Deprecated Content

Deprecated. Use "PAN-OS EDL Setup v3" playbook instead. Configures an external dynamic list in PAN-OS.
In the event that the file exists on the web server, it will sync it to demisto. Then it will create an EDL object and a matching rule.

Deprecated. Use the "Extract Indicators From File - Generic v2" playbook instead.\
\ Extracts indicators from a file.
Supported file types:

• PDF
• TXT
• HTM, HTML
• DOC, DOCX

Deprecated. Use "Endpoint Enrichment - Generic v2.1" playbook instead. Enrich an Endpoint Hostname using one or more integrations

Deprecated. Use "Endpoint Enrichment - Generic v2.1" playbook instead. Enrich an endpoint by hostname using one or more integrations.
Currently, the following integrations are supported:

• Active Directory
• McAfee ePolicy Orchestrator
• Carbon Black Enterprise Response
• Cylance Protect
• CrowdStrike Falcon Host

Deprecated. We recommend using Process Email - Generic playbook instead. Process email - Add email data to a phishing incident's custom fields

Deprecated. Use the Hunt File Hash playbook instead. Playbook to quickly react to discovery of new IOCs. Receive a list of IOCs as attached text / csv files, extract IOCs using regular expressions and hunt rapidly across the infrastructure using various integrations. Also supports attaching multiple files.

Deprecated. Enrich IP using one or more integrations.

IP enrichment includes:

• Resolve IP to Hostname (DNS)
• Threat information
• Separate internal and external addresses
• IP reputation
• For internal addresses, get host information

Deprecated. Use "Calculate Severity - Generic v2" playbook instead. Calculates and assign the incident severity based on the highest returned severity level from the following severity calculations:

• Indicators DBotScore - Calculates the incident severity level according to the highest indicator DBotScore.
• Critical assets - Determines if a critical assest is associated with the invesigation.
• 3rd-party integrations - Calculates the incident severity level according to the methodology of a 3rd-party integration.

NOTE: the new severity level overwrites the previous severity level even if the previous severity level was more severe.

Deprecated. Use "Get File Sample By Hash - Generic v2" playbook instead. Returns to the war-room a file sample correlating from a hash using one or more products

Deprecated. Use the "PANW - Hunting and threat detection by indicator type V2" playbook instead.

Deprecated. Use "Email Address Enrichment - Generic v2.1" playbook instead. Get email address reputation using one or more integrations

Deprecated. Use "PAN-OS - Block IP and URL - External Dynamic List v2" playbook instead. This playbook blocks IP addresses and URLs using Palo Alto Networks Panorama or Firewall External Dynamic Lists.
It checks if the EDL configuration is in place with the 'PAN-OS EDL Setup' sub-playbook (otherwise the list will be configured), and adds the input IPs and URLs to the relevant lists.

Deprecated. Use "PAN-OS Query Logs For Indicators" playbook instead. Queries traffic logs in a PAN-OS Panorama or Firewall device.

Deprecated. Use "Block IP - Generic v2" playbook instead. This playbook blocks malicious IPs using all integrations that you have enabled.

Supported integrations for this playbook:

• Check Point Firewall
• Palo Alto Networks Minemeld
• Palo Alto Networks Panorama
• Zscaler

Deprecated. Use the Failed Login - Slack v2 playbook instead.

Deprecated. We recommend using Process Email - Generic playbook instead. Add email details into the relevant context entities and handle the case where you have attached original emails.

Deprecated. Use "McAfee ePO Endpoint Compliance Playbook v2" playbook instead. Discover endpoints that are not using the latest McAfee AV Signatures

Deprecated. We recommend using Default playbook instead. Enrich data with reputation from the incident. Data is extracted to the standard locations like File, URL, IP.

Deprecated. We recommend using Entity Enrichment - Generic playbook instead. Enrich data with reputation. Data is expected to be found in the standard locations like File, URL, IP.

Deprecated. A playbook to use the latest Threat Intelligence to hunt across your infrastructure and look for malicious C&C communications.

Deprecated. Use "DBot Create Phishing Classifier V2" playbook instead. Create a phishing classifier using machine learning technique, based on email content

Deprecated. Use "Enrich DXL with ATD verdict v2" playbook instead. Example of using McAfee ATD and pushing any malicious verdicts over DXL.
Detonates a file in ATD and if malicious - push its MD5, SHA1 and SHA256 hashes to McAfee DXL.

Deprecated. Check for duplicate incidents for the current incident, and close it if any duplicate has found.

