Checks if the investigation found any malicious indicators (file, URL, IP address, domain, or email). Returns "yes" if at least one malicious indicator is found.
Common Scripts
- Details
- Content
- Dependencies
- Version History
- Download With Dependencies
Frequently used scripts pack.
PUBLISHER
Cortex XSOAR
INFO
Certification | Certified | Read more |
Supported By | Cortex XSOAR | |
Created | July 27, 2020 | |
Last Release | May 22, 2022 |
WORKS WITH THE FOLLOWING INTEGRATIONS:






DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.Name | Description |
---|---|
IsMaliciousIndicatorFound | |
IPv4Whitelist | Transformer that returns a filtered list of IPv4 addresses, based on whether they match a comma-separated list of IPv4 ranges. Useful for filtering in internal IP address space. |
ExtractIndicatorsFromWordFile | Used to extract indicators from Word files (DOC, DOCX). This automation runs using the default Limited User role, unless you explicitly change the permissions. |
Ping | Pings an IP or url address, to verify it's up |
ReadFile | Load the contents of a file into context. |
PrintContext | Pretty-print the contents of the playbook context |
TextFromHTML | Extract regular text from the given HTML |
DomainReputation | A context script for Domain entities |
HTTPListRedirects | List the redirects for a given URL |
Base64EncodeV2 | Encodes an input to Base64 format. |
RegexExtractAll | Extraction of all matches from a specified regular expression pattern from a provided string. Returns an array of results. This differs from RegexGroups in several ways:
|
AreValuesEqual | Check whether the values provided in arguments are equal. If either of the arguments are missing, no is returned. |
ExampleJSScript | This is only an example script, to showcase how to use and write JavaScript scripts |
CalculateEntropy | Calculates the entropy for the given data. |
FormattedDateToEpoch | Converts a custom-formatted timestamp to UNIX epoch time. Use it to convert custom time stamps to a Demisto date field. If you pass formatter argument, we will use it to transform. If not, we will use dateparser.parse for transforming. For more info, see: https://docs.python.org/3.7/library/datetime.html#strftime-and-strptime-behavior |
ZipStrings | Joining values by index from 2 list according to a given format. |
StopScheduledTask | This stops the scheduled task whose ID is given in the taskID argument. |
ExtractIndicatorsFromTextFile | Extract indicators from a text-based file.
This automation runs using the default Limited User role, unless you explicitly change the permissions. |
ParseHTMLIndicators | This script will extract indicators from given HTML and will handle bad top-level domains to avoid false positives caused by file extensions. |
MathUtil | Script will run the provided mathematical action on 2 provided values and produce a result. |
GetDockerImageLatestTag | Gets docker image latest tag. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with the docker image latest tag if all is good, otherwise will return an error. |
ListUsedDockerImages | List all Docker images that are in use by the installed integrations and automations. |
ZipFile | Zip a file and upload to war room |
IPv4Blacklist | Transformer that returns a filtered list of IPv4 addresses, based on whether they do not match a comma-separated list of IPv4 ranges. Useful for filtering out internal IP address space. |
SumList | Sums a List This is an example for number transformer. |
ScheduleCommand | Schedule a command to run inside the war room at a future time (once or reoccurring) |
ResolveShortenedURL | Resolve the original URL from the given shortened URL and place it in both as output and in the context of a playbook. (https://unshorten.me/api) |
DumpJSON | Dumps a json from context key input, and returns a json object string result |
MatchRegex | Deprecated. Use the MatchRegexV2 script instead. |
StringToArray | Converts string to array. |
DateStringToISOFormat | This is a thin wrapper around the |
LinkIncidentsWithRetry | Use this script to avoid DB version errors when simultaneously running multiple linked incidents. |
RemoteExec | Execute a command on a remote machine (without installing a D2 agent) |
Base64ListToFile | Converts Base64 file in a list to a binary file and upload to warroom |
WhereFieldEquals | Return all items from the list where their given 'field' attribute is equal to 'equalTo' argument E.g. !WhereFieldEquals with the following arguments:
Will return all items names where field 'type' equals 'IP' - ['192.1,0.82', '172.0.0.2'] |
isError | Check whether given entry/entries returned an error. Use ${lastCompletedTaskEntries} to check the previous task entries. If array is provided, will return yes if one of the entries returned an error. |
OnionURLReputation | This script adds the reputation to Onion URL indicators. The script is automatically triggered when a Onion URL indicator is auto-extracted. For instance, if you run a Cortex XSOAR CLI on a valid Onion URL, the indicators are extracted automatically and this script is triggered for the extracted indicators. |
IPToHost | Try to get the hostname correlated with the input IP. |
ExtractEmailV2 | Verifies that an email address is valid and only returns the address if it is valid. |
SSDeepSimilarity | This script finds similar files that can be related to each other by fuzzy hash (SSDeep). |
DeleteContext | Delete field from context. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
listExecutedCommands | Lists executed commands in War Room |
GreaterCidrNumAddresses | Check if number of availble addresses in IPv4 or IPv6 CIDR is greater than given number. |
IsNotInCidrRanges | Checks whether an IPv4 address is not contained in one or more comma-delimited CIDR ranges. |
ShowScheduledEntries | Show all scheduled entries for specific incident. |
RunPollingCommand | Runs a specified polling command one time. This is useful for initiating a local playbook context before running a polling scheduled task. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
AddDBotScoreToContext | Add DBot score to context for indicators with custom vendor, score, reliability, and type. |
PopulateCriticalAssets | Populates critical assets in a grid field that has the section headers "Asset Type" and "Asset Name". |
LanguageDetect | Language detection based on Google's language-detection. |
ScheduleGenericPolling | Called by the GenericPolling playbook, schedules the polling task. |
ModifyDateTime | Takes a date or time input and adds or subtracts a determined amount of time. Returns a string in date or time in ISO Format. |
SCPPullFiles | Take a list of devices and pull a specific file (given by path) from each using SCP |
FileToBase64List | Encode a file as base64 and store it in a Demisto list. |
CheckSenderDomainDistance | Get the string distance for the sender from our domain |
PadZeros | Adds zeros (0) to the beginning of the string, until the string reaches the specified length. |
GetDuplicatesMlv2 | Deprecated. Use the "PhishingDedupPreprocessingRule" script instead. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
DockerHardeningCheck | Checks if the Docker container running this script has been hardened according to the recommended settings at: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/docker/docker-hardening-guide.html |
ConvertKeysToTableFieldFormat | Convert object keys to match table keys. |
ContextGetPathForString | Searches for string in context and returns context path, returns null if not found. |
PrintErrorEntry | Prints an error entry with a given message |
FailedInstances | Executes a test for all integration instances available and returns detailed information about succeeded and failed integration instances. |
Cut | Cut a string by delimiter and return specific fields. Exampleinput: "A-B-C-D-E" return: "A-E" |
HTMLtoMD | Converts HTML to Markdown. |
GetByIncidentId | Gets a value from the specified incident's context. |
CheckIfSubdomain | Checks whether a given domain is a subdomain of one of the listed domains. |
UnzipFile | Unzip a file using fileName or entryID to specify a file. Unzipped files will be loaded to the War Room and names will be put into the context. |
SetDateField | Sets a custom incident field with current date |
RemoveKeyFromList | Removes a key in key/value store backed by an XSOAR list. |
IsValueInArray | Indicates whether a given value is a member of given array |
IsEmailAddressInternal | Checks if the email address is part of the internal domains |
ExtractInbetween | Extract a string from an existing string. |
CopyNotesToIncident | Copy all entries marked as notes from current incident to another incident. |
JsonToTable | Accepts a json object and returns a markdown. |
WordTokenizer | Tokenize the words in a input text. |
findIncidentsWithIndicator | Lookup incidents with specified indicator. Use currentIncidentId to omit the existing incident from output. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
Strings | Extract strings from a file with optional filter - similar to binutils strings command |
ConvertTableToHTML | Converts a given array to an HTML table |
FilterByList | Checks whether the specified item is in a list. The default list is the Demisto Indicators Whitelist. |
GenerateRandomUUID | Generates a random UUID (UUID 4). |
ContextGetEmails | Gets all email addresses in context, excluding ones given. |
CountArraySize | Count an array size |
GenerateSummaryReports | Generate report summaries for the passed incidents. |
ParseWordDoc | Takes an input docx file (entryID) as an input and saves an output text file (file entry) with the original file's contents. |
InRange | checks if left side is in range of right side (from,to anotation) |
ParseEmailFiles | Parse an email from an eml or msg file and populate all relevant context data to investigate the email. Also extracts inner attachments and returns them to the war room. The incident labels themselves are preserved and not modified - only the "Label/x" context items that originated from the labels, and the best practice is to rely on these for the remainder of the playbook. |
IsRFC1918Address | A filter that determines whether an IPv4 address is in the private RFC-1918 address space (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). For more information, see https://en.wikipedia.org/wiki/Private_network |
AfterRelativeDate | Checks the given datetime has occured after the provided relative time. |
Base64Encode | Will encode an input using Base64 format. |
CheckFieldValue | This script checks that a field exists (and contains data), and optionally checks the value of the field for a match against an input value. If a regex is not supplied, the script checks that the field is not empty. This script can be used with the "GenericPolling" playbook to poll for field population or that a field contains a specific value. |
DBotAverageScore | Calculates average score for each indicator from context |
NotInContextVerification | Not in context verification is a script that executes the given command and verifies that the specified field is not in the context after execution. |
CEFParser | Parse CEF data into the context. Please notice that outputs will display only the 7 mandatory fields even if the CEF event includes many other custom or extended fields. |
MapValues | Map the given values to the translated values. If given values: a,b,c and translated: 1,2,3 then input is a will return 1 |
PDFUnlocker | Removing the password protection from a PDF file and adding a new file entry with the unlocked PDF. |
ExtractHTMLTables | Find tables inside HTML and extract the contents into objects using the following logic:
|
UnEscapeURLs | Extract URLs redirected by security tools like Proofpoint. |
UnEscapeIPs | Remove escaping chars from IP |
GetTime | Retrieves the current date and time. |
RunDockerCommand | This command will allow you to run commands against a local Docker Container. You can run commands like wc for instance with word count, or other types of commands that you want on the docker container. We recommend for tools that you want to use that are not part of the default Docker container, to cope this Automation script and then create a customer docker container with /docker_image_create with a custom docker container to add any command level tool to Demisto and output the results directly to the context. |
commentsToContext | Takes the comments of a given entry ID and stores them in the incident context, under a provided context key. |
CreateEmailHtmlBody | This script allows sending an HTML email, using a template stored as a list item under Lists (Settings -> Advanced -> Lists).
