Deprecated. Use "PAN-OS EDL Setup v3" playbook instead. Configures an external dynamic list in PAN-OS.
In the event that the file exists on the web server, it will sync it to demisto. Then it will create an EDL object and a matching rule.
Deprecated Content
- Details
- Content
- Dependencies
- Version History
- Download With Dependencies
Deprecated Cortex XSOAR content pack.
PUBLISHER
Cortex XSOAR
INFO
Certification | Certified | Read more |
Supported By | Cortex XSOAR | |
Created | July 27, 2020 | |
Last Release | March 30, 2022 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
























































































































DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.Name | Description |
---|---|
PAN-OS EDL Setup v2 | |
Extract Indicators From File - Generic | Deprecated. Use the "Extract Indicators From File - Generic v2" playbook instead.\
|
Endpoint Enrichment - Generic | Deprecated. Use "Endpoint Enrichment - Generic v2.1" playbook instead. Enrich an Endpoint Hostname using one or more integrations |
Endpoint Enrichment - Generic v2 | Deprecated. Use "Endpoint Enrichment - Generic v2.1" playbook instead. Enrich an endpoint by hostname using one or more integrations.
|
Process Email - Add custom fields | Deprecated. We recommend using Process Email - Generic playbook instead. Process email - Add email data to a phishing incident's custom fields |
Rapid IOC Hunting Playbook | Deprecated. Use the Hunt File Hash playbook instead. Playbook to quickly react to discovery of new IOCs. Receive a list of IOCs as attached text / csv files, extract IOCs using regular expressions and hunt rapidly across the infrastructure using various integrations. Also supports attaching multiple files. |
IP Enrichment - Generic | Deprecated. Enrich IP using one or more integrations. IP enrichment includes:
|
Calculate Severity - Generic | Deprecated. Use "Calculate Severity - Generic v2" playbook instead. Calculates and assign the incident severity based on the highest returned severity level from the following severity calculations:
NOTE: the new severity level overwrites the previous severity level even if the previous severity level was more severe. |
Get File Sample By Hash - Generic | Deprecated. Use "Get File Sample By Hash - Generic v2" playbook instead. Returns to the war-room a file sample correlating from a hash using one or more products |
PANW - Hunting and threat detection by indicator type | Deprecated. Use the "PANW - Hunting and threat detection by indicator type V2" playbook instead. |
Email Address Enrichment - Generic | Deprecated. Use "Email Address Enrichment - Generic v2.1" playbook instead. Get email address reputation using one or more integrations |
PAN-OS - Block IP and URL - External Dynamic List | Deprecated. Use "PAN-OS - Block IP and URL - External Dynamic List v2" playbook instead. This playbook blocks IP addresses and URLs using Palo Alto Networks Panorama or Firewall External Dynamic Lists. |
PanoramaQueryTrafficLogs | Deprecated. Use "PAN-OS Query Logs For Indicators" playbook instead. Queries traffic logs in a PAN-OS Panorama or Firewall device. |
Block IP - Generic | Deprecated. Use "Block IP - Generic v2" playbook instead. This playbook blocks malicious IPs using all integrations that you have enabled. Supported integrations for this playbook:
|
Failed Login Playbook With Slack | Deprecated. Use the Failed Login - Slack v2 playbook instead. |
Process Email | Deprecated. We recommend using Process Email - Generic playbook instead. Add email details into the relevant context entities and handle the case where you have attached original emails. |
McAfee ePO Endpoint Compliance Playbook | Deprecated. Use "McAfee ePO Endpoint Compliance Playbook v2" playbook instead. Discover endpoints that are not using the latest McAfee AV Signatures |
Incident Enrichment | Deprecated. We recommend using Default playbook instead. Enrich data with reputation from the incident. Data is extracted to the standard locations like File, URL, IP. |
Enrichment Playbook | Deprecated. We recommend using Entity Enrichment - Generic playbook instead. Enrich data with reputation. Data is expected to be found in the standard locations like File, URL, IP. |
Hunting C&C Communication Playbook | Deprecated. A playbook to use the latest Threat Intelligence to hunt across your infrastructure and look for malicious C&C communications. |
DBot Create Phishing Classifier | Deprecated. Use "DBot Create Phishing Classifier V2" playbook instead. Create a phishing classifier using machine learning technique, based on email content |
Enrich DXL with ATD verdict | Deprecated. Use "Enrich DXL with ATD verdict v2" playbook instead. Example of using McAfee ATD and pushing any malicious verdicts over DXL. |
DeDup incidents | Deprecated. Check for duplicate incidents for the current incident, and close it if any duplicate has found. |
Get Mails By Folder Pathes | Deprecated. Use the "Get Mails By Folder Paths" playbook instead. |
Malware Playbook - Manual | Deprecated. Use "Malware Investigation - Manual" playbook instead. Master playbook for investigating suspected malware presence on an endpoint.