Deprecated. Use the "Get Mails By Folder Paths" playbook instead.

Deprecated. Use "Malware Investigation - Manual" playbook instead. Master playbook for investigating suspected malware presence on an endpoint.
Labels:

• System: the hostname for the endpoint being investigated

Deprecated. Use the Slack - General Failed Logins v2.1 playbook. When there are three failed login attempts to Demisto that originate from the same user ID, a direct message is sent to the user on Slack requesting that they confirm the activity. If the reply is "no", then the incident severity is set to "high". If the reply is "yes", then another direct message is sent to the user asking if they require a password reset in AD.

Deprecated. Use the Hunt Extracted Hashes V2 playbook instead. This playbook extracts IOCs from the incident details and attached\ \ files using regular expressions and then hunts for hashes on endpoints in the organization\ \ using available tools.\nThe playbook supports multiple types of attachments. For\ \ the full supported attachments list, refer to \"Extract Indicators From\ \ File - Generic v2\".

Deprecated. We recommend using extractIndicators command instead.
Extract indicators from input data.

Deprecated. Generic playbook to collect data from endpoints for IR purposes. Will use whichever integrations are configured and available.

Deprecated. Use "File Enrichment - Generic v2" playbook instead. Enrich a file using one or more integrations.

File enrichment includes:

• File history
• Threat information
• File reputation

Deprecated. Use "DBot Create Phishing Classifier V2" playbook instead. Train the phishing machine learning model. This playbook should be used as job, to run repeatedly, for example every week.

Deprecated. Use the Search Endpoints By Hash playbook. Assume that malicious IOCs are in the right place in the context and start hunting using available tools.

Deprecated. Use Calculate Severity - Critical Assets v2 playbook instead. Determines if a critical assest is associated with the invesigation. The playbook returns a severity level of \"Critical\" if a critical asset is associated with the investigation.\n\nThis playbook verifies if a user account or an endpoint is part of a critical list or a critical AD group.

Deprecated. We recommend using the 'Block Indicators - Generic v2' playbook instead.
This playbook blocks malicious indicators using all integrations that are enabled.

Supported integrations for this playbook:

• Active Directory
• Check Point Firewall
• Palo Alto Networks Minemeld
• Palo Alto Networks Panorama
• Zscaler
• Carbon Black Enterprise Response

Deprecated. Use "Enrich McAfee DXL using 3rd party sandbox v2" playbook instead. Example of bridging DXL to a third party sandbox.
Detonate a file in Wildfire and if malicious - push its MD5, SHA1 and SHA256 hashes to McAfee DXL.

Deprecated. Use the "Palo Alto Networks - Endpoint Malware Investigation v3"\ \ playbook instead. This playbook is triggered by a Palo Alto Networks Cortex threat alert,\ \ generated by Traps. The playbook performs host enrichment for the source host\ \ with Palo Alto Networks Traps, enriches information for the suspicious file with\ \ Palo Alto Networks Minemeld and AutoFocus, and automatically performs file detonation\ \ for the extracted file. It then performs IOC enrichment with Minemeld for all\ \ related IOCs, and calculates the incident severity based on all the findings.\ \ In addition we detonate the file for the full analysis report. \nThe analyst can\ \ perform a manual memory dump for the suspected endpoint based on the incident’s\ \ severity, and choose to isolate the source endpoint with Traps.\nHunting tasks\ \ to find more endpoints that are infected is performed automatically based on a\ \ playbook input, and after all infected endpoints are found, remediation for all\ \ malicious IOCs is performed, including file quarantine, and IP and URLs blocking\ \ with Palo Alto Networks FireWall components such as Dynamic Address Groups and\ \ Custom URL Categories.\nAfter the investigation review the incident is automatically\ \ closed.

Deprecated. Use "Phishing Investigation - Generic v2" playbook instead. Use this playbook to investigate and remediate a potential phishing incident. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself.
The final remediation tasks are always decided by a human analyst.

Deprecated. Verify file sample and hostname information for the "Malware Investigation - Generic" playbook.
If the file sample or hostname are missing, the playbook will attempt to retrieve them using one or more integrations

Deprecated. Manage vulnerability remediation using Qualys data, and optionally enrich data with 3rd-party tools.

Before you run this playbook, run the "Vulnerability Management - Qualys (Job)" playbook.