Note: Sending emails require an active Mail Sender integration instance. |
EncodeToAscii | Input Text Data to Encode as ASCII (Ignores any chars that aren't interpreted as ASCII) |
IncidentFields | Returns a dict of all incident fields that exist in the system. |
Prints text to war room (Markdown supported) | |
URLSSLVerification | Verify URL SSL certificate |
GetValuesOfMultipleFields | The script receives a list of fields and a context key base path. For example, Key=demisto.result List=username,user and will get all of the values from demisto.result.username and demisto.result.user. |
ParseExcel | The automation takes Excel file (entryID) as an input and parses its content to the war room and context |
CreateIndicatorsFromSTIX | Creates indicators from the submitted STIX file. Supports STIX 1.0 and STIX 2.0. |
ProductJoin | Returns the product of two lists, joined by a separator, as a list of strings. |
ParseEmailFilesV2 | (Beta) Parse an email from an eml or msg file and populate all relevant context data to investigate the email. Also extracts inner attachments and returns them to the war room. The incident labels themselves are preserved and not modified - only the "Label/x" context items that originated from the labels, and the best practice is to rely on these for the remainder of the playbook. This script is based on the parse-emails XSOAR python package, check the script documentation for more info |
IsInternalDomainName | This script accepts multiple values for both arguments and will iterate through each of the domains to check if the specified subdomains are located in at least one of the specified main domains. If the tested subdomain is in one of the main domains, the result will be true. For example, if the domain_to_check values are apps.paloaltonetworks.com and apps.paloaltonetworks.bla and the domains_to_compare values are paloaltonetworks.com and demisto.com, the result for apps.paloaltonetworks.com will be true since it is a part of the paloaltonetworks.com domain. The result for apps.paloaltonetworks.bla will be false since it is not a part of the paloaltonetworks.com or demisto.com domain. |
EditServerConfig | Edit the server configuration (under settings/troubleshooting). You can either add a new configuration or update and remove an existing one. |
ParseCSV | This script will parse a CSV file and place the unique IPs, Domains and Hashes into the context. |
ExtractAttackPattern | Extract Attack Pattern Threat Intel Object. After auto extract extracts the Attack Pattern IDs, this script is executed and extracts the value (name) of the Attack Pattern. |
MarkAsNoteByTag | Mark entries as notes if they are tagged with given tag |
FirstArrayElement | Returns the first element of an array. If the value passed is not an array, it returns the original value that was passed. |
GetFieldsByIncidentType | Returns the incident field names associated to the specified incident type. |
IncreaseIncidentSeverity | Optionally increases the incident severity to the new value if it is greater than the existing severity. |
JSONFileToCSV | Script to convert a JSON File waroom output to a CSV file. |
IsListExist | Check if list exist in demisto lists. |
StixCreator | Gets a list of indicators from the indicators argument, and generates a JSON file in STIX 2.0 format. |
ContextGetIps | Gets all IP addresses in context, excluding ones given. |
http | Sends http request. Returns the response as json. |
ContextSearchForString | Searches for string in a path in context. If path is null, string will be searched in full context. |
FileCreateAndUpload | Will create a file (using the given data input or entry ID) and upload it to current investigation war room. |
MarkRelatedIncidents | Marks given incidents as related to current incident. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
IdentifyAttachedEmail | Identify whether the incident includes an email message attached as an eml or msg file and return the answer to playbook. Also saves the identified entry ID to context for use for later. Commonly used in automated playbooks that handle phishing reports sent to a special phishing mailbox set up by the security team. |
ExportToCSV | Export given array to csv file |
SetGridField | Creates a Grid table from items or key-value pairs. |
AddEvidence | Adds provided entries to the incident Evidence Board. In playbook, can be positioned after a task to add the previous task's entries to Evidence Board automatically (with no need to provide arguments) |
BinarySearchPy | Search for a binary on an endpoint using Carbon Black |
PrintRaw | Prints a raw representation of a string or object, visualising things likes tabs and newlines. For instance, '\n' will be displayed instead of a newline character, or a Windows CR will be displayed as '\r\n'. This is useful for debugging issues where things aren't behaving as expected, such as when parsing a string with a regular expression. |
SSDeepReputation | Calculate ssdeep reputation based on similar files (by ssdeep similarity) on the system. |
URLNumberOfAds | Fetches the numbers of ads in the given url |
LessThanPercentage | Checks if one percentage is less than another |
IndicatorMaliciousRatioCalculation | Return indicators appears in resolved incidents, and resolved incident ids. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
ConvertAllExcept | Convert all chosen values but exceptions. |
CalculateTimeDifference | Calculate the time difference, in minutes |
GenerateRandomString | Generates random string |
StripChars | Strip set of characters from prefix and/or suffix |
IsIPInRanges | Returns yes if the IP is in one of the ranges provided, returns no otherwise. |
ExposeIncidentOwner | Expose the incident owner into IncidentOwner context key |
BetweenDates | Whether value is within a date range. |
IPNetwork | Gather information regarding CIDR - |
CloseInvestigationAsDuplicate | Close the current investigation as duplicate to other investigation. |
Sleep | Sleep for X seconds |
VerifyIPv6Indicator | Verify that the address is a valid IPv6 address. |
HttpV2 | Sends a HTTP request with advanced capabilities |
JSONtoCSV | Convert a JSON warroom output via EntryID to a CSV file. |
PcapHTTPExtractor | Allows to parse and extract http flows (requests & responses) from a pcap/pcapng file. |
emailFieldTriggered | Sends email to incident owner when selected field is triggered. |
Exists | Check if a given value exists in the context. Will return 'no' for empty empty arrays. To be used mostly with DQ and selectors. |
LoadJSON | Loads a json from string input, and returns a json object result |
If-Then-Else | A transformer for simple if-then-else logic. |
ShowOnMap | Returns a map entry with a marker on the given coordinates (lat,lng), or address (requires a configured GoogleMaps instance). |
SetMultipleValues | Set multiple keys/values to the context. |
CheckContextValue | This script checks that a context key exists (and contains data), and optionally checks the value of the context key for a match against an input value. If a regex is not supplied, the script checks that the key is not empty. This script can be used with the "GenericPolling" playbook to poll for field population or that a field contains a specific value. This scripts does not support a context key which holds a list of values. |
CompareIncidentsLabels | Compares the labels of two incidents. Returns the labels that are unique to each incident. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
StopTimeToAssignOnOwnerChange | Stops the "Time To Assign" timer if the owner of the incident was changed. |
EmailAskUserResponse | Extract user's response from EmailAskUser reply. Returns the first textual response line of the provided entry that contains the reply body. Use ${lastCompletedTaskEntries} to analyze the previous playbook task containing the user's reply. |
GetStringsDistance | Get the string distance between inputString and compareString (compareString can be a comma-separated list) based on Levenshtein Distance algorithm. |
LowerCidrNumAddresses | Check if number of availble addresses in IPv4 CIDR is lower than given number. |
hideFieldsOnNewIncident | When you apply this script to an incident field, that incident field is hidden for new incidents, and it displays in edit mode. |
FindSimilarIncidents | Finds similar incidents by common incident keys, labels, custom fields or context keys. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
ParseJSON | Parse a given JSON string "value" to a representative object. Example: '{"a": "value"}' => {"a": "value"}. |
DT | This automation allows the usage of DT scripts within playbooks transformers |
SendEmailOnSLABreach | Sends an email informing the user of an SLA breach. The email is sent to the user who is assigned to the incident. It includes the incident name, ID, name of the SLA field that was breached, duration of that SLA field, and the date and time when that SLA was started. |
IncidentAddSystem | Add a remote system (such as a desktop under investigation) to an investigation (this will allow you to install and agent on the system) |
ExtractFQDNFromUrlAndEmail | Extracts FQDNs from URLs and emails. |
PortListenCheck | Checks whether a port was open on given host. |
CIDRBiggerThanPrefix | Checks whether a given CIDR prefix is bigger than the defined maximum prefix. |
IsIntegrationAvailable | Returns 'yes' if integration brand is available. Otherwise returns 'no' |
DecodeMimeHeader | Decode MIME base64 headers. |
TimeStampCompare | Compares a single timestamp to a list of timestamps. |
ContainsCreditCardInfo | Check if a given value is true. Will return 'no' otherwise |
ConvertXmlToJson | Converts XML string to JSON format |
TimeStampToDate | Converts UNIX Epoch time stamp to a simplified extended ISO format string. Use it to convert time stamp to Demisto date field e.g. 1525006939 will return '2018-04-29T13:02:19.000Z' |
StringReplace | Replaces regex match/es in string. |
SetIfEmpty | Checks an object for an empty value and returns a pre-set default value. |
jmespath | Performs a JMESPath search on an input JSON format, when using a transformer. |
MatchRegexV2 | Extracts regex data from the provided text. The script support groups and looping. |
GeneratePassword | This function generates a password and allows various parameters to customize the properties of the password depending on the use case (e.g. password complexity requirements). The default behavior is to generate a password of random length including all four character classes (upper, lower, digits, symbols) with at least five and at most ten characters per class. The min_* values all default to 0. This means that if the command is executed in this way: The debug parameter will print certain properties of the command into the WarRoom for easy diagnostics. |
DemistoVersion | Return the Demisto server version. |
FeedRelatedIndicatorsWidget | Widget script to view information about the relationship between an indicator, entity and other indicators and connect to indicators, if relevant. |
PrettyPrint | Pretty-print data using Python's pprint library. This is useful for seeing the structure of incident and context data. Here's how to use it: !PrettyPrint value=${incident} |
UnPackFile | Deprecated. Use the UnzipFile script instead. UnPack a file using fileName or entryID to specify a file. Files unpacked will be pushed to the war room and names will be pushed to the context. |
IPReputation | A context script for IP entities |
GenerateInvestigationSummaryReport | A script to generate investigation summary report in an automated way |
RepopulateFiles | After running DeleteContext, this script can repopulate all the file entries in the ${File} context key |
ExtractDomainAndFQDNFromUrlAndEmail | Extracts domains and FQDNs from URLs and emails. |
EmailDomainSquattingReputation | Check if an email address's domain is trying to squat other domain using Levenshtein distance algorithm |
VerifyJSON | Verifies if the supplied JSON string is valid and optionally verifies against a provided schema. The script utilizes Powershell's Test-JSON cmdlet. |
SetByIncidentId | Works the same as the 'Set' command, but can work across incidents by specifying 'id' as an argument. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
UtilAnyResults | Utility script to use in playbooks - returns "yes" if the input is non-empty. |
AssignAnalystToIncident | Assign analyst to incident. |
URLReputation | A context script for URL entities |
CreateArray | Will create an array object in context from given string input |
URLDecode | Converts |
BetweenHours | Checks whether the given value is within the specified time (hour) range. |
EmailDomainBlacklist | Accepts an array of domains as a block list, and a list of email addresses. The script then filters out any email address whose domain is in the block list. The filtered list will be returned as an array. |
IsTrue | Check if a given value is true. Will return 'no' otherwise |
ShowLocationOnMap | Show indicator geo location on map |
ChangeRemediationSLAOnSevChange | Changes the remediation SLA once a change in incident severity occurs. |
PCAPMiner | Deprecated. Use PCAPMinerV2 instead. PCAPMiner is a tool to parse PCAP files and will return things like extracted files that are found, HTTP flows, and a variety of other information. It is uses a docker instance located on docker hub trorabaugh/dempcap:1.0. To use simply upload a PCAP file and then run PCAPMiner entryId="<your_entry_id>". To get the entry id click on the link on the top right hand corner of a file attachment. |
GetIndicatorDBotScore | Add into the incident's context the system internal DBot score for the input indicator. |
GetDomainDNSDetails | Returns DNS details for a domain |
StringLength | Returns the length of the string passed as argument |
IsInCidrRanges | Determines whether an IPv4 address is contained in at least one of the comma-delimited CIDR ranges. Multiple IPv4 addresses can be passed comma-delimited and each will be tested. |
ExtractDomainFromUrlAndEmail | Extract Domain(s) from URL(s) and/or Email(s) |
LookupCSV | Parses a CSV and looks for a specific value in a specific column, returning a dict of the entire matching row. If no column value is specified, the entire CSV is read into the context. |
ConvertToSingleElementArray | Converts a single string to an array of that string. |
