Machine Learning
- Details
- Content
- Dependencies
- Version History
Help to manage machine learning models in Cortex XSOAR
Automations
| Name | Description |
|---|---|
DBotPredictOutOfTheBox | Deprecated. Use DBotPredictOutOfTheBoxV2 instead. |
| HashIncidentsFields | Hash fields from the incident list. |
DBotPredictIncidentsBatch | Apply a trained ML model on multiple incidents at once, to compare incidents how the incidents were labeled by analysts, to the predictions of the model. This script is aimed to help evaluate a trained model using past incidents. |
ExtendQueryBasedOnPhishingLabels | A helper script for the DBot Create Phishing Classifier V2 playbook. This script extends the query based on the phishingLabels argument. |
ExportMLModel | Exports an existing ML model to a file. |
| DBotPredictOutOfTheBoxV2 | Predict phishing incidents using the out-of-the-box pre-trained model. |
EvaluateMLModllAtProduction | Evaluates an ML model in production. |
ImportMLModel | Imports a file that contains an ML model. |
Playbooks
| Name | Description |
|---|---|
| DBot Create Phishing Classifier V2 | Create a phishing classifier using machine learning techniques, based on email content. |
DBot Create Phishing Classifier V2 From File | Create a phishing classifier using machine learning. The classifier is based on incidents files extracted from email content. |
| DBot Create Phishing Classifier V2 Job | Train the phishing machine learning model. This playbook should be used as job, to run repeatedly, for example every week. |
Required Content Packs (2)
| Pack Name | Pack By |
|---|---|
| Common Scripts | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (6)
| Pack Name | Pack By |
|---|---|
| Active Directory Query | By: Cortex XSOAR |
| Remote Access | By: Cortex XSOAR |
| Slack | By: Cortex XSOAR |
| MITRE ATT&CK | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
| Google Maps | By: Cortex XSOAR |
1.4.4 - 4494864 (January 29, 2023)
- 23844
Download
Scripts
ExtendQueryBasedOnPhishingLabels
- Fixed an issue where custom labels resulted in an error.
- Updated the Docker image to: demisto/python3:3.10.9.46032.
EvaluateMLModllAtProduction
- Fixed an issue where custom labels resulted in an error.
- Updated the Docker image to: demisto/ml:1.0.0.45981.
DBotPredictIncidentsBatch
- Fixed an issue where custom labels resulted in an error.
- Updated the Docker image to: demisto/ml:1.0.0.45981.
- 23844
Download
1.4.1 - 2745974 (April 12, 2022)
Scripts
HashIncidentsFields
- Updated the Docker image to: demisto/python3:3.10.4.27798.
- Fixed lint issues.
1.4.0 - 2419785 (February 15, 2022)
Playbooks
DBot Create Phishing Classifier V2
Improved memory usage while fetching incidents for training.
Scripts
New: ExtendQueryBasedOnPhishingLabels
A helper script for the DBot Create Phishing Classifier V2 playbook. This script extends the query based on the phishingLabels argument. (Available from Cortex XSOAR 5.0.0).
1.3.7 - R2238421 (January 11, 2022)
Scripts
HashIncidentsFields
- Updated the Docker image to: demisto/python3:3.9.8.24399.
PUBLISHER
Cortex
PLATFORMS
Cortex XSOAR
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | June 30, 2020 | |
| Last Release | January 29, 2023 |