Deprecated. Use "Account Enrichment - Generic v2.1" playbook instead.\ \ Enrich accounts using one or more integrations. Supported integrations - - Active Directory

Deprecated. Use "Endpoint Malware Investigation - Generic" playbook instead. Investigate a malware using one or more integrations

Deprecated. - Use PAN-OS Commit Configuration instead.\nIf specified as Panorama, will also push the Policies to the specified Device Group in the instance. (please use pan-os-commit-configuration instead)

Deprecated. Use the Search Search Endpoints By Hash - Carbon Black Response V2 playbook instead. Hunt for malicious indicators using Carbon Black.

Deprecated. Use "Domain Enrichment - Generic v2" playbook instead. Enrich Domain using one or more integrations.
Domain enrichment includes:

• Domain reputation
• Threat information

Deprecated. Use PAN-OS EDL Setup v3 playbook instead. Configures an external dynamic list in PAN-OS.\nIn the event that the file exists on the web server, it will sync it to demisto. Then it will create an EDL object and a matching rule.

Deprecated. Use the Search Endpoints By Hash - Generic V2 playbook instead. Hunt using available tools

Deprecated. Triggers a backup task on each firewall appliance and pulls the resulting file into the war room via SCP.

Deprecated. Use "Entity Enrichment - Generic v3" playbook instead. Enrich entities using one or more integrations

Deprecated. Use the QRadar - Get offense correlations v2 instead.\"\nRun on a QRadar offense to get more information\n\n* Get all correlations relevant to the offense\n* Get all logs relevant to the correlations (not done by default, set "GetCorrelationLogs\" to \"True\")\n\nInputs-\n* GetCorrelationLogs (default - False)\n* MaxLogsCount (default - 20)

Deprecated. Use "CrowdStrike Rapid IOC Hunting v2" playbook instead. Hunt for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host.\nAlso use AnalystEmail label to determine where to send an email alert if something is found.

Deprecated. Use "McAfee ePO Repository Compliance Playbook v2" playbook instead. Ensures that ePO servers are updated to the latest McAfee published AV signatures (DAT file version).

Deprecated. Use the "ExtraHop - Ticket Tracking v2" playbook instead.\ \ Links the Demisto incident back to the ExtraHop detection that created it for ticket tracking purposes.

Deprecated. Use the "Account Enrichment - Generic v2.1" playbook instead.\ \ Enrich the accounts under the Account context key with details from relevant integrations such as AD.

Deprecated. Use "Block File - Generic v2" playbook instead. A generic playbook for blocking files from running on endpoints. This playbook currently supports Carbon Black Enterprise Response.

Deprecated. Use "Search Endpoints By Hash - Carbon Black Response V2" playbook instead. Hunt for malicious indicators using Carbon Black

Deprecated. Use "Dedup - Generic v2" playbook instead. This playbook identifies duplicate incidents using one of the supported methods.

Deprecated. Use "URL Enrichment - Generic v2" playbook instead. Enrich URL using one or more integrations.

URL enrichment includes:

• Verify URL SSL
• Threat information
• URL reputaiton
• Take URL screenshot

Deprecated. Add indicators to the relevant Miner using MineMeld.

Deprecated. Check for duplicate incidents for the current incident, and close it if any duplicate has been found by machine-learning find duplicates automation.

Deprecated. Add information about the vulnerability and asset from the "Vulnerability Handling - Qualys" playbook data to the default "Vulnerability" layout.

Deprecated. Use "McAfee ePO Endpoint Connectivity Diagnostics Playbook V2" playbook instead. Perform a check on ePO endpoints to see if any endpoints are unmanaged or lost connectivity with ePO and take steps to return to valid state.

Deprecated. We recommend using Phishing investigation - Generic playbook instead.
This is an automated playbook to investigate suspected Phishing attempts.
It picks up the required information from the incident metadata as created by the mail listener.
Labels:

• Email/from: Email address of the user targeted by the suspected phishing attempt, who reported the email by forwarding it
• Email: the to recipients
• Email/cc: the cc recipients
• Email/format: the format of the email - text / html / etc.
• Email/html: the html body
• Email/text: the text body
• Email/subject: subject of the email
• Email/attachments: list of attachments
• Email/headers: the headers for the email

Deprecated. Use "Account Enrichment - Generic v2.1" playbook instead.\ \ Enrich Accounts using one or more integrations

Deprecated. Get list of Demisto users through the REST API, and alert if any non-SAML user accounts are found.