CopyContextToField | Copy a context key to an incident field of multiple incidents, based on an incident query. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
DisplayHTML | Display HTML in the War Room. |
checkValue | Gets a value and return it. This is to be used in playbook conditional tasks - get a value from incident field, label or context, and act accordingly. |
EmailReputation | A context script for Email entities |
URLEncode | Encodes a URL string by replacing special characters in the string using the %xx escape. For example: https://example.com converts to https:%2F%2Fexample.com. |
Set | Set a value in context under the key you entered. |
PublishEntriesToContext | Publish entries to incident's context |
AddKeyToList | Adds/Replaces a key in key/value store backed by an XSOAR list. |
IsInternalHostName | Checks if the supplied hostnames match either the organization's internal naming convention or the domain suffix. |
DBotClosedIncidentsPercentage | Data output script for populating dashboard pie graph widget with the percentage of incidents closed by DBot vs. incidents closed by analysts |
GetRange | Gets specified indexes of a list. |
SendMessageToOnlineUsers | Send message to Demisto online users over Email, Slack, Mattermost or all. |
EmailDomainWhitelist | Accepts an array of domains as an allow list, and a list of email addresses. The script then filters out any email address whose domain is not in the allow list. The filtered list will be returned as an array. |
ticksToTime | Converting time in Ticks to readable time. Ticks are used to represent time by some vendors, most commonly by Microsoft. |
StringContainsArray | Checks whether a substring or an array of substrings is within a string array(each item will be checked). Supports single strings as well. For example, for substrings ['a','b','c'] in a string 'a' the script will return true. |
SearchIncidentsV2 | Searches Demisto incidents. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
RegexGroups | Extraction of elements which are contained in all the subgroups of the match to the pattern. |
FileReputation | A context script for hash entities |
ReadPDFFileV2 | Load a PDF file's content and metadata into context. |
FormatURL | Strips, unquotes and unescapes URLs. If the URL is a Proofpoint or ATP URL, extracts its redirect URL. |
NumberOfPhishingAttemptPerUser | Shows a bar chart of the number of incident the 'To' and 'From' email addresses. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
TopMaliciousRatioIndicators | Find the top malicious ratio indicators. |
ReverseList | Reverse a list This is an example for entire-list transformer - it operates the argument as a list (note the "entirelist" tag) |
GetEnabledInstances | Gets all currently enabled integration instances. |
JoinIfSingleElementOnly | Return the single element in case the array has only 1 element in it, otherwise return the whole array |
GenericPollingScheduledTask | Runs the polling command repeatedly, completes a blocking manual task when polling is done. |
MaliciousRatioReputation | Set indicator reputation to "suspicious" when malicious ratio is above threshold. |
IsUrlPartOfDomain | Checks if the supplied URLs are in the specified domains. |
ContextFilter | Filter context keys by applying one of the various available manipulations and storing in a new context key. Please notice that the resulting context key will not be available automatically as an option but you can still specify it. |
ChangeContext | Enables changing context in two ways. The first is to capitalize the first letter of each key in following level of the context key entered. The second is to change context keys to new values. |
ConvertDatetoUTC | Converts a date from a different timezone to UTC timezone. |
ContextContains | This script searches for a value in a context path. |
GetIndicatorDBotScoreFromCache | Get the overall score for the indicator as calculated by DBot. |
Base64Decode | Decodes an input in Base64 format. |
ContextGetHashes | Gets hashes (MD5,SHA1,SHA256) from context. |
SetTime | Fill the current time in a custom incident field |
ProvidesCommand | Finds which integrations implement a specific Demisto command. The results will be returned as comma-separated values (CSV). The "Demisto REST API" integration must first be enabled. |
EmailAskUser | Ask a user a question via email and process the reply directly into the investigation. |
SetAndHandleEmpty | Set a value in context under the key you entered. If no value is entered, the script doesn't do anything. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
ConvertXmlFileToJson | Converts XML file entry to JSON format |
MapValuesTransformer | This script converts the input value into another value using two lists. The input value is searched in the first list (input_values). Example 1: input_values = "1,2,3,4" Output would be "2" Example 2: input_values ="firstkey: datahere,secondkey: datathere" Output would be: The reason for matching the key AND value pair in a dictionary is to allow the mappig of values that have a specific key name. In most cases, dictionaries will continan key-value pairs in which the values are the same. You might want to change the value of KeyA, but not the value of KeyB. This method gives control over which key is changed. When the input is a dict, str , int, or list, the output is ALWAYS returned as a string. |
IsGreaterThan | Checks if one number(float) as bigger than the other(float) |
ConvertFile | Converts a file from one format to a different format by using the convert-to function of Libre Office. For a list of supported input/output formats see: https://wiki.openoffice.org/wiki/Framework/Article/Filter/FilterList_OOo_3_0 |
LastArrayElement | Returns the last element of an array. If the value passed is not an array, it returns the original value that was passed. |
CompareLists | Compare two lists and put the differences in context. |
ToTable | Convert an array to a nice table display. Usually, from the context. |
GetListRow | Parses a list by header and value. |
PositiveDetectionsVSDetectionEngines | Shows a bar chart of the number of Positive Detections out of overall detections |
Pack Name | Pack By |
---|---|
Base | By: Cortex XSOAR |
DemistoRESTAPI | By: Cortex XSOAR |
Pack Name | Pack By |
---|---|
SumoLogic | By: Cortex XSOAR |
MicrosoftGraphMail | By: Cortex XSOAR |
EWSMailSender | By: Cortex XSOAR |
ProtectWise | By: Cortex XSOAR |
Gmail | By: Cortex XSOAR |
GmailSingleUser | By: Cortex XSOAR |
MailSenderNew | By: Cortex XSOAR |
Elasticsearch | By: Cortex XSOAR |
MicrosoftGraphListener | By: Cortex XSOAR |
RemoteAccess | By: Cortex XSOAR |
Shodan | By: Cortex XSOAR |
Scripts
PortListenCheck
- Fixed an issue where the port argument was not required.
- Updated the Docker image to: demisto/python3:3.10.4.29342.
Scripts
- JsonToTable
- Fixed an issue where array string values failed to transform in playbooks.
- Updated the Docker image to demisto/python3:3.10.4.29342.
Scripts
CalculateTimeDifference
- Updated the Docker image to: demisto/python:2.7.18.27799.
CompareIncidentsLabels
- Updated the Docker image to: demisto/python:2.7.18.27799.
CopyContextToField
- Updated the Docker image to: demisto/python:2.7.18.27799.
ExtractIndicatorsFromTextFile
- Updated the Docker image to: demisto/python:2.7.18.27799.
FileToBase64List
- Updated the Docker image to: demisto/python:2.7.18.27799.
FilterByList
- Updated the Docker image to: demisto/python:2.7.18.27799.
GetDockerImageLatestTag
- Updated the Docker image to: demisto/python:2.7.18.27799.
GetStringsDistance
- Updated the Docker image to: demisto/python:2.7.18.27799.
HTTPListRedirects
- Updated the Docker image to: demisto/python:2.7.18.27799.
IdentifyAttachedEmail
- Updated the Docker image to: demisto/python:2.7.18.27799.
IndicatorMaliciousRatioCalculation
- Updated the Docker image to: demisto/python:2.7.18.27799.
JSONFileToCSV
- Updated the Docker image to: demisto/python:2.7.18.27799.
JSONtoCSV
- Updated the Docker image to: demisto/python:2.7.18.27799.
ParseCSV
- Updated the Docker image to: demisto/python:2.7.18.27799.
PortListenCheck
- Updated the Docker image to: demisto/python:2.7.18.27799.
Scripts
ParseEmailFilesV2
- Added support to extract RTF body from msg emails.
- Updated the Docker image to: demisto/parse-emails:1.0.0.29621.
Scripts
FindSimilarIncidents
- Fixed an issue where in some cases the incident query used for the search was malformed.
- Updated the Docker image to: demisto/python:2.7.18.27799.
- Documentation and metadata improvements.
Scripts
ZipStrings
- Added support for non-array strings.
Scripts
ReadPDFFileV2
- Fixed an issue where embedded URLs (URLs that were linked to images) weren't extracted from some PDF files.
fetch_indicators_command
Scripts
New: CIDRBiggerThanPrefix
Checks if the CIDR prefix is larger than a specified prefix size.
New: CheckIfSubdomain
Checks if a given domain is a subdomain of one of the internal domains.
IsInCidrRanges
Updated to check a list of IPs and not just one.
Scripts
IPToHost
- Fixed an issue where the raw response did not output correctly.
- Updated the Docker image to: demisto/python3:3.10.4.28442.
ParseEmailFilesV2
- Updated the Docker image to: demisto/parse-emails:1.0.0.28672.
Scripts
ParseEmailFiles
- Fixed an issue where a long subject with special characters was not parsed properly.
Scripts
SearchIncidentsV2
- Fixed an issue where the script failed when the given id argument was of type int.
- Updated the Docker image to: demisto/python3:3.10.4.28442.
Scripts
FormatURL
- URLs with invalid TLDs (shorter than two letters) will be ignored now.
IncidentFields
- Fixed an error where this script would fail if incident fields were not properly configured.
Scripts
New: ExtractInbetween
- Extract a string from an existing string. (Available from Cortex XSOAR 5.5.0).
- Updated the Docker image to: demisto/python3:3.10.4.27798.
Scripts
ModifyDateTime
- Added type validations and other internal code improvements.
BetweenHours
- Added type validations and other internal code improvements.
PcapHTTPExtractor
- Added type validations and other internal code improvements.
IPNetwork
- Added type validations and other internal code improvements.
ReadFile
- Added type validations and other internal code improvements.
BetweenDates
- Added type validations and other internal code improvements.
GetDuplicatesMlv2
- Added type validations and other internal code improvements.
ParseEmailFiles
- Added type validations and other internal code improvements.
ParseCSV
- Added type validations and other internal code improvements.
TimeStampCompare
- Added type validations and other internal code improvements.
AfterRelativeDate
- Added type validations and other internal code improvements.
FormattedDateToEpoch
- Added type validations and other internal code improvements.
Scripts
SearchIncidentsV2
- Updated the Docker image to: demisto/python3:3.10.1.27636.
- Fixed an issue where the script failed execution when run with multiple id.
Scripts
ScheduleGenericPolling
- Updated the Docker image to: demisto/python:2.7.18.24398.
URLReputation
- Updated the Docker image to: demisto/python:2.7.18.24398.
UtilAnyResults
- Updated the Docker image to: demisto/python:2.7.18.24398.
hideFieldsOnNewIncident
- Updated the Docker image to: demisto/python:2.7.18.24398.
Scripts
IsEmailAddressInternal
- Updated the Docker image to: demisto/python:2.7.18.24398.
IsIntegrationAvailable
- Updated the Docker image to: demisto/python:2.7.18.24398.
JoinIfSingleElementOnly
- Updated the Docker image to: demisto/python:2.7.18.24398.
MaliciousRatioReputation
- Updated the Docker image to: demisto/python:2.7.18.24398.
MarkAsNoteByTag
- Updated the Docker image to: demisto/python:2.7.18.24398.
PrintContext
- Updated the Docker image to: demisto/python:2.7.18.24398.
PrintErrorEntry
- Updated the Docker image to: demisto/python:2.7.18.24398.
ResolveShortenedURL
- Updated the Docker image to: demisto/python:2.7.18.24398.
RunDockerCommand
- Updated the Docker image to: demisto/python:2.7.18.24398.
SCPPullFiles
- Updated the Docker image to: demisto/python:2.7.18.24398.
SSDeepReputation
- Updated the Docker image to: demisto/python:2.7.18.24398.
SendEmailOnSLABreach
- Updated the Docker image to: demisto/python:2.7.18.24398.
SetDateField
- Updated the Docker image to: demisto/python:2.7.18.24398.
SetMultipleValues
- Updated the Docker image to: demisto/python:2.7.18.24398.
SetTime
- Updated the Docker image to: demisto/python:2.7.18.24398.
StopScheduledTask
- Updated the Docker image to: demisto/python:2.7.18.24398.
Strings
- Updated the Docker image to: demisto/python:2.7.18.24398.
TextFromHTML
- Updated the Docker image to: demisto/python:2.7.18.24398.
URLNumberOfAds
- Updated the Docker image to: demisto/python:2.7.18.24398.
Scripts
FormatURL
- The script now removes a trailing square bracket from the URL if there is any.
- Updated the docker image to demisto/python3:3.10.1.26972
Scripts
JsonToTable
- Fixed an issue where string values failed to transform in playbooks.
Scripts
New: ZipStrings
- You can now join strings from 2 lists. Available from Cortex XSOAR 6.0.0.
Scripts
ParseEmailFilesV2
- Added support for the nesting_level_to_return argument.
UnzipFile
- Added the nonsensitive_password argument for inserting the file's password when using the script in a playbook.
Scripts
SearchIncidentsV2
- Added support for parsing relative timeframes in the fromdate and todate arguments.
- Added the searchresultslabel argument.
Scripts
GetIndicatorDBotScore
- Fixed an issue where a message was unnecessary auto extracted.
Scripts
New: GetRange
- Get a range of indexes from a list. (Available from Cortex XSOAR 5.5.0)
Scripts
SearchIncidentsV2
- Added the trim_events argument to limit the number of events returned from incidents.
Scripts
New: HttpV2
- Sends a HTTP request with advanced capabilities (Available from Cortex XSOAR 6.5.0).
Scripts
SetGridField
- Fixed an issue where an empty grid field returned null, which caused the script to raise an exception.
- Upgraded the Docker image to: demisto/pandas:1.0.0.26289.
ParseEmailFiles
- Added support for the nesting_level_to_return argument.
Scripts
ReadPDFFileV2
- Fixed an issue where the script used an invalid regex to extract URLs.
Scripts
FormatURL
- Added Regex extract original URL from FireEye Safe URL.
- Updated the Docker image to: demisto/python3:3.10.1.25933.
Scripts
FormatURL
- Improved the script logging.
- Updated the Docker image to: demisto/python3:3.10.1.25933.