|
Failed Login Playbook - Slack v2 | Deprecated. Use the Slack - General Failed Logins v2.1 playbook. When there are three failed login attempts to Demisto that originate from the same user ID, a direct message is sent to the user on Slack requesting that they confirm the activity. If the reply is "no", then the incident severity is set to "high". If the reply is "yes", then another direct message is sent to the user asking if they require a password reset in AD. |
Hunt Extracted Hashes | Deprecated. Use the Hunt Extracted Hashes V2 playbook instead. This playbook extracts IOCs from the incident details and attached\ \ files using regular expressions and then hunts for hashes on endpoints in the organization\ \ using available tools.\nThe playbook supports multiple types of attachments. For\ \ the full supported attachments list, refer to \"Extract Indicators From\ \ File - Generic v2\". |
Extract Indicators - Generic | Deprecated. We recommend using extractIndicators command instead. |
Endpoint data collection | Deprecated. Generic playbook to collect data from endpoints for IR purposes. Will use whichever integrations are configured and available. |
File Enrichment - Generic | Deprecated. Use "File Enrichment - Generic v2" playbook instead. Enrich a file using one or more integrations. File enrichment includes:
|
DBot Create Phishing Classifier Job | Deprecated. Use "DBot Create Phishing Classifier V2" playbook instead. Train the phishing machine learning model. This playbook should be used as job, to run repeatedly, for example every week. |
Hunt for bad IOCs | Deprecated. Use the Search Endpoints By Hash playbook. Assume that malicious IOCs are in the right place in the context and start hunting using available tools. |
Calculate Severity - Critical assets | Deprecated. Use Calculate Severity - Critical Assets v2 playbook instead. Determines if a critical assest is associated with the invesigation. The playbook returns a severity level of \"Critical\" if a critical asset is associated with the investigation.\n\nThis playbook verifies if a user account or an endpoint is part of a critical list or a critical AD group. |
Block Indicators - Generic | Deprecated. We recommend using the 'Block Indicators - Generic v2' playbook instead. Supported integrations for this playbook:
|
Enrich McAfee DXL using 3rd party sandbox | Deprecated. Use "Enrich McAfee DXL using 3rd party sandbox v2" playbook instead. Example of bridging DXL to a third party sandbox. |
Palo Alto Networks - Endpoint Malware Investigation v2 | Deprecated. Use the "Palo Alto Networks - Endpoint Malware Investigation v3"\ \ playbook instead. This playbook is triggered by a Palo Alto Networks Cortex threat alert,\ \ generated by Traps. The playbook performs host enrichment for the source host\ \ with Palo Alto Networks Traps, enriches information for the suspicious file with\ \ Palo Alto Networks Minemeld and AutoFocus, and automatically performs file detonation\ \ for the extracted file. It then performs IOC enrichment with Minemeld for all\ \ related IOCs, and calculates the incident severity based on all the findings.\ \ In addition we detonate the file for the full analysis report. \nThe analyst can\ \ perform a manual memory dump for the suspected endpoint based on the incident’s\ \ severity, and choose to isolate the source endpoint with Traps.\nHunting tasks\ \ to find more endpoints that are infected is performed automatically based on a\ \ playbook input, and after all infected endpoints are found, remediation for all\ \ malicious IOCs is performed, including file quarantine, and IP and URLs blocking\ \ with Palo Alto Networks FireWall components such as Dynamic Address Groups and\ \ Custom URL Categories.\nAfter the investigation review the incident is automatically\ \ closed. |
Phishing Investigation - Generic | Deprecated. Use "Phishing Investigation - Generic v2" playbook instead. Use this playbook to investigate and remediate a potential phishing incident. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself. |
Malware Investigation - Generic - Setup | Deprecated. Verify file sample and hostname information for the "Malware Investigation - Generic" playbook. |
Vulnerability Handling - Qualys | Deprecated. Manage vulnerability remediation using Qualys data, and optionally enrich data with 3rd-party tools. Before you run this playbook, run the "Vulnerability Management - Qualys (Job)" playbook. |