Deprecated. Use "Email Address Enrichment - Generic v2.1" playbook instead. Enrich email addresses. Email address enrichment involves:

• Getting information from Active Directory for internal addresses
• Getting the domain-squatting reputation for external addresses

Deprecated. Use the "Palo Alto Networks - Hunting And Threat Detection"\ \ playbook instead. Integrations list - Cortex (Traps, PAN-OS, Analytics)\nThis is a multipurpose\ \ playbook used for hunting and threat detection. The playbook receives inputs based\ \ on hashes, IP addresses, or domain names provided manually or from outputs by\ \ other playbooks. \nWith the received indicators, the playbook leverages Palo Alto\ \ Cortex data received by products such as Traps, Analytics and Pan-OS to search\ \ for IP addresses and hosts related to that specific hash. \nThe output provided\ \ by the playbook facilitates pivoting searches for possibly affected hosts, IP\ \ addresses, or users.

Deprecated. Use Active Directory to retrieve detailed information about a user account. The user can be specified by name, email or as an Active Directory Distinguished Name (DN).

Deprecated. Delete Mails with ID's under the context key "ExchangeItemIDs"

Deprecated. Show items in an access rulebase configured in Checkpoint FW.

Deprecated. The sensors branch can retrieve a listing of sensors that collect and feed data to the X-series

Deprecated. Send a notification to another user and add user to the team

Deprecated. This script is deprecated. Use the Exabeam integration instead.

Deprecated. Retrieve information about a PCAP related to the specified event.

Deprecated. Update information for NetWitness SA incidents.

Deprecated. Delete access rule objects configured in Checkpoint FW.

Deprecated. Launch an existing scan.

Deprecated. TaniumAskQuestionComplex - same as the AskQuestion command with additional filtering prepared by the script (an XML subsection added to the request).

Deprecated. Aggregating several context items for IOCs into a single list

Deprecated. Run a query through Splunk and format the results as a table

Deprecated. Blocks IP in configured firewall

Deprecated. Retrieves a list of all roleAssignments.

Deprecated. We recommend using extractIndicators command instead. Extract md5, sha1, sha256 from the given text and place them both as output and in the context of a playbook

Deprecated. Close an investigation

Deprecated. We recommend using extractIndicators command instead. Extract URLs from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON.

Deprecated. Send a request for a formatted result of a saved question. To receive the most up to date data, run the same command twice. See https://kb.tanium.com/SOAP for more information

Deprecated. Classify an incident from mail.

Deprecated. Register/Unregister to address group with Panorama

Deprecated. Mirror an incident to a Slack private channel. You can chose what to mirror with the type argument. A Slack private channel will be created and the incident team invited. Messages on Slack will be reflected in the war room and vice versa.

Deprecated. This script is deprecated. Use the Exabeam integration instead.

Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information.

Deprecated. Extract URLs from the given text and place them both as output and in the context of a playbook

Deprecated. List the number devices that match each IOC in query - limited to sha256, sha1, md5 and domain types

Deprecated. Detection objects contain all the information related to security events detected on the network

Deprecated. This script is deprecated. The demistobot endpoint is no longer supported.

Deprecated. Fetches a specific user when you know the user’s login, please note that one of the parameters bellow is mandatory.

Deprecated. Searches in QRadar

Deprecated. Modify incident info such as name, owner, type, etc.

Deprecated. Extract md5s from the given text and place them both as output and in the context of a playbook

Deprecated. Retrieve the list of User objects stored in Active Directory and include an extended list of attributes and information about each user. Use the "attributes" argument to include additional specific attributes in the results.

Deprecated. Get reputation for any hash or file in the incident details

Deprecated. Evaluate reputation of a hash and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned.

Deprecated. Display information about a host within the given scan. The numerical host ID can be retrieved using NessusScanDetails "hosts" section

Deprecated. Use Active Directory to get common groups between supplied users.

Deprecated. Sets current incident custom fields. (Deprecated. Use the setIncident command to set incident custom fields.)

Deprecated. Returns 'yes' if IP is in subent. Otherwise returns 'no'

Deprecated. Creates a new user with an option of setting password, recovery question & answer. The new user will immediately be able to login after activation with the assigned password. This flow is common when developing a custom user registration experience.

Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information.

Deprecated. This script is deprecated. LightCyber Magna is no longer available.

Deprecated. use "WildFire - Detonate File" playbook instead

Deprecated. The settings information includes S-series sensor and X-series configurations input by the administrator

Deprecated. Set incident severity according to indicators found in an confer alert

Deprecated. This script is deprecated. Use the Exabeam integration instead.