Scripts
New: ParseEmailFilesV2
- Parse an email from an eml or msg file using the parse-emails XSOAR python package, and populate relevant fields and data into an XSOAR investigation.
- The script is being released in Beta mode, after 3 months it will be GA and will officially replace the ParseEmailFiles script.
Scripts
ConvertFile
- Updated the Docker image to: demisto/office-utils:2.0.0.23094.
Scripts
ParseEmailFiles
- Fixed an issue that when parsing EML files, the message-id field is not parsed to the correct spelling in the context output.
Scripts
If-Then-Else
- Fixed an issue where 'No result returned' is displayed when returning an empty value.
Scripts
SetAndHandleEmpty
- Fixed an issue where the values are appended regardless
append = false
when running in sub playbooks.
ShowLocationOnMap
- Improved error handling when no location exists.
- Updated the Docker image to: demisto/python3:3.10.1.25933.
Scripts
ShowLocationOnMap
- Improved error handling when no location exists.
- Updated the Docker image to: demisto/python3:3.10.1.25933.
Scripts
GetIndicatorDBotScore
- Fixed an issue where IPv6 indicator types were not mapped to a DBotScoreType.
- Updated the Docker image to: demisto/python3:3.10.1.25933.
Scripts
ReadPDFFileV2
- Added DBotRole permission to the script.
Scripts
ShowLocationOnMap
- Improved the implementation of the ShowLocationOnMap script to parse by
:
separator, along with,
separator.
New: FormatURL
- FormatURL: Strips, unquotes and unescapes URLs. If the URL is a Proofpoint or ATP URL, extracts its redirect URL. (Available from Cortex XSOAR 5.5.0).
Scripts
SetAndHandleEmpty
- Added the force argument to allow setting falsy values.
- Updated the Docker image to: demisto/python3:3.9.9.25564.
Scripts
DeleteContext
- Reverted the runas argument to the value "DBotRole".
Scripts
FindSimilarIncidents
- Fixed an issue with Incidents fields who has the type list.
- Fixed an issue where some values of incidents fields caused an escape sequence error.
Scripts
ExtractDomainAndFQDNFromUrlAndEmail
- You can now check only TLD, the script no longer supports URLs and emails.
- Improved implementation of the script to avoid extraction of ZIP files.
- Improved implementation of the script to extract only full domain.
Scripts
ParseEmailFiles
- Fixed an issue where the attachment name is not shown in the war room.
Scripts
DockerHardeningCheck
- Updated the Docker image to: demisto/python3:3.9.8.24399.
DumpJSON
- Updated the Docker image to: demisto/python3:3.9.8.24399.
EditServerConfig
- Updated the Docker image to: demisto/python3:3.9.8.24399.
EmailDomainBlacklist
- Updated the Docker image to: demisto/python3:3.9.8.24399.
EmailDomainWhitelist
- Updated the Docker image to: demisto/python3:3.9.8.24399.
ExtractEmailV2
- Updated the Docker image to: demisto/python3:3.9.8.24399.
FeedRelatedIndicatorsWidget
- Updated the Docker image to: demisto/python3:3.9.8.24399.
FirstArrayElement
- Updated the Docker image to: demisto/python3:3.9.8.24399.
GenerateRandomUUID
- Updated the Docker image to: demisto/python3:3.9.8.24399.
GetByIncidentId
- Updated the Docker image to: demisto/python3:3.9.8.24399.
GetEnabledInstances
- Updated the Docker image to: demisto/python3:3.9.8.24399.
GetFieldsByIncidentType
- Updated the Docker image to: demisto/python3:3.9.8.24399.
GetIndicatorDBotScore
- Updated the Docker image to: demisto/python3:3.9.8.24399.
GetIndicatorDBotScoreFromCache
- Updated the Docker image to: demisto/python3:3.9.8.24399.
GetValuesOfMultipleFields
- Updated the Docker image to: demisto/python3:3.9.8.24399.
GetListRow
- Updated the Docker image to: demisto/python3:3.9.8.24399.
GreaterCidrNumAddresses
- Updated the Docker image to: demisto/python3:3.9.8.24399.
IPNetwork
- Updated the Docker image to: demisto/python3:3.9.8.24399.
InRange
- Updated the Docker image to: demisto/python3:3.9.8.24399.
IncidentFields
- Updated the Docker image to: demisto/python3:3.9.8.24399.
IsInternalDomainName
- Updated the Docker image to: demisto/python3:3.9.8.24399.
IsInternalHostName
- Updated the Docker image to: demisto/python3:3.9.8.24399.
IsListExist
- Updated the Docker image to: demisto/python3:3.9.8.24399.
IsUrlPartOfDomain
- Updated the Docker image to: demisto/python3:3.9.8.24399.
LastArrayElement
- Updated the Docker image to: demisto/python3:3.9.8.24399.
ListUsedDockerImages
- Updated the Docker image to: demisto/python3:3.9.8.24399.
LoadJSON
- Updated the Docker image to: demisto/python3:3.9.8.24399.
Scripts
PortListenCheck
- Updated the Docker image to: demisto/python:2.7.18.24398.
ReadFile
- Updated the Docker image to: demisto/python:2.7.18.24398.
StopTimeToAssignOnOwnerChange
- Updated the Docker image to: demisto/python:2.7.18.24398.
URLSSLVerification
- Updated the Docker image to: demisto/python:2.7.18.24398.
Base64ListToFile
- Updated the Docker image to: demisto/python:2.7.18.24398.
BinarySearchPy
- Updated the Docker image to: demisto/python:2.7.18.24398.
ChangeRemediationSLAOnSevChange
- Updated the Docker image to: demisto/python:2.7.18.24398.
CheckSenderDomainDistance
- Updated the Docker image to: demisto/python:2.7.18.24398.
CloseInvestigationAsDuplicate
- Updated the Docker image to: demisto/python:2.7.18.24398.
ContextContains
- Updated the Docker image to: demisto/python:2.7.18.24398.
DecodeMimeHeader
- Updated the Docker image to: demisto/python:2.7.18.24398.
DisplayHTML
- Updated the Docker image to: demisto/python:2.7.18.24398.
DomainReputation
- Updated the Docker image to: demisto/python:2.7.18.24398.
EmailReputation
- Updated the Docker image to: demisto/python:2.7.18.24398.
EncodeToAscii
- Updated the Docker image to: demisto/python:2.7.18.24398.
FileReputation
- Updated the Docker image to: demisto/python:2.7.18.24398.
GenerateRandomString
- Updated the Docker image to: demisto/python:2.7.18.24398.
IPReputation
- Updated the Docker image to: demisto/python:2.7.18.24398.
IPToHost
- Updated the Docker image to: demisto/python:2.7.18.24398.
Scripts
GetTime
- Updated the script's arguments' description.
Parse Email Files
Scripts
AddDBotScoreToContext
- Updated the Docker image to: demisto/python3:3.9.8.24399.
AddKeyToList
- Updated the Docker image to: demisto/python3:3.9.8.24399.
AfterRelativeDate
- Updated the Docker image to: demisto/python3:3.9.8.24399.
Base64Decode
- Updated the Docker image to: demisto/python3:3.9.8.24399.
Base64EncodeV2
- Updated the Docker image to: demisto/python3:3.9.8.24399.
BetweenDates
- Updated the Docker image to: demisto/python3:3.9.8.24399.
BetweenHours
- Updated the Docker image to: demisto/python3:3.9.8.24399.
CalculateEntropy
- Updated the Docker image to: demisto/python3:3.9.8.24399.
ChangeContext
- Updated the Docker image to: demisto/python3:3.9.8.24399.
CheckContextValue
- Updated the Docker image to: demisto/python3:3.9.8.24399.
CheckFieldValue
- Updated the Docker image to: demisto/python3:3.9.8.24399.
CompareLists
- Updated the Docker image to: demisto/python3:3.9.8.24399.
ConvertAllExcept
- Updated the Docker image to: demisto/python3:3.9.8.24399.
ConvertDatetoUTC
- Updated the Docker image to: demisto/python3:3.9.8.24399.
ConvertToSingleElementArray
- Updated the Docker image to: demisto/python3:3.9.8.24399.
CopyNotesToIncident
- Updated the Docker image to: demisto/python3:3.9.8.24399.
CreateIndicatorsFromSTIX
- Updated the Docker image to: demisto/python3:3.9.8.24399.
Cut
- Updated the Docker image to: demisto/python3:3.9.8.24399.
DateStringToISOFormat
- Updated the Docker image to: demisto/python3:3.9.8.24399.
DemistoVersion
- Updated the Docker image to: demisto/python3:3.9.8.24399.
Scripts
SearchIncidentsV2
Fixed an issue where the type and name filters did not work properly.
Scripts
PositiveDetectionsVSDetectionEngines
- Maintenance and stability enhancements.
- Updated the Docker image to: demisto/python3:3.9.8.24399.
Scripts
ParseEmailFiles
- Fixed an issue where the encoding of an attachment name was not handled properly.
Scripts
Removed the Condition
tag from GetStringsDistance.
Scripts
FormattedDateToEpoch
- Added support to FormattedDateToEpoch to work without the formatter argument.
- Updated the Docker image to: demisto/python3:3.9.8.24399.
Scripts
ParseJSON
- Documentation and metadata improvements.
ExtractIndicatorsFromWordFile
- Fixed an issue where the script could not find the file when running in the sub-playbook.
Scripts
CalculateTimeDifference
- Updated the Docker image to: demisto/python:2.7.18.24398.
FileToBase64List
- Updated the Docker image to: demisto/python:2.7.18.24398.
FilterByList
- Updated the Docker image to: demisto/python:2.7.18.24398.
GetDockerImageLatestTag
- Updated the Docker image to: demisto/python:2.7.18.24398.
HTTPListRedirects
- Updated the Docker image to: demisto/python:2.7.18.24398.
IdentifyAttachedEmail
- Updated the Docker image to: demisto/python:2.7.18.24398.
JSONFileToCSV
- Updated the Docker image to: demisto/python:2.7.18.24398.
JSONtoCSV
- Updated the Docker image to: demisto/python:2.7.18.24398.
ParseCSV
- Updated the Docker image to: demisto/python:2.7.18.24398.
Scripts
EmailDomainWhitelist
- Documentation fixes
EmailDomainBlacklist
- Documentation fixes
Scripts
JsonToTable
- Added the json_transform_properties argument to JsonToTable. to set properties to transform complex JSONs to markdown.
- Added the is_auto_json_transform argument to JsonToTable to try transforming complex JSONs automatically.
Scripts
Multiple Scrips Changes:
Added reference to permissions in description and README.
- GetEnabledInstances
- findIncidentsWithIndicator
- DBotClosedIncidentsPercentage
- ChangeRemediationSLAOnSevChange
- IndicatorMaliciousRatioCalculation
- RunPollingCommand
- FindSimilarIncidents
- SetAndHandleEmpty
- ExtractIndicatorsFromWordFile
- SearchIncidentsV2
- ReadPDFFileV2
- DeleteContext
- NumberOfPhishingAttemptPerUser
- GetDuplicatesMlv2
- SetByIncidentId
- CompareIncidentsLabels
- CopyContextToField
- ExtractIndicatorsFromTextFile
- MarkRelatedIncidents
Scripts
TopMaliciousRatioIndicators
- Fixed an issue where the script failed to run if no indicators were found.
Scripts
LinkIncidentsWithRetry
- Updated the Docker image to: demisto/python3:3.9.8.24399.
- Updated the LinkIncidentWithRety script with up to date Python code.
Scripts
DT
- Fixed an issue where non-ascii characters were causing the script to fail.
- Updated the script to Python 3.
- Updated the docker image to demisto/python3:3.9.8.24399.
FailedInstances
- Maintenance and stability enhancements.
Scripts
FailedInstances
Fixed an issue where the script added an empty element to the beginning of the failed_instances list.
Scripts
ParseEmailFiles
- Fixed an issue where multiline 'From' headers that contained a comma character were incorrectly parsed in a windows format.
Scripts
ExtractAttackPattern
- Maintenance and stability enhancements.
- Updated the Docker image to: 3.9.8.24399.
Scripts
RegexExtractAll
- Added an unpack_matches argument to allow unpacking tuple of values in the results.
UnzipFile
- Added support for tar and tar.gz formats.
UnPackFile
- Deprecated. Use the UnzipFile script instead.