Account Enrichment - Generic v2 | Deprecated. Use "Account Enrichment - Generic v2.1" playbook instead.\ \ Enrich accounts using one or more integrations. Supported integrations - - Active Directory |
Malware Investigation - Generic | Deprecated. Use "Endpoint Malware Investigation - Generic" playbook instead. Investigate a malware using one or more integrations |
PanoramaCommitConfiguration | Deprecated. - Use PAN-OS Commit Configuration instead.\nIf specified as Panorama, will also push the Policies to the specified Device Group in the instance. (please use pan-os-commit-configuration instead) |
Search Endpoints By Hash - Carbon Black Response | Deprecated. Use the Search Search Endpoints By Hash - Carbon Black Response V2 playbook instead. Hunt for malicious indicators using Carbon Black. |
Domain Enrichment - Generic | Deprecated. Use "Domain Enrichment - Generic v2" playbook instead. Enrich Domain using one or more integrations.
|
PAN-OS EDL Setup | Deprecated. Use PAN-OS EDL Setup v3 playbook instead. Configures an external dynamic list in PAN-OS.\nIn the event that the file exists on the web server, it will sync it to demisto. Then it will create an EDL object and a matching rule. |
Search Endpoints By Hash - Generic | Deprecated. Use the Search Endpoints By Hash - Generic V2 playbook instead. Hunt using available tools |
Checkpoint Firewall Configuration Backup Playbook | Deprecated. Triggers a backup task on each firewall appliance and pulls the resulting file into the war room via SCP. |
Entity Enrichment - Generic | Deprecated. Use "Entity Enrichment - Generic v3" playbook instead. Enrich entities using one or more integrations |
QRadar - Get offense correlations | Deprecated. Use the |
CrowdStrike Rapid IOC Hunting | Deprecated. Use "CrowdStrike Rapid IOC Hunting v2" playbook instead. Hunt for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host.\nAlso use AnalystEmail label to determine where to send an email alert if something is found. |
McAfee ePO Repository Compliance Playbook | Deprecated. Use "McAfee ePO Repository Compliance Playbook v2" playbook instead. Ensures that ePO servers are updated to the latest McAfee published AV signatures (DAT file version). |
ExtraHop - Ticket Tracking | Deprecated. Use the "ExtraHop - Ticket Tracking v2" playbook instead.\ \ Links the Demisto incident back to the ExtraHop detection that created it for ticket tracking purposes. |
Account Enrichment | Deprecated. Use the "Account Enrichment - Generic v2.1" playbook instead.\ \ Enrich the accounts under the Account context key with details from relevant integrations such as AD. |
Block File - Generic | Deprecated. Use "Block File - Generic v2" playbook instead. A generic playbook for blocking files from running on endpoints. This playbook currently supports Carbon Black Enterprise Response. |
Carbon Black Rapid IOC Hunting | Deprecated. Use "Search Endpoints By Hash - Carbon Black Response V2" playbook instead. Hunt for malicious indicators using Carbon Black |
Dedup - Generic | Deprecated. Use "Dedup - Generic v2" playbook instead. This playbook identifies duplicate incidents using one of the supported methods. |
URL Enrichment - Generic | Deprecated. Use "URL Enrichment - Generic v2" playbook instead. Enrich URL using one or more integrations. URL enrichment includes:
|
Add Indicator to Miner - Palo Alto MineMeld | Deprecated. Add indicators to the relevant Miner using MineMeld. |
DeDup incidents - ML | Deprecated. Check for duplicate incidents for the current incident, and close it if any duplicate has been found by machine-learning find duplicates automation. |
Vulnerability Handling - Qualys - Add custom fields to default layout | Deprecated. Add information about the vulnerability and asset from the "Vulnerability Handling - Qualys" playbook data to the default "Vulnerability" layout. |
McAfee ePO Endpoint Connectivity Diagnostics Playbook | Deprecated. Use "McAfee ePO Endpoint Connectivity Diagnostics Playbook V2" playbook instead. Perform a check on ePO endpoints to see if any endpoints are unmanaged or lost connectivity with ePO and take steps to return to valid state. |
Phishing Playbook - Automated | Deprecated. We recommend using Phishing investigation - Generic playbook instead.