Deprecated. This script is deprecated. LightCyber Magna is no longer available.

Deprecated. Fetch info on specific user

Deprecated. please use the send-mail command instead Send an email with the specified parameters. Attachments are provided as a comma-separated list of entry IDs. Example usage - !SendEmail subject="File from war room" body="Please see the attached file. --DBot" to=jane@acme.com cc=john@acme.com attachIDs=89@3,46@3

Deprecated. Process a suspected email and check URLs, attachments and sender via reputation services

Deprecated. Use Active Directory to retrieve the list of computers that are members of the specified group. Group must be given by its AD Distinguished Name. The \"attributes\" argument receives a comma-separated list of additional attributes you wish to be displayed in the results.\nExample usage - !ADGetGroupComputers groupdn=\"CN=ImportantComputers,DC=demisto,DC=com\" attributes=operatingsystem

Deprecated. List the available ProtectWise sensors or retrieve information for a specific sensor using its id

Deprecated. Use the "panorama-move-rule" command instead.

Deprecated. This script is deprecated. LightCyber Magna is no longer available.

Deprecated. Check the URLs in the incident, or raw text provided as argument, for malicious URLs

Deprecated. While loop is utility script, to do while loops on specific commands or scripts, it will allow you to loop over until ${keyToWatch} field is in the context. Please make sure timeout of the script also sufficient for the loop.

Deprecated. Use Active Directory to retrieve the groups in which the specified computer is a member. The member computer can be specified by name or by DN.

Deprecated. This script is deprecated. Use the Exabeam integration instead.

Deprecated. This script is deprecated. Use the AWS-EC2 integration instead.

Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information.

Deprecated. Display the incident details retrieved from Confer in a readable format

Deprecated. Example of using McAfee ESM (Nitro) with advanced filters

Deprecated. Set a new password for user

Deprecated. This script is deprecated. LightCyber Magna is no longer available.

Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information.

Deprecated. use ParseEmailFiles parse_only_headers=true. This automation parses headers from an email file.

Deprecated. This script is deprecated. Please use the Exchange 2016 Compliance Search integration instead.

Deprecated. Add new comment to existing Jira issue

Deprecated. Iterate on all file artifacts in the investigation and return details of positives

Deprecated. Use Active Directory to retrieve the user associated with the specified email address.

Deprecated. Holds the logic to choose the ePO repositories to operate on when executing the containing playbook. In the simple default script provided, the instance name is picked manually.

Deprecated. Trigger a Server Task in specific ePO servers to pull latest signatures from update server

Deprecated. Retrieve details for a specific event from ProtectWise

Deprecated. use "Detonate File - VMRay playbook instead"

Deprecated. We recommend using extractIndicators command instead. Extract Domains from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON.

Deprecated. Get detections by host id

Deprecated. Evaluate reputation of a URL and Domain and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned.

Deprecated. The health configuration can be used to retrieve system health statistics such as subnet counts, traffic bandwidth, headend and sensor information

Deprecated. Host information includes data that correlates the host data to detected security events

Deprecated. Use the SlackAsk script instead.

Deprecated. Commit configuration to panorama

Deprecated. Use Active Directory to retrieve the email address associated with all users.

Deprecated. Deactivate user

Deprecated. Get AWS EC2 instance details

Deprecated. Finds a CSV file in the war room and loads it into context.

Deprecated. Update a ServiceNow ticket.

Deprecated. Approve all pending actions using the specified package names.

Deprecated. Gets search results

Deprecated. Retrieve events from ProtectWise. If query does not include a time range - default to the last 24 hrs.

Deprecated. Full search through QRadar advance query languages

Deprecated. Retrieves a paginated list of either deleted users or all users in a domain

Deprecated. Use Active Directory to retrieve the email address associated with all users.

Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information.

Deprecated. Show templates of the scan editor including the UUIDs needed to create a new scan.

Deprecated. Creates a new scan

Deprecated. A simple script that outputs a shorter summary of the !whois command output

Deprecated. Use the Elasticsearch v2 integration instead.

Runs an Elasticsearch query and displays results in a table.

Deprecated. Execute an action, optionally with parameters, and filtering - based on an existing package. See https://kb.tanium.com/SOAP for more information

Deprecated. While not MD loop is utility script, to do while loops on specific commands, it will allow you to loop over until some condition is fulfilled (Contents (MD) != value). Please make sure timeout of the script also sufficient for the loop.

Deprecated. Blocks IP with Panorama

Deprecated. Search the messages in the user's mailbox.

