474.

RegexReplace

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28130

Download

1.2.23 - 5750551 (July 12, 2023)

Scripts

URLEncode

Updated the Docker image to: demisto/python3:3.10.12.63474.

EmailDomainBlacklist

Updated the Docker image to: demisto/python3:3.10.12.63474.

ExtractInbetween

Updated the Docker image to: demisto/python3:3.10.12.63474.

CIDRBiggerThanPrefix

Updated the Docker image to: demisto/python3:3.10.12.63474.

MapValuesTransformer

Updated the Docker image to: demisto/python3:3.10.12.63474.

Base64Decode

Updated the Docker image to: demisto/python3:3.10.12.63474.

BetweenHours

Updated the Docker image to: demisto/python3:3.10.12.63474.

GreaterCidrNumAddresses

Updated the Docker image to: demisto/python3:3.10.12.63474.

SetIfEmpty

Updated the Docker image to: demisto/python3:3.10.12.63474.

LastArrayElement

Updated the Docker image to: demisto/python3:3.10.12.63474.

SortBy

Updated the Docker image to: demisto/python3:3.10.12.63474.

FirstArrayElement

Updated the Docker image to: demisto/python3:3.10.12.63474.

GetValuesOfMultipleFields

Updated the Docker image to: demisto/python3:3.10.12.63474.

ConvertToSingleElementArray

Updated the Docker image to: demisto/python3:3.10.12.63474.

IgnoreFieldsFromJson

Updated the Docker image to: demisto/python3:3.10.12.63474.

ProductJoin

Updated the Docker image to: demisto/python3:3.10.12.63474.

ExtractEmailTransformer

Updated the Docker image to: demisto/python3:3.10.12.63474.

JoinIfSingleElementOnly

Updated the Docker image to: demisto/python3:3.10.12.63474.

SumList

Updated the Docker image to: demisto/python3:3.10.12.63474.

PadZeros

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28102

Download

1.2.22 - R5692327 (July 5, 2023)

Scripts

MakePair

Added support for a single value as an array having the defined value.
Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27646
- 27772

Download

1.2.21 - 5588925 (June 22, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.64013.

Related pull requests:
- 27630

Download

1.2.20 - 5450895 (June 5, 2023)

Scripts

StringToArray

Updated the enabled yml key to true.
Updated the Docker image to: demisto/python3:3.10.11.61265.

GetRange

Updated the enabled yml key to true.
Updated the Docker image to: demisto/python3:3.10.11.61265.

LowerCidrNumAddresses

Updated the enabled yml key to true.
Updated the Docker image to: demisto/python3:3.10.11.61265.

GreaterCidrNumAddresses

Updated the enabled yml key to true.
Updated the Docker image to: demisto/python3:3.10.11.61265.

SetIfEmpty

Updated the enabled yml key to true.
Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27187

Download

1.2.19 - 5443304 (June 4, 2023)

Scripts

LastArrayElement

Updated the Docker image to: demisto/python3:3.10.11.61265.
Fixed the way in which the script handled a null value given to the argument parameters. Instead of returning 'None', it will return a meaningful error message.

FirstArrayElement

Updated the Docker image to: demisto/python3:3.10.11.61265.
Fixed the way in which the script handled a null value given to the argument parameters. Instead of returning 'None', it will return a meaningful error message.

Related pull requests:
- 27199
- 27031

Download

1.2.18 - 5318720 (May 21, 2023)

Scripts

URLEncode

Added the safe_character argument to URLEncode script which specifies additional ASCII characters that should not be encoded.
Added the ignore_safe_character argument to URLEncode script which sets whether to ignore safe argument encoding.
Updated the Docker image to: demisto/python3:3.10.11.59581.

Related pull requests:
- 26582

Download

1.2.17 - 5265019 (May 14, 2023)

Scripts

URLEncode

Fixed an issue where the transformer was disabled in Cortex XSOAR 8.
Updated the Docker image to: demisto/python3:3.10.11.58677.

Related pull requests:
- 26465

Download

1.2.16 - 5170573 (May 2, 2023)

Scripts

New: SortBy

Added a new transformer. (Available from Cortex XSOAR 6.8.0).

New: MakePair

Added a new transformer. (Available from Cortex XSOAR 6.8.0).

New: DedupBy

Added a new transformer. (Available from Cortex XSOAR 6.8.0).

Related pull requests:
- 26041
- 26237

Download

1.2.15 - R5112395 (April 24, 2023)

Scripts

MapPattern

Fixed an issue where the entire comparison value was not given for the dt.
Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 25938
- 26011

Download

1.2.14 - 5057113 (April 17, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.54695.

Related pull requests:
- 25875

Download

1.2.13 - R4970096 (April 4, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.51402.

Related pull requests:
- 25572

Download

1.2.12 - 4804558 (March 13, 2023)

Scripts

MapRangeValues

Updated the Docker image to: demisto/python3:3.10.10.48392.

ParseHTMLTables

Updated the Docker image to: demisto/bs4-py3:1.0.0.48637.

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.49703.

Related pull requests:
- 25239

Download

1.2.11 - R4718798 (March 1, 2023)

Scripts

jmespath

Updated the Docker image to: demisto/py3-tools:1.0.0.49159.

Related pull requests:
- 24935

Download

1.2.10 - R4646022 (February 19, 2023)

Scripts

AppendIfNotEmpty

Fixed an issue where No result returned to return an empty value.

Related pull requests:
- 24539
- 24580

Download

1.2.9 - R4569405 (February 8, 2023)

Scripts

If-Then-Else

Fixed an issue where if the second condition is not given then the first one doesn't work properly.

Related pull requests:
- 24382
- 24441

Download

1.2.8 - 4518568 (February 1, 2023)

Scripts

If-Then-Else

Adding an option to provide two conditions under the IF statement.