ExtractIndicatorsFromWordFile
- The automation poses no security concern and was changed to execute with DBot role.
ExtractIndicatorsFromTextFile
- The automation poses no security concern and was changed to execute with DBot role.
ReadPDFFileV2
- The automation poses no security concern and was changed to execute with DBot role.
Scripts
RegexGroups
- Added an argument (flags) to support some pattern matching options (dotall, multiline, ignorecase and unicode).
Scripts
ParseHTMLIndicators
- Added the script outputs.
- Added handling for CVE indicators.
Scripts
Breaking Change The following breaking change applies for organizations that implement pre-set roles on their incidents:
DBotRole has been removed from these automations. This change will affect any playbook that is dependent on, or runs, these automations.
These automations will now run using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
- ##### CompareIncidentsLabels
- ##### SearchIncidentsV2
- ##### FindSimilarIncidents
- ##### ExtractIndicatorsFromWordFile
- ##### ExtractIndicatorsFromTextFile
- ##### IndicatorMaliciousRatioCalculation
- ##### DeleteContext
- ##### CopyContextToField
- ##### MarkRelatedIncidents
- ##### SetAndHandleEmpty
- ##### SetByIncidentId
- ##### ReadPDFFileV2
- ##### GetDuplicatesMlv2
- ##### findIncidentsWithIndicator
- ##### NumberOfPhishingAttemptPerUser
Scripts
ReadPDFFileV2
- Updated the Docker image to: demisto/readpdf:1.0.0.24272.
Scripts
ExtractEmailV2
- Changed emailRegex to limit the local part to 64 characters and the domain part to 253 characters per RFC3696.
Scripts
LanguageDetect
- Updated the Docker image to: demisto/langdetect:1.0.0.24247.
ParseWordDoc
- Updated the Docker image to: demisto/docxpy:1.0.0.24033.
ParseExcel
- Updated the Docker image to: demisto/xlrd-py3:1.0.0.23423.
PDFUnlocker
- Updated the Docker image to: devdemisto/pypdf2:1.0.0.24259.
Scripts
UnEscapeURLs
- Fixed an issue where urls with
hXXp
prefix were not extracted correctly.
Scripts
IndicatorMaliciousRatioCalculation
- Added the fromDate argument to improve query performance.
Scripts
UnzipFile
- Fixed an issue where password protected rar files would return a timeout error.
- Updated the Docker image to: demisto/unzip:1.0.0.23423.
ExtractHTMLTables
- Updated the Docker image to: demisto/bs4:1.0.0.24033.
Scripts
New: GetEnabledInstances
- Gets all currently enabled integration instances. (Available from Cortex XSOAR 6.0.0).
Scripts
ParseEmailFiles
- Fixed an issue where multiline 'From' headers were incorrectly parsed in a windows format.
Scripts
GetIndicatorDBotScore
- Updated the Docker image to: demisto/python3:3:3.9.7.24076.
DumpJSON
- Updated the Docker image to: demisto/python3:3:3.9.7.24076.
InRange
- Updated the Docker image to: demisto/python3:3:3.9.7.24076.
IsListExist
- Updated the Docker image to: demisto/python3:3:3.9.7.24076.
LoadJSON
- Updated the Docker image to: demisto/python3:3:3.9.7.24076.
RepopulateFiles
- Updated the Docker image to: demisto/python3:3:3.9.7.24076.
ReverseList
- Updated the Docker image to: demisto/python3:3:3.9.7.24076.
SetByIncidentId
- Updated the Docker image to: demisto/python3:3:3.9.7.24076.
SetIfEmpty
- Updated the Docker image to: demisto/python3:3:3.9.7.24076.
Scripts
New: EditServerConfig
- Added a new script that allows updating or deleting the values of server configuration keys (available from XSOAR 6.0.0).
Scripts
ListUsedDockerImages
- Improve the output for the ListUsedDockerImages to ignore the disabled integration and disabled automation.
Scripts
JsonToTable
- Added the headers argument.
Scripts
URLSSLVerification
- Added the argument set_http_as_suspicious that will allow the user to choose whether to set the URL as Suspicious in case that the URL starts with HTTP and not HTTPS.
Scripts
FindSimilarIncidents
- Updated the Docker image to: demisto/python:2.7.18.24066.
JSONFileToCSV
- Updated the Docker image to: demisto/python:2.7.18.24066.
LoadJSON
- Updated the Docker image to: demisto/python:2.7.18.24066.
RunPollingCommand
- Updated the Docker image to: demisto/python:2.7.18.24066.
ScheduleGenericPolling
- Updated the Docker image to: demisto/python:2.7.18.24066.
DecodeMimeHeader
- Updated the Docker image to: demisto/python:2.7.18.24066.
IsRFC1918Address
- Updated the Docker image to: demisto/netutils:1.0.0.24101.
Scripts
New: ListUsedDockerImages
List the Docker images used by the installed integrations and automations.
Scripts
ConvertDatetoUTC
- Updated the Docker image to: demisto/python3:3.9.7.24076.
LastArrayElement
- Updated the Docker image to: demisto/python3:3.9.7.24076.
URLNumberOfAds
- Updated the Docker image to: demisto/python:2.7.18.24066.
DemistoVersion
- Updated the Docker image to: demisto/python3:3.9.7.24076.
GetListRow
- Updated the Docker image to: demisto/python3:3.9.7.24076.
RegexExtractAll
- Updated the Docker image to: demisto/python3:3.9.7.24076.
DateStringToISOFormat
- Updated the Docker image to: demisto/python3:3.9.7.24076.
CheckContextValue
- Updated the Docker image to: demisto/python3:3.9.7.24076.
TopMaliciousRatioIndicators
- Updated the Docker image to: demisto/python:2.7.18.24066.
EmailReputation
- Updated the Docker image to: demisto/python:2.7.18.24066.
UtilAnyResults
- Updated the Docker image to: demisto/python:2.7.18.24066.
JsonToTable
- Updated the Docker image to: demisto/python3:3.9.7.24076.
ConvertAllExcept
- Updated the Docker image to: demisto/python3:3.9.7.24076.
IsInternalDomainName
- Updated the Docker image to: demisto/python3:3.9.7.24076.
DomainReputation
- Updated the Docker image to: demisto/python:2.7.18.24066.
ExtractAttackPattern
- Updated the Docker image to: demisto/python3:3.9.7.24076.
BetweenHours
- Updated the Docker image to: demisto/python3:3.9.7.24076.
MapValuesTransformer
- Updated the Docker image to: demisto/python3:3.9.7.24076.
VerifyIPv6Indicator
- Updated the Docker image to: demisto/python3:3.9.7.24076.
FileToBase64List
- Updated the Docker image to: demisto/python:2.7.18.24066.
CheckFieldValue
- Updated the Docker image to: demisto/python3:3.9.7.24076.
LookupCSV
- Updated the Docker image to: demisto/python3:3.9.7.24076.
SetDateField
- Updated the Docker image to: demisto/python:2.7.18.24066.
FileReputation
- Updated the Docker image to: demisto/python:2.7.18.24066.
ModifyDateTime
- Updated the Docker image to: demisto/python3:3.9.7.24076.
ContextContains
- Updated the Docker image to: demisto/python:2.7.18.24066.
GetStringsDistance
- Updated the Docker image to: demisto/python:2.7.18.24066.
URLDecode
- Updated the Docker image to: demisto/python3:3.9.7.24076.
OnionURLReputation
- Updated the Docker image to: demisto/python3:3.9.7.24076.
CompareLists
- Updated the Docker image to: demisto/python3:3.9.7.24076.
FeedRelatedIndicatorsWidget
- Updated the Docker image to: demisto/python3:3.9.7.24076.
IsListExist
- Updated the Docker image to: demisto/python:2.7.18.24066.
NumberOfPhishingAttemptPerUser
- Updated the Docker image to: demisto/python3:3.9.7.24076.
CreateIndicatorsFromSTIX
- Updated the Docker image to: demisto/python3:3.9.7.24076.
LinkIncidentsWithRetry
- Updated the Docker image to: demisto/python:2.7.18.24066.
ReverseList
- Updated the Docker image to: demisto/python:2.7.18.24066.
SCPPullFiles
- Updated the Docker image to: demisto/python:2.7.18.24066.
CloseInvestigationAsDuplicate
- Updated the Docker image to: demisto/python:2.7.18.24066.
ReadFile
- Updated the Docker image to: demisto/python:2.7.18.24066.
MaliciousRatioReputation
- Updated the Docker image to: demisto/python:2.7.18.24066.
SetByIncidentId
- Updated the Docker image to: demisto/python:2.7.18.24066.
EmailDomainWhitelist
- Updated the Docker image to: demisto/python3:3.9.7.24076.
ParseCSV
- Updated the Docker image to: demisto/python:2.7.18.24066.
ShowLocationOnMap
- Updated the Docker image to: demisto/python3:3.9.7.24076.
PortListenCheck
- Updated the Docker image to: demisto/python:2.7.18.24066.
BetweenDates
- Updated the Docker image to: demisto/python3:3.9.7.24076.
EmailDomainBlacklist
- Updated the Docker image to: demisto/python3:3.9.7.24076.
PopulateCriticalAssets
- Updated the Docker image to: demisto/python3:3.9.7.24076.
DT
- Updated the Docker image to: demisto/python:2.7.18.24066.
RepopulateFiles
- Updated the Docker image to: demisto/python:2.7.18.24066.
FilterByList
- Updated the Docker image to: demisto/python:2.7.18.24066.
IsInternalHostName
- Updated the Docker image to: demisto/python3:3.9.7.24076.
AddKeyToList
- Updated the Docker image to: demisto/python3:3.9.7.24076.
GetDockerImageLatestTag
- Updated the Docker image to: demisto/python:2.7.18.24066.
SSDeepReputation
- Updated the Docker image to: demisto/python:2.7.18.24066.
IPNetwork
- Updated the Docker image to: demisto/python3:3.9.7.24076.
CalculateEntropy
- Updated the Docker image to: demisto/python3:3.9.7.24076.
GetValuesOfMultipleFields
- Updated the Docker image to: demisto/python3:3.9.7.24076.
ProductJoin
- Updated the Docker image to: demisto/python3:3.9.7.24076.
GetByIncidentId
- Updated the Docker image to: demisto/python3:3.9.7.24076.
ExtractEmailV2
- Updated the Docker image to: demisto/python3:3.9.7.24076.
ConvertToSingleElementArray
- Updated the Docker image to: demisto/python3:3.9.7.24076.
PrintContext
- Updated the Docker image to: demisto/python:2.7.18.24066.
AfterRelativeDate
- Updated the Docker image to: demisto/python3:3.9.7.24076.
SetAndHandleEmpty
- Updated the Docker image to: demisto/python3:3.9.7.24076.
SendEmailOnSLABreach
- Updated the Docker image to: demisto/python:2.7.18.24066.
TextFromHTML
- Updated the Docker image to: demisto/python:2.7.18.24066.
LowerCidrNumAddresses
- Updated the Docker image to: demisto/python3:3.9.7.24076.
IsUrlPartOfDomain
- Updated the Docker image to: demisto/python3:3.9.7.24076.
Base64EncodeV2
- Updated the Docker image to: demisto/python3:3.9.7.24076.
IsIntegrationAvailable
- Updated the Docker image to: demisto/python:2.7.18.24066.
RegexGroups
- Updated the Docker image to: demisto/python3:3.9.7.24076.
JoinIfSingleElementOnly
- Updated the Docker image to: demisto/python:2.7.18.24066.
SetIfEmpty
- Updated the Docker image to: demisto/python:2.7.18.24066.
HTTPListRedirects
- Updated the Docker image to: demisto/python:2.7.18.24066.
BinarySearchPy
- Updated the Docker image to: demisto/python:2.7.18.24066.
CopyNotesToIncident
- Updated the Docker image to: demisto/python3:3.9.7.24076.
ResolveShortenedURL
- Updated the Docker image to: demisto/python:2.7.18.24066.
URLReputation
- Updated the Docker image to: demisto/python:2.7.18.24066.
FormattedDateToEpoch
- Updated the Docker image to: demisto/python3:3.9.7.24076.
StripChars
- Updated the Docker image to: demisto/python3:3.9.7.24076.
CheckSenderDomainDistance
- Updated the Docker image to: demisto/python:2.7.18.24066.