Deprecated. This script is deprecated. Use the AWS-EC2 integration instead.

Deprecated. Delete an incident from Demisto (note action is irreversible)

Deprecated. Search mails in Exchange Web Server

Deprecated. Check a list of ePO servers to see if they are up to date.

Deprecated. Get reputation for IPs in the incident or given raw text

Deprecated. Deletes a role assignment.

Deprecated. Common code that will be merged into each server integration when it runs

Deprecated. Show host objects configured in Checkpoint FW.

Deprecated. Retrieve the list of User objects stored in Active Directory. Use the "attributes" argument to include specific attributes in the results.

Deprecated. Gets offenses from qradar

Deprecated. Use Active Directory to check if the specified user is a member of the specified group. Returns simply yes/no. The user can be specified by name, email or as an Active Directory Distinguished Name (DN).

Deprecated. Block one or more IP addresses using Checkpoint Firewall.

Deprecated. Calculate a weighted score based on number of malicious indicators involved in the incident. Each indicator type can have a different weight. Finally if score exceeds certain thresholds, increase incident severity. Thresholds can also be overriden by providing them in arguments.

Deprecated. Identify whether the incident includes an attached file. Optional typefilter argument can be used to only match if the filetype includes that string. Same for filename. Filetype is according to the linux "file" command (filemagic format identification).

Deprecated. Run a query through Splunk and format the results as a markdown with raw data parsed as JSON

Deprecated. Trigger an ePO Client Task to update AV signatures for specific endpoints

Deprecated. Upload a file attachments to an issue

Deprecated. Fetch issue from Jira

Deprecated. Creates (or updates) issue link

Deprecated. use SearchIncidentsV2 instead.

Deprecated. Run Active Directory queries

Deprecated. This script is deprecated. LightCyber Magna is no longer available.

Deprecated. Create a ServiceNow ticket.

Deprecated. Display information about the PCAPs related to the specified ProtectWise Observations.

Deprecated. The recommended way to generate documentation is via the demisto-sdk.
See: https://xsoar.pan.dev/docs/integrations/integration-docs

Deprecated. Use the Elasticsearch v2 integration instead.

Run a search query using Elasticsearch

Deprecated. Check if a context key is set. Can also optionally provide a value argument to compare against context data for this key.

Deprecated. Set panorama configuration

Deprecated. Returns Demisto users

Deprecated. Get report for a scan. Triggers an export in the requested file format, waits 5 minutes for it to complete (or whatever timeout given as an argument) , and downloads the report.

Deprecated. Query ipinfo.io regarding an IP address. Returns a table, or if a specific field is selected, just the value for that field as a string.

Deprecated. Activate user

Deprecated. This script is deprecated. Use the AWS-EC2 integration instead.

Deprecated. This script is deprecated. LightCyber Magna is no longer available.

Deprecated. Query Jira issues

Deprecated. Evaluate reputation of a URL and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned.

Deprecated. Retruns Demisto list

Deprecated. Retrieve the list of Computer objects stored in Active Directory. Use the attributes argument to include specific attributes in the results.

Deprecated. Use the "panorama-get-pcap" command instead.

Deprecated. Classify an incident created from an email originating from Splunk.\nThe mail type should be in plain text, and inline - table should be selected.\nParsing is done in the following manner -\ntype is the header sourcetype, severity is the mail importance level, \nthe incident name is the mail subject and the systems are taken from host.

Deprecated. Display details about the specified ProtectWise Observation.

Deprecated. Set a new password for an Active Directory user

Deprecated. Connect to a checkpoint firewall appliance using SSH and trigger a task to create a configuration backup of the device. The user account being used to access the device must be set to use the SSH shell and not the built in Checkpoint CLI. Consult the Checkpoint documentation for instructions on how to do this.

Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information.

Deprecated. List tickets from ServiceNow

Deprecated. Retrieve events from ProtectWise. If query does not include a time range - default to the last 24 hrs.

Deprecated. This script is deprecated. Use the Exabeam integration instead.

Deprecated. Do WHOIS lookup on multiple domains

Deprecated. TaniumAskQuestionComplex - same as the AskQuestion command with additional filtering prepared by the script (an XML subsection added to the request).

Deprecated. This script is deprecated. Please use the Exchange 2016 Compliance Search integration instead.

Deprecated. Find duplicate incidents candidates. Using machine learning techniques with pre-defined data (can also use data from the local environment), this script takes into consideration different features such as - labels comparison, email labels (relevant for phishing), incident time difference and shared indicators, which can be customized by the arguments.

