Skip to main content

ExtractIndicatorsFromTextFile

This Script is part of the Common Scripts Pack.#

Extract indicators from a text-based file. Indicators that can be extracted:

  • IP
  • Domain
  • URL
  • File Hash
  • Email Address

This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations for Cortex XSOAR 8 Cloud, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script for Cortex XSOAR 8 On-prem, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script.

Script Data#


NameDescription
Script Typepython2
Cortex XSOAR Version5.0.0

Used In#


This script is used in the following playbooks and scripts.

  • Extract Indicators From File - Generic
  • Extract Indicators From File - Generic v2

Inputs#


Argument NameDescription
entryIDThe War-Room entryID of the file to read.
maxFileSizeMaximal file size to load, in bytes. Default is 1000000 (1MB).

Outputs#


PathDescriptionType
Domain.NameExtracted domainsstring
Account.Email.AddressExtracted emailsstring
File.MD5Extracted MD5string
File.SHA1Extracted SHA1string
File.SHA256Extracted SHA256string
IP.AddressExtracted IPsstring
URL.DataExtracted URLsstring