Machine Learning

Details
Content
Dependencies
Version History

Help to manage machine learning models in Cortex XSOAR

Playbooks

Name	Description
DBot Create Phishing Classifier V2 Job	Train the phishing machine learning model. This playbook should be used as job, to run repeatedly, for example every week.
DBot Create Phishing Classifier V2 From File	Create a phishing classifier using machine learning. The classifier is based on incidents files extracted from email content.
DBot Create Phishing Classifier V2	Create a phishing classifier using machine learning techniques, based on email content.

Automations

Name	Description
DBotPredictOutOfTheBoxV2	Predict phishing incidents using the out-of-the-box pre-trained model.
ImportMLModel	Imports a file that contains an ML model.
DBotPredictOutOfTheBox	Deprecated. Use DBotPredictOutOfTheBoxV2 instead.
ExtendQueryBasedOnPhishingLabels	A helper script for the DBot Create Phishing Classifier V2 playbook. This script extends the query based on the phishingLabels argument.
EvaluateMLModllAtProduction	Evaluates an ML model in production.
ExportMLModel	Exports an existing ML model to a file.
HashIncidentsFields	Hash fields from the incident list. Search for incidents by arguments with an option to hash some of its fields.
DBotPredictIncidentsBatch	Apply a trained ML model on multiple incidents at once, to compare incidents how the incidents were labeled by analysts, to the predictions of the model. This script is aimed to help evaluate a trained model using past incidents.

Playbooks

Name	Description
DBot Create Phishing Classifier V2 From File	Create a phishing classifier using machine learning. The classifier is based on incidents files extracted from email content.
DBot Create Phishing Classifier V2	Create a phishing classifier using machine learning techniques, based on email content.

Automations

Name	Description
DBotPredictOutOfTheBoxV2	Predict phishing incidents using the out-of-the-box pre-trained model.
ImportMLModel	Imports a file that contains an ML model.
DBotPredictOutOfTheBox	Deprecated. Use DBotPredictOutOfTheBoxV2 instead.
ExtendQueryBasedOnPhishingLabels	A helper script for the DBot Create Phishing Classifier V2 playbook. This script extends the query based on the phishingLabels argument.
EvaluateMLModllAtProduction	Evaluates an ML model in production.
ExportMLModel	Exports an existing ML model to a file.
HashIncidentsFields	Hash fields from the incident list. Search for incidents by arguments with an option to hash some of its fields.
DBotPredictIncidentsBatch	Apply a trained ML model on multiple incidents at once, to compare incidents how the incidents were labeled by analysts, to the predictions of the model. This script is aimed to help evaluate a trained model using past incidents.

Pack Name	Pack By
CommonScripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
DemistoRESTAPI	By: Cortex XSOAR

1.4.3 - R3994332 (November 8, 2022)

Scripts

DBotPredictOutOfTheBoxV2

Updated the Docker image to: demisto/ml:1.0.0.32340.

Related pull requests:
- 20239

Download

1.4.2 - 3134111 (June 22, 2022)

Scripts

DBotPredictOutOfTheBoxV2

Updated the Docker image to: demisto/ml:1.0.0.30541.

Related pull requests:
- 19466

Download

1.4.1 - 2745974 (April 12, 2022)

Scripts

HashIncidentsFields

Updated the Docker image to: demisto/python3:3.10.4.27798.
Fixed lint issues.

Download

1.4.0 - 2419785 (February 15, 2022)

Playbooks

DBot Create Phishing Classifier V2

Improved memory usage while fetching incidents for training.

Scripts

New: ExtendQueryBasedOnPhishingLabels

A helper script for the DBot Create Phishing Classifier V2 playbook. This script extends the query based on the phishingLabels argument. (Available from Cortex XSOAR 5.0.0).

Download

1.3.7 - R2238421 (January 11, 2022)

Scripts

HashIncidentsFields

Updated the Docker image to: demisto/python3:3.9.8.24399.

Download

1.3.6 - 1820031 (October 20, 2021)

Scripts

DBotPredictOutOfTheBox

Deprecated. Use DBotPredictOutOfTheBoxV2 instead.