Deprecated. Create a new issue on Jira

Deprecated. Use UnEscapeURLs instead. Decode ProofPoint URLs to get the actual URLs.

Deprecated. This script is deprecated. Please use the Exchange 2016 Compliance Search integration instead.

Deprecated. Query for ProtectWise observations. Supports a comma-separated list of sensor IDs - will query each sensor with the given parameters.

Deprecated. List all configured instances of ePO integration.

Deprecated. Show information about the specified scan.

Deprecated. Parse an email from an eml or msg file and populate all relevant context data to investigate the email. Also extracts inner attachments and returns them to the war room. The incident labels themselves are preserved and not modified - only the "Label/x" context items that originated from the labels, and the best practice is to rely on these for the remainder of the playbook. Requires pip and access to python repository to install "olefile" package. This script is deprecated, use ParseEmailFiles.

Deprecated. We recommend using extractIndicators command instead. Extract IPs from the given text and place them both as output and in the context of a playbook.

Deprecated. Use Active Directory to retrieve the list of users who are members of the specified group. Group must be given by its AD Distinguished Name. The \"attributes\" argument receives a comma-separated list of additional attributes you wish to be displayed in the results.\nExample usage !ADGetGroupUsers groupdn=CN=Domain Admins,CN=Users,DC=demisto,DC=com attributes=badPwdCount,memberOf

Deprecated. Shows status of a checkpoint task by task uuid.

Deprecated. This script is deprecated. Use the available generic file detonation playbooks instead.

Deprecated. Search Carbon Black for connection to specified md5 hash(es).

Deprecated. The recommended way to generate documentation is via the demisto-sdk.
See: https://xsoar.pan.dev/docs/integrations/integration-docs

Deprecated. Evaluate reputation of an IP and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned.

Deprecated. Check whether the given item is in the allow list

Deprecated. This script is deprecated. LightCyber Magna is no longer available.

Deprecated. Use Active Directory to retrieve the list of users or computers that are members of the specified group. Group must be given by its AD Distinguished Name. The attributes argument receives a comma-separated list of additional attributes you wish to be displayed in the results.nExample usage !ADGetGroupMembers memberType=user groupdn=CN=Administrators,CN=Builtin,DC=acme,DC=int attributes=name,email

Deprecated. Set attributes of an access rule object configured in Checkpoint FW.

Deprecated. Gets the specified message.

Deprecated. Connect to a checkpoint firewall appliance using SSH and retrieve status for backup tasks. The user account being used to access the device must be set to use the SSH shell and not the built in Checkpoint CLI. Consult the Checkpoint documentation for instructions on how to do this.

Deprecated. use "Detonate File - VMRay playbook instead"

Deprecated. Search for Okta users

Deprecated. The script returns a value from context

Deprecated. Update user with a given login, all fields are optional, fields which are not set will not be overriden

Deprecated. Send a request for a formatted result of a saved question. To receive the most up to date data, run the same command twice. See https://kb.tanium.com/SOAP for more information

Deprecated. List devices that match a specific IOC - an IOC ran on them - limited to sha256, sha1, md5 and domain types

Deprecated. This script is deprecated. Use the Cylance integration instead.

Deprecated. Retrieve DAT version currently installed in the given ePO server

Deprecated. Classifying Vectra incidents

Deprecated. Use the "wildfire-report" command instead.

Deprecated. Use Active Directory to retrieve the email address associated with the specified user. The user can be specified by name, email or as an Active Directory Distinguished Name (DN).

Deprecated. Use Active Directory to retrieve the groups in which the specified user is a member. The user can be specified by name, email or as an Active Directory Distinguished Name (DN).

Deprecated. Common code that will be merged into each server integration when it runs

Deprecated. Query a relational DB using SQL

Deprecated. This script is deprecated. Use the AWS-EC2 integration instead.

Deprecated. Send messages to Slack teams

Deprecated. Use the "wildfire-upload" command instead.

Deprecated. Retrieve current status for the specified scan.

Deprecated. Extract Domain from a URL. Domain will include sub-domain as well

Deprecated. Query Virustotal with a file hash

Deprecated. Inserts incident info and labels into context for use inside playbooks.

Deprecated. Use the ad-get-computer command in the Active Directory Query v2 instead.
Use Active Directory to retrieve detailed information about a computer account. The computer can be specified by name, email, or as an Active Directory Distinguished Name (DN).
If no filters are provided, the result will show all computers.