|
Account Enrichment - Generic | Deprecated. Use "Account Enrichment - Generic v2.1" playbook instead.\ \ Enrich Accounts using one or more integrations |
Demisto Self-Defense - Account policy monitoring playbook | Deprecated. Get list of Demisto users through the REST API, and alert if any non-SAML user accounts are found. |
Email Address Enrichment - Generic v2 | Deprecated. Use "Email Address Enrichment - Generic v2.1" playbook instead. Enrich email addresses. Email address enrichment involves:
|
PANW - Hunting and threat detection by indicator type V2 | Deprecated. Use the "Palo Alto Networks - Hunting And Threat Detection"\ \ playbook instead. Integrations list - Cortex (Traps, PAN-OS, Analytics)\nThis is a multipurpose\ \ playbook used for hunting and threat detection. The playbook receives inputs based\ \ on hashes, IP addresses, or domain names provided manually or from outputs by\ \ other playbooks. \nWith the received indicators, the playbook leverages Palo Alto\ \ Cortex data received by products such as Traps, Analytics and Pan-OS to search\ \ for IP addresses and hosts related to that specific hash. \nThe output provided\ \ by the playbook facilitates pivoting searches for possibly affected hosts, IP\ \ addresses, or users. |
Name | Description |
---|---|
ADUserLogonInfo | Deprecated. Use Active Directory to retrieve detailed information about a user account. The user can be specified by name, email or as an Active Directory Distinguished Name (DN). |
ExchangeDeleteIDsFromContext | Deprecated. Delete Mails with ID's under the context key "ExchangeItemIDs" |
CPShowAccessRulebase | Deprecated. Show items in an access rulebase configured in Checkpoint FW. |
VectraSensors | Deprecated. The sensors branch can retrieve a listing of sensors that collect and feed data to the X-series |
InviteUser | Deprecated. Send a notification to another user and add user to the team |
XBInfo | Deprecated. This script is deprecated. Use the Exabeam integration instead. |
PWEventPcapInfo | Deprecated. Retrieve information about a PCAP related to the specified event. |
NetwitnessSAUpdateIncident | Deprecated. Update information for NetWitness SA incidents. |
CPDeleteRule | Deprecated. Delete access rule objects configured in Checkpoint FW. |
NessusLaunchScan | Deprecated. Launch an existing scan. |
TaniumAskQuestionComplex | Deprecated. TaniumAskQuestionComplex - same as the AskQuestion command with additional filtering prepared by the script (an XML subsection added to the request). |
AggregateIOCs | Deprecated. Aggregating several context items for IOCs into a single list |
SplunkSearch | Deprecated. Run a query through Splunk and format the results as a table |
BlockIP | Deprecated. Blocks IP in configured firewall |
GoogleappsGetUserRoles | Deprecated. Retrieves a list of all roleAssignments. |
ExtractHash | Deprecated. We recommend using extractIndicators command instead. Extract md5, sha1, sha256 from the given text and place them both as output and in the context of a playbook |
CloseInvestigation | Deprecated. Close an investigation |
ExtractURL | Deprecated. We recommend using extractIndicators command instead. Extract URLs from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON. |
TaniumAskQuestion | Deprecated. Send a request for a formatted result of a saved question. To receive the most up to date data, run the same command twice. See https://kb.tanium.com/SOAP for more information |
DefaultIncidentClassifier | Deprecated. Classify an incident from mail. |
PanoramaDynamicAddressGroup | Deprecated. Register/Unregister to address group with Panorama |
SlackMirror | Deprecated. Mirror an incident to a Slack private channel. You can chose what to mirror with the type argument. A Slack private channel will be created and the incident team invited. Messages on Slack will be reflected in the war room and vice versa. |
XBLockouts | Deprecated. This script is deprecated. Use the Exabeam integration instead. |
DBotPredictPhishingEvaluation | Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information. |
URLExtract | Deprecated. Extract URLs from the given text and place them both as output and in the context of a playbook |
CSCountDevicesForIOC | Deprecated. List the number devices that match each IOC in query - limited to sha256, sha1, md5 and domain types |