GreaterCidrNumAddresses
- Updated the Docker image to: demisto/python3:3.9.7.24076.
ChangeContext
- Updated the Docker image to: demisto/python3:3.9.7.24076.
ChangeRemediationSLAOnSevChange
- Updated the Docker image to: demisto/python:2.7.18.24066.
SetTime
- Updated the Docker image to: demisto/python:2.7.18.24066.
ProvidesCommand
- Updated the Docker image to: demisto/python3:3.9.7.24076.
DumpJSON
- Updated the Docker image to: demisto/python:2.7.18.24066.
SumList
- Updated the Docker image to: demisto/python3:3.9.7.24076.
FirstArrayElement
- Updated the Docker image to: demisto/python3:3.9.7.24076.
Base64Decode
- Updated the Docker image to: demisto/python3:3.9.7.24076.
GenerateRandomUUID
- Updated the Docker image to: demisto/python3:3.9.7.24076.
RemoveKeyFromList
- Updated the Docker image to: demisto/python3:3.9.7.24076.
InRange
- Updated the Docker image to: demisto/python:2.7.18.24066.
CalculateTimeDifference
- Updated the Docker image to: demisto/python:2.7.18.24066.
WhereFieldEquals
- Updated the Docker image to: demisto/python3:3.9.7.24076.
Base64ListToFile
- Updated the Docker image to: demisto/python:2.7.18.24066.
CompareIncidentsLabels
- Updated the Docker image to: demisto/python:2.7.18.24066.
EncodeToAscii
- Updated the Docker image to: demisto/python:2.7.18.24066.
PadZeros
- Updated the Docker image to: demisto/python3:3.9.7.24076.
GetIndicatorDBotScore
- Updated the Docker image to: demisto/python:2.7.18.24066.
StopScheduledTask
- Updated the Docker image to: demisto/python3:3.9.7.24076.
GenerateRandomString
- Updated the Docker image to: demisto/python:2.7.18.24066.
CopyContextToField
- Updated the Docker image to: demisto/python:2.7.18.24066.
Cut
- Updated the Docker image to: demisto/python3:3.9.7.24076.
IndicatorMaliciousRatioCalculation
- Updated the Docker image to: demisto/python:2.7.18.24066.
ExtractIndicatorsFromTextFile
- Updated the Docker image to: demisto/python:2.7.18.24066.
AddDBotScoreToContext
- Updated the Docker image to: demisto/python3:3.9.7.24076.
IdentifyAttachedEmail
- Updated the Docker image to: demisto/python:2.7.18.24066.
StringToArray
- Updated the Docker image to: demisto/python3:3.9.7.24076.
PrintRaw
- Updated the Docker image to: demisto/python3:3.9.7.24076.
URLSSLVerification
- Updated the Docker image to: demisto/python:2.7.18.24066.
TimeStampCompare
- Updated the Docker image to: demisto/python3:3.9.7.24076.
DockerHardeningCheck
- Updated the Docker image to: demisto/python3:3.9.7.24076.
RunDockerCommand
- Updated the Docker image to: demisto/python:2.7.18.24066.
StopTimeToAssignOnOwnerChange
- Updated the Docker image to: demisto/python:2.7.18.24066.
PositiveDetectionsVSDetectionEngines
- Updated the Docker image to: demisto/python3:3.9.7.24076.
IPToHost
- Updated the Docker image to: demisto/python:2.7.18.24066.
DisplayHTML
- Updated the Docker image to: demisto/python:2.7.18.24066.
PrintErrorEntry
- Updated the Docker image to: demisto/python:2.7.18.24066.
IsEmailAddressInternal
- Updated the Docker image to: demisto/python:2.7.18.24066.
Strings
- Updated the Docker image to: demisto/python:2.7.18.24066.
MarkAsNoteByTag
- Updated the Docker image to: demisto/python:2.7.18.24066.
hideFieldsOnNewIncident
- Updated the Docker image to: demisto/python:2.7.18.24066.
GetIndicatorDBotScoreFromCache
- Updated the Docker image to: demisto/python3:3.9.7.24076.
SetMultipleValues
- Updated the Docker image to: demisto/python:2.7.18.24066.
PrettyPrint
- Updated the Docker image to: demisto/python3:3.9.7.24076.
JSONtoCSV
- Updated the Docker image to: demisto/python:2.7.18.24066.
IncidentFields
- Updated the Docker image to: demisto/python3:3.9.7.24076.
GetFieldsByIncidentType
- Updated the Docker image to: demisto/python3:3.9.7.24076.
SearchIncidentsV2
- Updated the Docker image to: demisto/python3:3.9.7.24076.
IPReputation
- Updated the Docker image to: demisto/python3:3.9.7.24076.
MatchRegexV2
- Updated the Docker image to: demisto/python3:3.9.7.24076.
URLEncode
- Updated the Docker image to: demisto/python3:3.9.7.24076.
IsInCidrRanges
- Updated the Docker image to: demisto/netutils:1.0.0.24101.
IPv4Blacklist
- Updated the Docker image to: demisto/netutils:1.0.0.24101.
IPv4Whitelist
- Updated the Docker image to: demisto/netutils:1.0.0.24101.
IsNotInCidrRanges
- Updated the Docker image to: demisto/netutils:1.0.0.24101.
Scripts
ParseEmailFiles
- Fixed an issue where underscores were not replaced with spaces in MIME encoded headers.
Scripts
Cut
- Fixed an issue where the automation script failed on non UTF-8 characters.
- Updated the Docker image to: demisto/python3:3.9.6.24067.
Scripts
ParseEmailFiles
- Fixed an issue where the automation script failed to process MIME encoded-words.
- Updated the Docker image to: demisto/python:2.7.18.24066.
Scripts
UnEscapeURLs
- URLs with
meow://
andmeows://
are now supported.
ExtractEmailV2
- Email addresses containing [@] are now extracted.
Scripts
ParseEmailFiles
- Fixed an issue where non UTF-8 attachments were decoded to UTF-8.
LoadJSON
- Fixed an issue where the command failed on inputs that contained control characters.
- Updated the Docker image to: demisto/python:2.7.18.24019.
Scripts
GetIndicatorDBotScoreFromCache
- Fixed an issue where the automation script failed to run on indicators with a verdict of Unknown.
- Updated the Docker image to: demisto/python3:3.9.6.24019.
Scripts
ParseEmailFiles
- Fixed an issue where ParseEmailFiles fails on timeout.
- Updated the Docker image to: demisto/python:2.7.18.24019.
Scripts
New: StringToArray
Converts a string to array.
Scripts
ParseEmailFiles
- Fixed an issue where multiple MIME encoded words were not decoded.
- Added default_encoding argument to use while message parsing where encoding fails.
- Added forced_encoding argument to force use that encoding while message parsing.
Scripts
SetGridField
- Breaking Change: Added support for columns with underscores (
_
). Previously underscores in columns were removed automatically by the automation. - Add back support for column names with more than 255 chars (support was removed in v1.4.24).
Scripts
WhereFieldEquals
- Improved handling where the automation failed to run on array which contains strings given in the value argument.
Scripts
New: ExtractAttackPattern
- Fixed an issue where the script extracted invalid Attack Pattern indicators.
Scripts
IPv4Blacklist
- Updated the Docker image to: demisto/netutils:1.0.0.23344.
IPv4Whitelist
- Updated the Docker image to: demisto/netutils:1.0.0.23344.
IsInCidrRanges
- Updated the Docker image to: demisto/netutils:1.0.0.23344.
IsNotInCidrRanges
- Updated the Docker image to: demisto/netutils:1.0.0.23344.
ConvertTableToHTML
- Added support for the headers argument in the
tableToHTML
function.
Scripts
ConvertTableToHTML
- Added the headers argument.
ParseEmailFiles
- Fixed an issue where parsing failed due to empty sub email.
Scripts
ParseEmailFiles
- Added multipart/related to the supported formats.
Scripts
New: SSDeepSimilarity
- This script finds similar files that can be related to each other by fuzzy hash (SSDeep). (Available from Cortex XSOAR 5.5.0).
ParseEmailFiles
- Fixed an issue where S/MIME .eml files were not parsed properly.
Scripts
ExtractDomainAndFQDNFromUrlAndEmail
- Fixed an issue where in some cases ProofPoint safe URLs where not formatted properly.
- Updated the Docker image to: demisto/tld:1.0.0.23423.
Scripts
ExtractFQDNFromUrlAndEmail
- Updated the Docker image to: demisto/tld:1.0.0.23423.
ExtractDomainFromUrlAndEmail
- Updated the Docker image to: demisto/tld:1.0.0.23423.
ExtractDomainAndFQDNFromUrlAndEmail
- Updated the Docker image to: demisto/tld:1.0.0.23423.
SetGridField
- Fixed an issue where the sort_by argument was not respected.
- Added support for multiple columns sort using the sort_by argument.
- Updated the Docker image to: demisto/pandas:1.0.0.23402.
Scripts
GetListRow
- Added the list_separator argument to enable custom list delimiter.
- Updated the Docker image to: demisto/python3:3.8.3.9324.
Scripts
ParseEmailFiles
- Improved decoding of MIME encoded words.
Scripts
New: ExtractAttackPattern
- A formatting script to extract attack pattern value from MITRE ID.
Scripts
JSONFileToCSV
- Updated the Docker image to: demisto/python:2.7.18.22912.
MaliciousRatioReputation
- Updated the Docker image to: demisto/python:2.7.18.20958.
LinkIncidentsWithRetry
- Updated the Docker image to: demisto/python:2.7.18.20958.
SetMultipleValues
- Updated the Docker image to: demisto/python:2.7.18.20958.
TopMaliciousRatioIndicators
- Updated the Docker image to: demisto/python:2.7.18.20958.
SCPPullFiles
- Updated the Docker image to: demisto/python:2.7.18.20958.
UtilAnyResults
- Updated the Docker image to: demisto/python:2.7.18.20958.
SendEmailOnSLABreach
- Updated the Docker image to: demisto/python:2.7.18.20958.
URLNumberOfAds
- Updated the Docker image to: demisto/python:2.7.18.20958.
TextFromHTML
- Updated the Docker image to: demisto/python:2.7.18.20958.
SSDeepReputation
- Updated the Docker image to: demisto/python:2.7.18.20958.
MarkAsNoteByTag
- Updated the Docker image to: demisto/python:2.7.18.20958.
StopScheduledTask
- Updated the Docker image to: demisto/python:2.7.18.20958.
URLReputation
- Updated the Docker image to: demisto/python:2.7.18.20958.
SetTime
- Updated the Docker image to: demisto/python:2.7.18.20958.
PrintContext
- Updated the Docker image to: demisto/python:2.7.18.20958.
SetDateField
- Updated the Docker image to: demisto/python:2.7.18.20958.
LoadJSON
- Updated the Docker image to: demisto/python:2.7.18.20958.
Strings
- Updated the Docker image to: demisto/python:2.7.18.20958.
RunDockerCommand
- Updated the Docker image to: demisto/python:2.7.18.20958.
hideFieldsOnNewIncident
- Updated the Docker image to: demisto/python:2.7.18.20958.
IsIntegrationAvailable
- Updated the Docker image to: demisto/python:2.7.18.20958.
IsEmailAddressInternal
- Updated the Docker image to: demisto/python:2.7.18.20958.
GetStringsDistance
- Updated the Docker image to: demisto/python:2.7.18.20958.
IPToHost
- Updated the Docker image to: demisto/python:2.7.18.20958.
EmailReputation
- Updated the Docker image to: demisto/python:2.7.18.20958.
ChangeRemediationSLAOnSevChange
- Updated the Docker image to: demisto/python:2.7.18.20958.
BinarySearchPy
- Updated the Docker image to: demisto/python:2.7.18.20958.
DomainReputation
- Updated the Docker image to: demisto/python:2.7.18.20958.
ContextContains
- Updated the Docker image to: demisto/python:2.7.18.20958.
IndicatorMaliciousRatioCalculation
- Updated the Docker image to: demisto/python:2.7.18.20958.
DisplayHTML
- Updated the Docker image to: demisto/python:2.7.18.20958.
GenerateRandomString
- Updated the Docker image to: demisto/python:2.7.18.20958.
IsListExist
- Updated the Docker image to: demisto/python:2.7.18.20958.
CloseInvestigationAsDuplicate
- Updated the Docker image to: demisto/python:2.7.18.20958.