Deprecated. Gets a specific search id

Deprecated. Extract IPs from the given text and place them both as output and in the context of a playbook

Deprecated. Display the list of folders and scans from Nessus.

Deprecated. The rules branch can be used to retrieve a listing of configured Triage rules.

Deprecated. This script is deprecated. Use the AWS-EC2 integration instead.

Deprecated. Query CrowdStrike indicators based on given parameters.

Deprecated. Get all user groups

Deprecated. Expire the password of an Active Directory user.

Deprecated. use the cb-binary command and cb-get-processes command, instead.

Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information.

Deprecated. Returns all Demisto modules (integrations instances)

Deprecated. Get host by id

Deprecated. Check latest version of the DAT AV signature update.

Deprecated. We recommend using extractIndicators command instead. Extract Emails from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON.

Deprecated. This script is deprecated. LightCyber Magna is no longer available.

Deprecated. This script is deprecated. Use the Exabeam integration instead.

Deprecated. Scans ip/hostname with Symantec Endpoint Protection. DEPRECATED - this automation is deprecated as it was replaced by sep-scan-endpoint command in 'Symantec Endpoint Protection V2' integration.

Deprecated. Load the contents and metadata of a PDF file into context.

Deprecated. Summarize a Vectra incident (after incident was put into context)\nThe script extract malicious ip's and hashes if exists

Deprecated. Query CrowdStrike actors based on given parameters. For fields like countries and industries, multiple values can be passed separated by ','.

Deprecated. Human-vetted, Phishing-specific Threat Intelligence from Phishme. Deprecated. Use the Cofense Intelligence integration instead.

Deprecated. Use The Generic SQL integration instead.

Deprecated. Secdo's automated incident response platform hunts threats in real time and delivers an endpoint detection and response solution.

Deprecated. We recommend using ExtraHop Reveal(x) instead. ExtraHop performs real-time stream analysis of the packets that carry data across a network.

Deprecated. Issue tracking product, developed by Atlassian

Deprecated. Search CVE Information - powered by circl.lu

Deprecated. Unified security management and advanced threat protection across hybrid cloud workloads.

Deprecated. We recommend using AlienVault OTX v2 instead. Query IOCs in AlienVault

Deprecated. Perform malware dynamic analysis

Deprecated. Query the Symantec Endpoint Protection Manager using the official REST API- DEPRECATED. Please use Symantec Endpoint Protection V2 integration instead.

Deprecated. Analyzes suspicious domains and IP addresses

Deprecated. Use LockPath KeyLight v2.

Deprecated. Manage Endpoints using Cylance protect

Deprecated. MineMeld streamlines the aggregation, enforcement and sharing of threat intelligence.

Deprecated. ArcSight ESM SIEM by Micro Focus (Formerly HPE Software).

Deprecated. Malware detection and analysis based on code reuse.

Deprecated. SafeBreach simulates attacks across the kill chain, to validate security policy, configuration, and effectiveness. Quantify the real impact of a cyber attack on your systems at any given moment. Identify remediation options. Stay ahead of attackers.

Deprecated. Exchange Web Services and Office 365 (mail)

Deprecated. Magnifier Behavioral Analytics empowers organizations to quickly find and stop the stealthiest network threats.

Deprecated. Mimecast unified email management offers cloud email services for email security, continuity and archiving emails

Deprecated. Use Kenna v2.

Deprecated. Create and Manage Azure Virtual Machines

Deprecated. At the heart of the solution, the Metadefender multi-scanning engine uses 30+ anti-malware engines to scan files for threats, significantly increasing malware detection.

Deprecated. Provides threat analysts and incident response teams with the advanced malware isolation and inspection environment, needed to safely execute advanced malware samples and understand their behavior.

Deprecated. AWS - amazon public cloud , EC2 service

Deprecated. Use the Have I Been Pwned? V2 integration instead. Checks whether emails or domains have been compromised in recent breaches, using the Have I Been Pwned? service.

Deprecated. Creates Access Key and Secret Key for Mimecast API

Deprecated. Malware Information Sharing Platform and Threat Sharing (This integration is deprecated, use MISP V2 instead)

Deprecated. use Shodan v2 instead. Search engine for Internet-connected devices.

Deprecated. Proofpoint's Targeted Attack Protection (TAP) helps protect against and provide additional visibility into phishing and other malicious email attacks.

Deprecated. We recommend using the Cortex Data Lake integration instead. This framework manages all PA's cloud managed products