Download

1.3.5 - 7772209 (September 25, 2021)

Scripts

ExportMLModel

Updated the Docker image to: demisto/python3:3.9.7.24076.

ImportMLModel

Updated the Docker image to: demisto/python3:3.9.7.24076.

Download

1.3.4 - 7719350 (September 22, 2021)

Scripts

HashIncidentsFields

Updated the Docker image to: demisto/python3:3.9.7.24076.

Download

1.3.3 - 412210 (August 16, 2021)

Scripts

HashIncidentsFields

Internal code improvements.
Updated the Docker image to: demisto/python3:3.9.6.22912.

Download

1.3.2 - 410734 (August 12, 2021)

Scripts

EvaluateMLModllAtProduction

Updated the Docker image to: demisto/ml:1.0.0.23334.

DBotPredictIncidentsBatch

Updated the Docker image to: demisto/ml:1.0.0.23334.

Download

1.3.1 - 388541 (June 22, 2021)

Scripts

ExportMLModel

Upgraded the Docker image to: demisto/python3:3.9.5.21272.

ImportMLModel

Upgraded the Docker image to: demisto/python3:3.9.5.21272.

Download

1.3.0 - 376375 (June 3, 2021)

Scripts

DBotPredictIncidentsBatch

Maintenance and stability enhancements.
Updated the Docker image to: demisto/ml:1.0.0.20606.

DBotPredictOutOfTheBoxV2

Updated the out-of-the-box model version.
Updated the Docker image to: demisto/ml:1.0.0.20606.

Download

1.2.9 - 366242 (May 25, 2021)

Scripts

DBotPredictOutOfTheBoxV2

Updated the out-of-the-box model version.

Download

1.2.8 - 342151 (May 2, 2021)

Scripts

DBotPredictIncidentsBatch

Maintenance and stability enhancements.

Download

1.2.7 - 341097 (April 29, 2021)

Scripts

DBotPredictOutOfTheBoxV2

Updated the out-of-the-box model version.
Added a mechanism to update the out-of-the-box model when a newer version is released.

Download

1.2.6 - 336317 (April 25, 2021)

Scripts

New: DBotPredictIncidentsBatch

Apply a trained ML model on multiple incidents at once, to compare incidents how the incidents were labeled by analysts, to the predictions of the model. This script is aimed to help evaluate a trained model using past incidents.

Download

1.2.5 - 331662 (April 20, 2021)

Scripts

DBotPredictOutOfTheBoxV2

Updated the Docker image to: demisto/ml:1.0.0.19023.

Download

1.2.4 - 327772 (April 13, 2021)

Scripts

New: DBotPredictOutOfTheBoxV2

Predict phishing incidents using the out-of-the-box pre-trained model.

Download

1.2.3 - 322974 (April 7, 2021)

Scripts

ImportMLModel

Added the modelStoreType argument, which enables importing an ML model as lists.

Download

1.2.2 - 269341 (February 2, 2021)

Scripts

EvaluateMLModllAtProduction

Maintenance and stability enhancements.
Updated the Docker image to: demisto/ml:1.0.0.15569.

Download

1.2.1 - R264879 (January 27, 2021)

Scripts

HashIncidentsFields

Fixed an issue where custom fields were returned by default as part of the incident object.

Download

1.2.0 - R163584 (October 28, 2020)

Scripts

DBotPredictOutOfTheBox

Changed the name of labelProbabilityThreshold argument to confidenceThreshold.

Download

1.1.2 - 101485 (September 2, 2020)

Scripts

HashIncidentsFields

Added support for wildcards in fieldsToHash.
Added the un-populate and removeLabels arguments.

Download

1.1.1 - 87888 (August 13, 2020)

Scripts

EvaluateMLModllAtProduction

Bumped docker image version.

Download

1.1.0 - 60526 (June 30, 2020)

Scripts

HashIncidentsFields

Hash fields from incident list. Search for incidents by arguments with an option to hash some of its fields

Download

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	June 30, 2020
Last Release	November 8, 2022

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.