Skip to main content


This Script is part of the Common Scripts Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This script will extract indicators from given HTML and will handle bad top-level domains to avoid false positives caused by file extensions.

Script Data#

Script Typepython3
Cortex XSOAR Version5.5.0

Used In#

This script is used in the following playbooks and scripts.

  • Kaseya VSA 0-day - REvil Ransomware Supply Chain Attack


Argument NameDescription
urlThe full URL of the blog
exclude_indicatorsThe indicators to be excluded from the results.
exclude_TLDTop-Level-Domain to be excluded from domain indicators.
unescape_domainWhether to remove brackets [] from the domain regex extraction. Can result in higher false positives for file extensions.


http.parsedBlog.indicatorsThe extracted indicatorsUnknown
http.parsedBlog.sourceLinkThe link for the source of the indicatorsUnknown