VectraDetections | Deprecated. Detection objects contain all the information related to security events detected on the network |
GoogleAuthURL | Deprecated. This script is deprecated. The demistobot endpoint is no longer supported. |
OktaGetUser | Deprecated. Fetches a specific user when you know the user’s login, please note that one of the parameters bellow is mandatory. |
QrSearches | Deprecated. Searches in QRadar |
IncidentSet | Deprecated. Modify incident info such as name, owner, type, etc. |
MD5Extract | Deprecated. Extract md5s from the given text and place them both as output and in the context of a playbook |
ADListUsersEx | Deprecated. Retrieve the list of User objects stored in Active Directory and include an extended list of attributes and information about each user. Use the "attributes" argument to include additional specific attributes in the results. |
BinaryReputationPy | Deprecated. Get reputation for any hash or file in the incident details |
DataHashReputation | Deprecated. Evaluate reputation of a hash and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned. |
NessusHostDetails | Deprecated. Display information about a host within the given scan. The numerical host ID can be retrieved using NessusScanDetails "hosts" section |
ADGetCommonGroups | Deprecated. Use Active Directory to get common groups between supplied users. |
SetIncidentCustomFields | Deprecated. Sets current incident custom fields. (Deprecated. Use the setIncident command to set incident custom fields.) |
IsIPInSubnet | Deprecated. Returns 'yes' if IP is in subent. Otherwise returns 'no' |
OktaCreateUser | Deprecated. Creates a new user with an option of setting password, recovery question & answer. The new user will immediately be able to login after activation with the assigned password. This flow is common when developing a custom user registration experience. |
ClassifierNotifyAdmin | Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information. |
LCMDetectedIndicators | Deprecated. This script is deprecated. LightCyber Magna is no longer available. |
CheckFilesWildfirePy | Deprecated. use "WildFire - Detonate File" playbook instead |
VectraSettings | Deprecated. The settings information includes S-series sensor and X-series configurations input by the administrator |
ConferSetSeverity | Deprecated. Set incident severity according to indicators found in an confer alert |
XBNotable | Deprecated. This script is deprecated. Use the Exabeam integration instead. |
LCMResolveHost | Deprecated. This script is deprecated. LightCyber Magna is no longer available. |
GoogleappsGetUser | Deprecated. Fetch info on specific user |
SendEmail | Deprecated. please use the send-mail command instead Send an email with the specified parameters. Attachments are provided as a comma-separated list of entry IDs. Example usage - !SendEmail subject="File from war room" body="Please see the attached file. --DBot" to=jane@acme.com cc=john@acme.com attachIDs=89@3,46@3 |
TriagePhishing | Deprecated. Process a suspected email and check URLs, attachments and sender via reputation services |
ADGetGroupComputers | Deprecated. Use Active Directory to retrieve the list of computers that are members of the specified group. Group must be given by its AD Distinguished Name. The \"attributes\" argument receives a comma-separated list of additional attributes you wish to be displayed in the results.\nExample usage - !ADGetGroupComputers groupdn=\"CN=ImportantComputers,DC=demisto,DC=com\" attributes=operatingsystem |
PWSensors | Deprecated. List the available ProtectWise sensors or retrieve information for a specific sensor using its id |
PanoramaMove | Deprecated. Use the "panorama-move-rule" command instead. |
LCMDetectedEntities | Deprecated. This script is deprecated. LightCyber Magna is no longer available. |
CheckURLs | Deprecated. Check the URLs in the incident, or raw text provided as argument, for malicious URLs |
WhileNotExistLoop | Deprecated. While loop is utility script, to do while loops on specific commands or scripts, it will allow you to loop over until ${keyToWatch} field is in the context. Please make sure timeout of the script also sufficient for the loop. |
ADGetComputerGroups | Deprecated. Use Active Directory to retrieve the groups in which the specified computer is a member. The member computer can be specified by name or by DN. |