CheckSenderDomainDistance
- Updated the Docker image to: demisto/python:2.7.18.20958.
JoinIfSingleElementOnly
- Updated the Docker image to: demisto/python:2.7.18.20958.
FileReputation
- Updated the Docker image to: demisto/python:2.7.18.20958.
Base64ListToFile
- Updated the Docker image to: demisto/python:2.7.18.20958.
IPReputation
- Updated the Docker image to: demisto/python:2.7.18.20958.
ScheduleGenericPolling
- Updated the Docker image to: demisto/python:2.7.18.22912.
RunPollingCommand
- Updated the Docker image to: demisto/python:2.7.18.22912.
PrintErrorEntry
- Updated the Docker image to: demisto/python:2.7.18.20958.
Scripts
ParseEmailFiles
- Fixed an issue where the script fails on timeout intermittently when receiving long emails.
Scripts
ParseEmailFiles
- Added multipart/mixed to the supported formats.
- Updated the Docker image to: demisto/python:2.7.18.22912.
Scripts
URLSSLVerification
- Updated the Docker image to: demisto/python:2.7.18.20958.
ParseEmailFiles
- Updated the Docker image to: demisto/python:2.7.18.20958.
Scripts
ProductJoin
- Updated the Docker image to: demisto/python3:3.9.5.21272.
- Updated the Docker image to: demisto/python3:3.9.5.22665.
RepopulateFiles
- Updated the Docker image to: demisto/python:2.7.18.20958.
- Updated the Docker image to: demisto/python:2.7.18.20958.
DumpJSON
- Updated the Docker image to: demisto/python:2.7.18.20958.
ExtractIndicatorsFromTextFile
- Updated the Docker image to: demisto/python:2.7.18.20958.
CopyContextToField
- Updated the Docker image to: demisto/python:2.7.18.20958.
ConvertToSingleElementArray
- Updated the Docker image to: demisto/python3:3.9.5.21272.
DT
- Updated the Docker image to: demisto/python:2.7.18.20958.
PortListenCheck
- Updated the Docker image to: demisto/python:2.7.18.20958.
- Updated the Docker image to: demisto/python:2.7.18.20958.
GetDockerImageLatestTag
- Updated the Docker image to: demisto/python:2.7.18.20958.
FileToBase64List
- Updated the Docker image to: demisto/python:2.7.18.20958.
CalculateTimeDifference
- Updated the Docker image to: demisto/python:2.7.18.20958.
CompareIncidentsLabels
- Updated the Docker image to: demisto/python:2.7.18.20958.
GetIndicatorDBotScore
- Updated the Docker image to: demisto/python:2.7.18.20958.
ReadFile
- Updated the Docker image to: demisto/python:2.7.18.20958.
- Updated the Docker image to: demisto/python:2.7.18.20958.
InRange
- Updated the Docker image to: demisto/python:2.7.18.20958.
HTTPListRedirects
- Updated the Docker image to: demisto/python:2.7.18.20958.
Cut
- Updated the Docker image to: demisto/python:2.7.18.20958.
EncodeToAscii
- Updated the Docker image to: demisto/python:2.7.18.20958.
FilterByList
- Updated the Docker image to: demisto/python:2.7.18.20958.
IdentifyAttachedEmail
- Updated the Docker image to: demisto/python:2.7.18.20958.
JSONtoCSV
- Updated the Docker image to: demisto/python:2.7.18.20958.
ParseCSV
- Updated the Docker image to: demisto/python:2.7.18.20958.
ReverseList
- Updated the Docker image to: demisto/python:2.7.18.20958.
ResolveShortenedURL
- Updated the Docker image to: demisto/python:2.7.18.20958.
StopTimeToAssignOnOwnerChange
- Updated the Docker image to: demisto/python:2.7.18.20958.
IsInternalHostName
- Updated the Docker image to: demisto/python3:3.9.5.22665.
SetIfEmpty
- Updated the Docker image to: demisto/python:2.7.18.20958.
StripChars
- Updated the Docker image to: demisto/python3:3.9.5.22665.
SetByIncidentId
- Updated the Docker image to: demisto/python:2.7.18.20958.
PopulateCriticalAssets
- Updated the Docker image to: demisto/python3:3.9.5.22665.
Scripts
ParseEmailFiles
- Added multipart/alternative to the supported formats.
CopyNotesToIncident
- Fixed an issue where the automation failed to copy the notes.
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
AssignAnalystToIncident
- Added the ability to exclude users who are currently set to
away
when using random owner assign.
GetDuplicatesMlv2
- Updated the script to execute using the DBot role.
CompareIncidentsLabels
- Updated the script to execute using the DBot role.
CopyContextToField
- Updated the script to execute using the DBot role.
Scripts
ReadPDFFileV2
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/readpdf:1.0.0.19258.
NumberOfPhishingAttemptPerUser
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
ExtractIndicatorsFromWordFile
- Updated the script to execute using the DBot role.
SetAndHandleEmpty
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
Scripts
ParseEmailFiles
- Fixed an issue where some MIME encoded words were not decoded properly.
VerifyJSON
Updated the Docker image to: demisto/powershell:7.1.3.22028.
Scripts
New: ParseHTMLIndicators
- This script will extract indicators from given HTML and will handle bad top-level domains to avoid false positives caused by file extensions. (Available from Cortex XSOAR 5.5.0).
Scripts
ExtractIndicatorsFromTextFile
Updated the script to execute using the DBot role.
Scripts
ExtractIndicatorsFromWordFile
- Updated the Docker image to: demisto/office-utils:2.0.0.21435.
SetGridField
- Updated the Docker image to: demisto/pandas:1.0.0.21648.
GetDuplicatesMlv2
- Updated the Docker image to: demisto/machine-learning:1.0.0.22015.
- Maintenance and stability enhancements.
WordTokenizer
- Updated the Docker image to: demisto/nltk:2.0.0.19143.
Scripts
Base64Decode
- Fixed an issue where the script failed to decode special characters in Windows-1252 encoding.
- Updated the Docker image to: demisto/python3:3.9.5.21272.
Scripts
ShowOnMap
ShowOnMap
can now show addresses (or location descriptions, such as Paloalto Networks Tel Aviv Office
) by calling the GoogleMaps
integration.
Make sure to have a configured instance of GoogleMaps
to utilize this functionality.
Scripts
AssignAnalystToIncident
Changed email comparison from case-sensitive to case-insensitive.
Scripts
ParseEmailFiles_SMIME_FIX
- Fixed an issue where the script would not parse SMIME files.
EmailAskUserResponse
- Fixed an issue where responses with \r characters were not handled properly.
Scripts
SetByIncidentId
- Added the errorUnfinished argument - if set to true, the script will return an error if not all the incidents were modified.
Scripts
VerifyIPv6Indicator
- Fixed an issue where the script did not drop indicators as expected.
- Updated the Docker image to: demisto/python3:3.9.5.21272.
Scripts
New: JsonToTable
- A transformer that accepts a json object and returns a markdown. (Available from Cortex XSOAR 5.5.0).
Scripts
MatchRegexV2
- Documentation and metadata improvements.
- Updated the Docker image to: demisto/python3:3.9.5.21272.
Scripts
ExtractEmailV2
- Fixed an issue where some special characters didn't exist in the email regex.
- Updated the Docker image to: demisto/python3:3.9.5.20958.
Scripts
PCAPMiner
- Documentation and metadata improvements.
GetDuplicatesMlv2
- Documentation and metadata improvements.
- Documentation and metadata improvements.
Scripts
Set
- Documentation and metadata improvements.
Scripts
New: GetIndicatorDBotScoreFromCache
- Get the overall score for the indicator as calculated by DBot. (Available from Cortex XSOAR 6.0.0).
New: AddDBotScoreToContext
- Add DBot score to context for indicators with custom vendor, score, reliability, and type. (Available from Cortex XSOAR 6.0.0).
Scripts
PcapHTTPExtractor
- Fixed an issue where the automation failed to extract pcap files.
- Updated the Docker image to: demisto/pcap-http-extractor:1.0.0.20132.
Scripts
New: ExtractEmailV2
- Formatting script that verifies that an email address is valid and only returns the address if it is valid. (Available from Cortex XSOAR 5.5.0).
- Maintenance and stability enhancements.
GetIndicatorDBotScore
- Fixed an issue where the vendor score was ignored.
Scripts
EmailAskUserResponse
- Fixed an issue where the script failed to parse the response in case the email had an image embedded in it.
Scripts
IsMaliciousIndicatorFound
Fixed an issue where malicious domains were ignored.
If-Then-Else
- Added support for evaluation via custom condition expressions.
Scripts
ExampleJSScript
- Changed
http
example to work withhttp://www.paloaltonetworks.com
.
Scripts
FindSimilarIncidents
- Improve query performance when using hoursBack flag.
Scripts
IsMaliciousIndicatorFound
Fixed an issue where malicious domains were ignored.
Scripts
GetIndicatorDBotScore
Breaking Change Support for multiple indicators is no longer available as a comma-separated string.
Scripts
StixCreator
- Improved implementation of the script in order to support future reputation options.
Scripts
GetDuplicatesMlv2
- Maintenance and stability enhancements.
FindSimilarIncidents
- Maintenance and stability enhancements.
Scripts
DBotAverageScore
- Fixed an issue where average score calculation failed when an indicator had only one DbotScore entry.
Scripts
FeedRelatedIndicatorsWidget
- Fixed an issue where searching more than 10K indicators failed when using ElasticSearch.
- Updated the Docker image to: demisto/python3:3.9.4.18682.
Scripts
AssignAnalystToIncident
- Fixed an issue where the AssignAnalystToIncident command did not use the roles argument when the assignBy argument was set to: machine-learning/, top-user, less-busy-user.
ParseEmailFiles
- Fix an issue where the automation failed to decode emails that contained utf-8 characters.
Scripts
ParseEmailFiles
- Fixed an issue where emails containing an .ics attachment failed to parse.
- Fixed an issue where Polish letters were parsed incorrectly.
Scripts
UnEscapeURLs
- Added support for Proofpoint gov cloud addresses.
Scripts
DeleteContext
- Fixed an issue where unrelated data was stored in the indicator InsightCache while using KeysToKeep in order to keep DBotScore data in the context.
ParseEmailFiles
- Fixed an issue where the script failed to parse an email containing Polish characters.
Scripts
SearchIncidentsV2
- Fixed an issue where the value of an incident ID was an integer and would raise a TypeError exception.
- Updated the Docker image to: demisto/python3:3.9.2.17957.
Scripts
GetIndicatorDBotScore
- Added support for using multiple indicators at once.
Scripts
ParseEmailFiles
- Fixed an issue where the script failed to parse email containing Russian.
Scripts
IsRFC1918Address
- Fixed an issue where the script was not working as a transformer.
- Upgraded the Docker image to: demisto/netutils:1.0.0.14492.
Scripts
GetDuplicatesMlv2
- The script will now run on a separate container.
Scripts
ConvertXmlToJson
- Metadata and documentation enhancements.
IncidentAddSystem
- Metadata and documentation enhancements.
ParseJSON
- Metadata and documentation enhancements.
IsGreaterThan
- Metadata and documentation enhancements.
MathUtil
- Metadata and documentation enhancements.
CreateArray
- Metadata and documentation enhancements.
ConvertXmlFileToJson
- Metadata and documentation enhancements.
UnEscapeIPs
- Metadata and documentation enhancements.
CreateEmailHtmlBody
- Metadata and documentation enhancements.
LessThanPercentage
- Metadata and documentation enhancements.
FileCreateAndUpload
- Metadata and documentation enhancements.
NotInContextVerification
- Metadata and documentation enhancements.
FindSimilarIncidents
- Fixed an issue where the script would not find similar incidents while using the similarIncidentFields argument when given an int type.
- Upgraded the Docker image to: demisto/python:2.7.18.15765.
PortListenCheck
- Metadata and documentation enhancements.
DumpJSON
- Metadata and documentation enhancements.
UnPackFile
- Metadata and documentation enhancements.
Base64EncodeV2
- Upgraded the Docker image to: demisto/python3:3.9.1.15759.
DT
- Metadata and documentation enhancements.
InRange
- Metadata and documentation enhancements.
Scripts
CheckFieldValue
- Fixed an issue where the script was failing for certain fields.
