Deprecated. Use Analyst1 integration instead.
Analyst1
- Details
- Content
- Dependencies
- Version History
Enriches indicators with Analyst1 threat intelligence including actor, malware, and evidence data.
Integrations
| Name | Description |
|---|---|
| illuminate (Deprecated) (Partner Contribution) | |
| Analyst1 (Partner Contribution) | This integration utilizes Analyst1's system to enrich XSOAR indicators with data provided by the Analyst1 REST API, such as actor and malware information, activity and reported dates, evidence and hit counts, and more. |
Playbooks
| Name | Description |
|---|---|
Illuminate Integration Demonstration | Deprecated. No available replacement. A quick demonstration of the various illuminate enrichment commands. |
Analyst1 Integration Demonstration | A quick demonstration of the various Analyst1 enrichment commands. |
Integrations
| Name | Description |
|---|---|
| illuminate (Deprecated) (Partner Contribution) | Deprecated. Use Analyst1 integration instead. |
| Analyst1 (Partner Contribution) | This integration utilizes Analyst1's system to enrich XSOAR indicators with data provided by the Analyst1 REST API, such as actor and malware information, activity and reported dates, evidence and hit counts, and more. |
Playbooks
| Name | Description |
|---|---|
Analyst1 Integration Demonstration | A quick demonstration of the various Analyst1 enrichment commands. |
Illuminate Integration Demonstration | Deprecated. No available replacement. A quick demonstration of the various illuminate enrichment commands. |
Required Content Packs (2)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Filters And Transformers | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (3)
| Pack Name | Pack By |
|---|---|
| Filters And Transformers | By: Cortex XSOAR |
| Aggregated Scripts | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
1.1.16 - 8323120 (April 17, 2026)
- 43925
- 43702
Download
Integrations
Analyst1
- Added support for OAuth2 Client Credentials authentication as an alternative to Basic Authentication.
- Added the analyst1-evidence-search command to search for evidence using filters and search terms.
- Added the analyst1-evidence-file-fetch command to download an evidence file by its ID.
- Updated the Docker image to: demisto/python3:3.12.13.7444307.
- 43925
- 43702
Download
1.1.14 - 5747792 (November 5, 2025)
- 41567
- 41796
Download
Integrations
Analyst1
- Improved implementation of XSOAR Verdict calculation to use Analyst1 Risk Score instead of the benign field.
- Added 6 risk score mapping parameters to customize how Analyst1 risk scores (Lowest, Low, Moderate, High, Critical, Unknown) map to XSOAR verdicts (Benign, Unknown, Suspicious, Malicious).
- Added the Apply Analyst1 entity-type tags to indicators parameter (default: disabled) to optionally tag indicators with their Analyst1 entity classifications.
- Improved implementation of entity classification handling where indicators classified by Analyst1 as Assets, Ignored Assets, In Home/Private/System Range, or Ignored Indicators are now marked as benign in XSOAR with appropriate entity-type tags when tagging is enabled.
- Improved implementation of reputation commands to display clear "not found" messages for indicators that don't exist in Analyst1, and show entity type classifications for non-indicator entities in the war room.
- Updated the analyst1-batch-check-post command to support both comma-delimited and newline-delimited input formats for the values argument.
- Updated the Docker image to: demisto/python3:3.12.11.4819260.
- 41567
- 41796
Download
1.1.0 - R5866730 (July 25, 2023)
- 27685
- 28418
Download
Integrations
Analyst1
- Updated the Docker image to: demisto/python3:3.10.12.65389.
- Added multiple new commands to support newer Analyst1 API functions:
-- analyst1-get-sensor-taskings
-- analyst1-get-sensors
-- analyst1-batch-check
-- analyst1-get-sensor-config
-- analyst1-get-sensor-diff
-- analyst1-indicator-by-id
-- analyst1-batch-check-post
-- analyst1-evidence-submit
-- analyst1-evidence-status - Regression testing against Analyst1 2.1.0
- 27685
- 28418
Download
1.1.16 - 8323120 (April 17, 2026)
- 43925
- 43702
Download
Integrations
Analyst1
- Added support for OAuth2 Client Credentials authentication as an alternative to Basic Authentication.
- Added the analyst1-evidence-search command to search for evidence using filters and search terms.
- Added the analyst1-evidence-file-fetch command to download an evidence file by its ID.
- Updated the Docker image to: demisto/python3:3.12.13.7444307.
- 43925
- 43702
Download
1.1.14 - 5747792 (November 5, 2025)
- 41567
- 41796
Download
Integrations
Analyst1
- Improved implementation of XSOAR Verdict calculation to use Analyst1 Risk Score instead of the benign field.
- Added 6 risk score mapping parameters to customize how Analyst1 risk scores (Lowest, Low, Moderate, High, Critical, Unknown) map to XSOAR verdicts (Benign, Unknown, Suspicious, Malicious).
- Added the Apply Analyst1 entity-type tags to indicators parameter (default: disabled) to optionally tag indicators with their Analyst1 entity classifications.
- Improved implementation of entity classification handling where indicators classified by Analyst1 as Assets, Ignored Assets, In Home/Private/System Range, or Ignored Indicators are now marked as benign in XSOAR with appropriate entity-type tags when tagging is enabled.
- Improved implementation of reputation commands to display clear "not found" messages for indicators that don't exist in Analyst1, and show entity type classifications for non-indicator entities in the war room.
- Updated the analyst1-batch-check-post command to support both comma-delimited and newline-delimited input formats for the values argument.
- Updated the Docker image to: demisto/python3:3.12.11.4819260.
- 41567
- 41796
Download
1.1.0 - R5866730 (July 25, 2023)
- 27685
- 28418
Download
Integrations
Analyst1
- Updated the Docker image to: demisto/python3:3.10.12.65389.
- Added multiple new commands to support newer Analyst1 API functions:
-- analyst1-get-sensor-taskings
-- analyst1-get-sensors
-- analyst1-batch-check
-- analyst1-get-sensor-config
-- analyst1-get-sensor-diff
-- analyst1-indicator-by-id
-- analyst1-batch-check-post
-- analyst1-evidence-submit
-- analyst1-evidence-status - Regression testing against Analyst1 2.1.0
- 27685
- 28418
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Partner | |
| Created | June 30, 2020 | |
| Last Release | April 17, 2026 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