XBTriggeredRules | Deprecated. This script is deprecated. Use the Exabeam integration instead. |
AwsStartInstance | Deprecated. This script is deprecated. Use the AWS-EC2 integration instead. |
DBotPredictTextLabel | Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information. |
ConferIncidentDetails | Deprecated. Display the incident details retrieved from Confer in a readable format |
EsmExample | Deprecated. Example of using McAfee ESM (Nitro) with advanced filters |
OktaSetPassword | Deprecated. Set a new password for user |
LCMIndicatorsForEntity | Deprecated. This script is deprecated. LightCyber Magna is no longer available. |
DBotTrainTextClassifier | Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information. |
ParseEmailHeaders | Deprecated. use |
ExchangeSearchMailbox | Deprecated. This script is deprecated. Please use the Exchange 2016 Compliance Search integration instead. |
JiraIssueAddComment | Deprecated. Add new comment to existing Jira issue |
CheckFiles | Deprecated. Iterate on all file artifacts in the investigation and return details of positives |
ADGetUsersByEmail | Deprecated. Use Active Directory to retrieve the user associated with the specified email address. |
EPODetermineRepository | Deprecated. Holds the logic to choose the ePO repositories to operate on when executing the containing playbook. In the simple default script provided, the instance name is picked manually. |
EPOUpdateRepository | Deprecated. Trigger a Server Task in specific ePO servers to pull latest signatures from update server |
PWEventDetails | Deprecated. Retrieve details for a specific event from ProtectWise |
vmray_getResults | Deprecated. use "Detonate File - VMRay playbook instead" |
ExtractDomain | Deprecated. We recommend using extractIndicators command instead. Extract Domains from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON. |
VectraGetDetetctionsById | Deprecated. Get detections by host id |
DataDomainReputation | Deprecated. Evaluate reputation of a URL and Domain and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned. |
VectraHealth | Deprecated. The health configuration can be used to retrieve system health statistics such as subnet counts, traffic bandwidth, headend and sensor information |
VectraHosts | Deprecated. Host information includes data that correlates the host data to detected security events |
SlackAskUser | Deprecated. Use the SlackAsk script instead. |
PanoramaCommit | Deprecated. Commit configuration to panorama |
ADGetEmailForAllUsers | Deprecated. Use Active Directory to retrieve the email address associated with all users. |
OktaDeactivateUser | Deprecated. Deactivate user |
AwsGetInstanceInfo | Deprecated. Get AWS EC2 instance details |
IngestCSV | Deprecated. Finds a CSV file in the war room and loads it into context. |
SNUpdateTicket | Deprecated. Update a ServiceNow ticket. |
TaniumApprovePendingActions | Deprecated. Approve all pending actions using the specified package names. |
QrGetSearchResults | Deprecated. Gets search results |
PWFindEvents | Deprecated. Retrieve events from ProtectWise. If query does not include a time range - default to the last 24 hrs. |
QrFullSearch | Deprecated. Full search through QRadar advance query languages |
GoogleappsListUsers | Deprecated. Retrieves a paginated list of either deleted users or all users in a domain |
ADGetAllUsersEmail | Deprecated. Use Active Directory to retrieve the email address associated with all users. |
DBotPreparePhishingData | Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information. |
NessusShowEditorTemplates | Deprecated. Show templates of the scan editor including the UUIDs needed to create a new scan. |
NessusCreateScan | Deprecated. Creates a new scan |
WhoisSummary | Deprecated. A simple script that outputs a shorter summary of the !whois command output |
ElasticSearchDisplay | Deprecated. Use the Elasticsearch v2 integration instead. Runs an Elasticsearch query and displays results in a table. |
TaniumDeployAction | Deprecated. Execute an action, optionally with parameters, and filtering - based on an existing package. See https://kb.tanium.com/SOAP for more information |