Scripts
CheckContextValue
- Fixed an issue where the script was failing for certain context paths.
Scripts
GetIndicatorDBotScore
- Fixed an issue where the script failed on indicators with Type 'File-256'.
Scripts
New: CheckContextValue
This script checks that a context key exists (and contains data), and optionally checks the value of the context key for a match against an input value.
CheckFieldValue
- Internal code improvements.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
Scripts
GetIndicatorDBotScore
- Fixed an issue where multiple DBotScores were part of a single entry.
Scripts
SetIfEmpty
- Fixed an issue where the script failed on non-ASCII data.
Scripts
RunPollingCommand
- Fixed an issue where the script was failing when given integers or non-English characters as additional arguments.
Scripts
SetGridField
- Fixed an issue where the script failed on an "unhashable type" error.
Scripts
ModifyDateTime
- Fixed an issue where the time zone was ignored.
- Upgraded the Docker image to demisto/python3:3.9.1.15759.
Scripts
SetGridField
- Improved the error messages.
- Fixed an issue where the script failed when an empty value was entered.
- Upgraded the Docker image to demisto/pandas:1.0.0.15584.
Scripts
PcapHTTPExtractor
- Upgraded the Docker image to demisto/pcap-http-extractor:1.0.0.15436.
Scripts
SetGridField
- Improved the error message when a grid ID is incorrect.
Scripts
RunPollingCommand
- Updated the script to execute using the DBot role.
Scripts
FailedInstances
Fixed an issue where testmodule was listed as a failed instance in air-gapped environments.
Scripts
ZipFile
- Updated Docker image to demisto/python_zipfile:1.0.0.12410.
- Added the ability to zip multiple files into one .zip file by passing a CSV list of entry IDs to the entryID argument.
SearchIncidentsV2
- Added a new output, foundIncidents.incidentLink, which is a list containing URL links to all incidents that were found.
- Updated docker image from
3.8.6.13358
to3.8.6.14516
.
Scripts
URLSSLVerification
- Fixed an issue where URLs containing commas were not extracted correctly.
Scripts
DeleteContext
- Fixed an issue where using the keysToKeep argument on a context key which contained an array with duplicate values, would also perform deduplication on the array.
Scripts
RepopulateFiles
- Fixed an issue where the script failed when there were no files to repopulate.
Scripts
GetDomainDNSDetails
- Added missing script output DomainDNSDetails.CNAME - Domain CNAME records.
Scripts
DateStringToISOFormat
- Added the add_utc_timezone argument to indicate whether to add a UTC timezone in case an offset-naive date was provided as an input.
- Updated the Docker image to: demisto/python3:3.8.6.13358
Scripts
ScheduleGenericPolling
- Added support for non-english chars in the ids argument
Scripts
New: ConvertDatetoUTC
- Converts a date from a different timezone to UTC timezone.
Scripts
New: GetDomainDNSDetails
- Returns DNS details for a domain
New: AddKeyToList
- Adds/Replaces a key in key/value store backed by an XSOAR list.
New: RemoveKeyFromList
- Removes a key in key/value store backed by an XSOAR list.
New: CopyNotesToIncident
- Copy all entries marked as notes from current incident to another incident.
New: GenerateRandomUUID
- Generates a random UUID (UUID 4).
Scripts
URLDecode
- Added unit testing and linting.
- Updated the Docker image to: demisto/python3:3.8.6.13358
PCAPMiner
- Deprecated. We recommend using PCAPMinerV2 instead.
- Updated the Docker image to: demisto/dempcap:1.0.0.14059
Scripts
RunPollingCommand
- Added support for non-english chars in the ids argument
Scripts
DeleteContext
Fixed an issue where all of the context data in the current sub-playbook wasn't deleted when all
= yes
and subplaybook
= yes
/auto
.
Scripts
ParseEmailFiles
- Added support for ISO-8859 text in smime.p7m file type.
Scripts
DockerHardeningCheck
- Updated the description with an updated link to the Docker Hardening Guide.
- Updated the Docker image to: demisto/python3:3.8.6.13358.
Scripts
SearchIncidentsV2
- Fixed an issue where multiple context results were outputted for the same incident id.
- Updated the Docker image to: demisto/python3:3.8.6.13358.
Scripts
New: VerifyIPv6Indicator
- Formatting script for ipv6 to verify that the address is a valid IPv6 address.
- Removed the previous formatting script UnEscapeIPv6Indicator.
Scripts
ExtractDomainAndFQDNFromUrlAndEmail
- Fixed an issue where the script recognized emails as a domains.
Scripts
New: OnionURLReputation
- This script adds the reputation to Onion URL indicators. The script is automatically triggered when a Onion URL indicator is auto-extracted. For instance, if you run a Cortex XSOAR CLI on a valid Onion URL, the indicators are extracted automatically and this script is triggered for the extracted indicators.
Scripts
ParseEmailFiles
Fixed an issue where the script does not decode the content payload with its charset.
Scripts
ParseEmailFiles
- Fixed an issue where the script raised an error for emails with an empty file content.
Scripts
ExtractIndicatorsFromTextFile
- Fixed an issue where .txt files with Portuguese characters were not parsed successfully.
Scripts
ExtractDomainAndFQDNFromUrlAndEmail
- Fixed an issue where the script created an empty domain indicator.
- Updated the Docker image to tld:1.0.0.12410.
Scripts
AfterRelativeDate
- Fixed an issue where the script was not initiated properly.
Scripts
ParseEmailFiles
- Fixed an issue where the sending address was invalid in case the email's 'From' header contained '\r\n'.
Scripts
FeedRelatedIndicatorsWidget
- You can now use links, strings and CSVs of links and strings in the Description field.
- Upgraded the Docker image to demisto/python3:3.8.6.12176.
Scripts
UnzipFile
- Updated the Docker image to unzip:1.0.0.12410.
- Fixed an issue where the script failed to extract files with long filename from zip files.
Scripts
SetGridField
- Fixed an issue where the script did not display single dictionary outputs correctly.
Scripts
ParseEmailFiles
- Fixed an issue where parsing failed due to incorrect email payload filtering.
Scripts
UnEscapeIndicatorIPv6
- Fixed an issue where the script did not work as intended.
Scripts
New: AfterRelativeDate
- Added a new filter which checks that given time has happend after relative time
Scripts
FailedInstances
- Returns an empty list in case no failed instances found.
Scripts
SetGridField
- Fixed an issue where the script set values in incorrect fields.
- Upgraded the Docker image to demisto/pandas:1.0.0.12410.
Scripts
New: UnEscapeIndicatorIPv6
Extracts IPv6 addresses from specific characters.
Scripts
New: IsInternalDomainName
This script accepts multiple values for both arguments and will iterate through each of the domains to check if the specified subdomains are located in at least one of the specified main domains. If the tested subdomain is in one of the main domains, the result will be true.
For example, if the domain_to_check values are apps.paloaltonetworks.com and apps.paloaltonetworks.bla and the domains_to_compare values are paloaltonetworks.com and demisto.com, the result for apps.paloaltonetworks.com will be true since it is a part of the paloaltonetworks.com domain. The result for apps.paloaltonetworks.bla will be false since it is not a part of the paloaltonetworks.com or demisto.com domain.
Scripts
SetIfEmpty
- Maintenance and stability enhancements.
Scripts
FindSimilarIncidents
- Fixed an issue where the script did not handle special characters.
Scripts
SearchIncidentsV2
- Improved the description of the size argument.
- Updated the Docker image to: demisto/python3:3.8.6.12176.
Scripts
New: URLEncode
Encodes a URL string by replacing special characters in the string using the %xx
escape. For example: https://example.com converts to https:%2F%2Fexample.com.
Scripts
jmespath
- Fixed an issue where JMESpath transformer didnt handle list data as expected.
- Upgraded the Docker image to demisto/jmespath:1.0.0.10854.
Scripts
SetByIncidentId
Updated the script to execute using the DBot role.
Scripts
New: CheckFieldValue
- This script checks that a field exists (and contains data), and optionally checks the value of the field for a match against an input value. If a regex is not supplied, the script checks that the field is not empty. This script can be used with the "GenericPolling" playbook to poll for field population or that a field contains a specific value.
Scripts
FindSimilarIncidents
Fixed an issue where the script failed to find incidents by numeric field values.
Scripts
Set
Updated documentation and descriptions.
Scripts
WhereFieldEquals
Added the stringify argument.
Scripts
GetIndicatorDBotScore
Fixed an issue where the indicator's Vendor field returned an empty value.
Scripts
New: MatchRegexV2
Extracts regex data from provided text. The script supports groups and looping.
MatchRegex
Deprecated. Use the MatchRegexV2 script instead.
Scripts
IndicatorMaliciousRatioCalculation
Updated the script to execute using the DBot role.
GetDuplicatesMlv2
Updated the script to execute using the LimitedUser role.
DeleteContext
Updated the script to execute using the DBot role.
FindSimilarIncidents
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to demisto/python:2.7.18.10627.
SearchIncidentsV2
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to demisto/python3:3.8.3.9324.
DBotClosedIncidentsPercentage
Updated the script to execute using the DBot role.
MarkRelatedIncidents
Updated the script to execute using the DBot role.
findIncidentsWithIndicator
Updated the script to execute using the DBot role.
Scripts
WhereFieldEquals
- Fixed an issue where the transformer failed on KeyError.
- Updated docker image.
Scripts
DeleteContext
Updated the script to execute using the LimitedUser role.
Scripts
DeleteContext
Updated the script to execute using the DBot role.
Scripts
JSONtoCSV
- Maintenance and stability enhancements.
Scripts
LookupCSV
Added support for values that contain commas in CSV files.
Scripts
SetAndHandleEmpty
The stringify and append parameters now work as expected.
Scripts
ParseEmailFiles
Fixed a bug in which double periods (..
) at a new line due to SMTP standard were not processed correctly.
Scripts
RunPollingCommand
Improved error handling.
Scripts
ParseEmailFiles
- Fixed an issue where S/MIME .eml files were not parsed properly.
Scripts
FeedRelatedIndicatorsWidget
Fixed an issue where the indicator link value was incorrect.
Scripts
WhereFieldEquals
Fixed an issue where WhereFieldEquals
would return a string instead of a list.
Scripts
FailedInstances
This introduces breaking changes for 6.0 and above.
- Tests all integration instances available and returns detailed information about succeeded and failed integration instances.
Scripts
TimeStampCompare
Added a README file with details regarding script usage.
VerifyJSON
Added a README file with details regarding script usage.
Scripts
FeedRelatedIndicatorsWidget
- New widget script for FeedRelatedIndicators section in indicators layouts. Contains information about the relationship between an indicator, entity, such as malware, and other indicators, such as a MITRE ATT&CK indicator, and connects to indicators, if relevant. Add the script to the indicator layout using the Dynamic section.
Scripts
ModifyDateTime
Added a new transformer script that takes a date or time and applies a variation in human-readable
format, such as "in 1 day" or "3 weeks ago".
Scripts
ParseEmailFiles
- Fixed an issue where some attachments were not correctly recognised when the attachment was empty.
Scripts
jmespath
- This is a transformer script that performs a JMESPath search on an input JSON format.
Scripts
FailedInstances
Added several items to context.
- The number of enabled instances.
- The number of failed instances.
- The number of working instances.
- The status of the instance.
Scripts
UnzipFile
- Improved support for .rar files.
Scripts
SearchIncidentsV2
- Fixed the query argument to not support input as array.
Scripts
ParseEmailFiles
- Fixed an issue where some attachments were not correctly recognised.
Scripts
CalculateEntropy
Added the Calculate Entropy automation, which calculates the entropy of the given data.-response=true.
Scripts
GetTime
Fixed an issue where the script failed if it was executed from another script or with raw-response=true.
Scripts
IsUrlPartOfDomain
Changed the way localhost is handled. URLs starting with localhost are universally returned as internal.
Scripts
PrintRaw
- Added new Automation PrintRaw, which prints a raw representation of a string or object, visualising things likes tabs and newlines. This is useful for debugging issues where things aren't behaving as expected, such as when parsing a string with a regular expression.
Scripts
Set
- Improved the description.
SetAndHandleEmpty
- Improved the description.
Scripts
IncreaseIncidentSeverity
The automation optionally increases the incident severity to the new value if it is greater than the existing severity.
Scripts
GenerateSummaryReports
- Fixed script descriptions.