Skip to main content


This Script is part of the Common Scripts Pack.#

Extract indicators from a text-based file. Indicators that can be extracted:

  • IP
  • Domain
  • URL
  • File Hash
  • Email Address

This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here:

Script Data#

Script Typepython2
Cortex XSOAR Version5.0.0

Used In#

This script is used in the following playbooks and scripts.

  • Extract Indicators From File - Generic
  • Extract Indicators From File - Generic v2


Argument NameDescription
entryIDThe War-Room entryID of the file to read.
maxFileSizeMaximal file size to load, in bytes. Default is 1000000 (1MB).


Domain.NameExtracted domainsstring
Account.Email.AddressExtracted emailsstring
File.MD5Extracted MD5string
File.SHA1Extracted SHA1string
File.SHA256Extracted SHA256string
IP.AddressExtracted IPsstring
URL.DataExtracted URLsstring