Skip to main content


This Script is part of the Deprecated Content Pack.#


Prepares an email's data for machine learning text classification automation.

Script Data#

Script Typepython
Tagsml, phishing
Cortex XSOAR Version4.1.0+


Argument NameDescription
incidentsQueryThe query of the phishing incidents.
maxNumberOfIncidentsThe maximum number of incidents.
emailTextKeyThe incident key used to extract the email's text.
emailSubjectKeyThe incident key used to extract the email's subject.
tagKeyThe incident key used to extract the email's tag.
phishingLabelsThe comma-separated values of email tags values and mapping (or "*" value for all labels). The script will consider only the tags specified in this field. Label's can be mapped to another value by using this format: LABEL:MAPPED_LABEL. For example: let's say we have 5 values in email tag: "malicious", "credentials harvesting", "inner communitcation", "external legit email", "unclassified". While training, we want to ignore "unclassified" tag, and refer to "credentials harvesting" as "malicious" too. Also, we want to merge "inner communitcation" and "external legit email" to one tag called "non-malicious". The input will be: malicious, credentials harvesting:malicious, inner communitcation:non-malicious, external legit email:non-malicious.
isContextNeededWhether one of the fields is in the context data.
hashDataThe hash the words of the email.
storeFileInListThe list name. The file should be stored in this list as base64 (compressed).


DBotPreparePhishingDataFilenameThe path of the training file.string