Related pull requests:
- 24229

Download

1.2.7 - 4514603 (February 1, 2023)

Scripts

RegexReplace

Fixed an issue where it doesn't work with None given to output_format.
Updated the Docker image to: demisto/python3:3.10.9.46032.

Related pull requests:
- 24169
- 24182

Download

1.2.6 - 4494864 (January 29, 2023)

Scripts

Base64Decode

Updated the Docker image to: demisto/python3:3.10.9.45313.

Related pull requests:
- 23848

Download

1.2.5 - 4384217 (January 12, 2023)

Scripts

IgnoreFieldsFromJson

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.8.39276.

GetRange

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.1.25933.

GetValuesOfMultipleFields

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.9.42476.

If-Then-Else

Moved from CommonScripts.

ModifyDateTime

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

ProductJoin

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

PadZeros

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.9.42476.

MapValuesTransformer

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

ParseJSON

Moved from CommonScripts.

LastArrayElement

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.8.24399.

IPv4Blacklist

Moved from CommonScripts.
Updated the Docker image to: demisto/netutils:1.0.0.24101.

IPv4Whitelist

Moved from CommonScripts.
Updated the Docker image to: demisto/netutils:1.0.0.24101.

JoinIfSingleElementOnly

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.6.33415.

jmespath

Moved from CommonScripts.
Updated the Docker image to: demisto/py3-tools:0.0.1.30715.

JsonToTable

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.4.29342.

SetIfEmpty

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.7.33922.

StringToArray

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

StripChars

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

ReverseList

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

RegexGroups

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

RegexExtractAll

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

Related pull requests:
- 23486

Download

1.2.3 - 4376356 (January 11, 2023)

Scripts

FormattedDateToEpoch

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.9.42476.

EmailDomainBlacklist

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.8.24399.

EmailDomainWhitelist

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.8.24399.

FirstArrayElement

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.8.24399.

ExtractInbetween

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.4.27798.

Related pull requests:
- 23480

Download

1.2.2 - 4372591 (January 11, 2023)

Scripts

WhereFieldEquals

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

SumList

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

URLEncode

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

URLDecode

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

TimeStampToDate

Moved from CommonScripts.

Related pull requests:
- 23695

Download

1.2.1 - 4368875 (January 10, 2023)

Scripts

Cut

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.9.42476.

ConvertKeysToTableFieldFormat

Moved from CommonScripts.

ConvertToSingleElementArray

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.9.42476.

DT

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.8.24399.

DateStringToISOFormat

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.9.42476.

Related pull requests:
- 23477

Download

1.2.0 - 4366177 (January 10, 2023)

Scripts

BetweenDates

Note: Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.7.33922.

Base64Decode

Note: Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.7.35188.

ConvertAllExcept

Note: Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.8.24399.

BetweenHours

Note: Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.9.40422.

Related pull requests:
- 23468

Download

1.1.9 - R4361094 (January 9, 2023)

Scripts

CIDRBiggerThanPrefix

Updated the Docker image to: demisto/python3:3.10.4.28442.
Moved from CommonScripts.

CheckIfSubdomain

Updated the Docker image to: demisto/python3:3.10.4.28442.
Moved from CommonScripts.

GreaterCidrNumAddresses

Updated the Docker image to: demisto/python3:3.9.8.24399.
Moved from CommonScripts.

InRange

Updated the Docker image to: demisto/python3:3.9.8.24399.
Moved from CommonScripts.

AfterRelativeDate

Updated the Docker image to: demisto/python3:3.9.8.24399.
Moved from CommonScripts.

IsRFC1918Address

Moved from CommonScripts.
Updated the Docker image to: demisto/netutils:1.0.0.24101.

IsInCidrRanges

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.10.4.28442.

StringContainsArray

Moved from CommonScripts.

LowerCidrNumAddresses

Moved from CommonScripts.
Updated the Docker image to: demisto/python3:3.9.7.24076.

IsNotInCidrRanges

Moved from CommonScripts.
Updated the Docker image to: demisto/netutils:1.0.0.24101.

Related pull requests:
- 23445

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	January 4, 2022
Last Release	January 13, 2025

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.

Filters And Transformers

Pack Contributors:

Pack Contributors:

Example

Example

Scripts

IPv4Blacklist

IsRFC1918Address

IPv4Whitelist

Scripts

EmailDomainBlacklist

EmailDomainWhitelist

MapValuesTransformer

ParseHTMLTables

Scripts

FormattedDateToEpoch

DateStringToISOFormat

TimeComponents

Scripts

URLDecode

RegexExpand

LowerCidrNumAddresses

ProductJoin

GreaterCidrNumAddresses

EmailDomainBlacklist

JoinIfSingleElementOnly

StringToArray

CIDRBiggerThanPrefix

ExtractEmailTransformer

EmailDomainWhitelist

RegexReplace

SortBy

MapRangeValues

BetweenDates

InRange

ConvertToSingleElementArray

BetweenHours

PadZeros

DedupBy

ModifyDateTime

MapValuesTransformer

If-Elif

AnyMatch

FormatTemplate

ConcatFormat

AfterRelativeDate

RegexExtractAll

Base64Decode

ConvertAllExcept

IgnoreFieldsFromJson

URLEncode

ExtractInbetween

DT

JsonToTable

ReverseList

RemoveMatches

StripChars

GetRange

SumList

GetValuesOfMultipleFields

MakePair

MapPattern

Scripts

ParseHTMLTables

Scripts

CheckIfSubdomain

Scripts

RegexGroups

Scripts

jmespath

Scripts

IPv4Whitelist

IPv4Blacklist

IsRFC1918Address

Scripts

AnyMatch

Scripts

MapPattern

Scripts

AfterRelativeDate