WhileNotMdLoop | Deprecated. While not MD loop is utility script, to do while loops on specific commands, it will allow you to loop over until some condition is fulfilled (Contents (MD) != value). Please make sure timeout of the script also sufficient for the loop. |
PanoramaBlockIP | Deprecated. Blocks IP with Panorama |
GoogleappsGmailSearch | Deprecated. Search the messages in the user's mailbox. |
AwsRunInstance | Deprecated. This script is deprecated. Use the AWS-EC2 integration instead. |
DemistoDeleteIncident | Deprecated. Delete an incident from Demisto (note action is irreversible) |
ExchangeSearch | Deprecated. Search mails in Exchange Web Server |
EPORepositoryComplianceCheck | Deprecated. Check a list of ePO servers to see if they are up to date. |
CheckIPs | Deprecated. Get reputation for IPs in the incident or given raw text |
GoogleappsRevokeUserRole | Deprecated. Deletes a role assignment. |
CommonIntegrationPython | Deprecated. Common code that will be merged into each server integration when it runs |
CPShowHosts | Deprecated. Show host objects configured in Checkpoint FW. |
ADListUsers | Deprecated. Retrieve the list of User objects stored in Active Directory. Use the "attributes" argument to include specific attributes in the results. |
QrOffenses | Deprecated. Gets offenses from qradar |
ADIsUserMember | Deprecated. Use Active Directory to check if the specified user is a member of the specified group. Returns simply yes/no. The user can be specified by name, email or as an Active Directory Distinguished Name (DN). |
CPBlockIP | Deprecated. Block one or more IP addresses using Checkpoint Firewall. |
SetSeverityByScore | Deprecated. Calculate a weighted score based on number of malicious indicators involved in the incident. Each indicator type can have a different weight. Finally if score exceeds certain thresholds, increase incident severity. Thresholds can also be overriden by providing them in arguments. |
LocateAttachment | Deprecated. Identify whether the incident includes an attached file. Optional typefilter argument can be used to only match if the filetype includes that string. Same for filename. Filetype is according to the linux "file" command (filemagic format identification). |
SplunkSearchJsonPy | Deprecated. Run a query through Splunk and format the results as a markdown with raw data parsed as JSON |
EPOUpdateEndpoints | Deprecated. Trigger an ePO Client Task to update AV signatures for specific endpoints |
JiraIssueUploadFile | Deprecated. Upload a file attachments to an issue |
JiraGetIssue | Deprecated. Fetch issue from Jira |
JiraIssueAddLink | Deprecated. Creates (or updates) issue link |
SearchIncidents | Deprecated. use SearchIncidentsV2 instead. |
AdSearch | Deprecated. Run Active Directory queries |
LCMAcknowledgeHost | Deprecated. This script is deprecated. LightCyber Magna is no longer available. |
SNOpenTicket | Deprecated. Create a ServiceNow ticket. |
PWObservationPcapInfo | Deprecated. Display information about the PCAPs related to the specified ProtectWise Observations. |
DocumentationAutomation | Deprecated. The recommended way to generate documentation is via the demisto-sdk. |
Elasticsearch | Deprecated. Use the Elasticsearch v2 integration instead. Run a search query using Elasticsearch |
IsContextSet | Deprecated. Check if a context key is set. Can also optionally provide a value argument to compare against context data for this key. |
PanoramaConfig | Deprecated. Set panorama configuration |
ExposeUsers | Deprecated. Returns Demisto users |
NessusGetReport | Deprecated. Get report for a scan. Triggers an export in the requested file format, waits 5 minutes for it to complete (or whatever timeout given as an argument) , and downloads the report. |
IPInfoQuery | Deprecated. Query ipinfo.io regarding an IP address. Returns a table, or if a specific field is selected, just the value for that field as a string. |
OktaActivateUser | Deprecated. Activate user |
AwsStopInstance | Deprecated. This script is deprecated. Use the AWS-EC2 integration instead. |
LCMPathFinderScanHost | Deprecated. This script is deprecated. LightCyber Magna is no longer available. |
JiraIssueQuery | Deprecated. Query Jira issues |
DataURLReputation | Deprecated. Evaluate reputation of a URL and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned. |
ExposeList | Deprecated. Retruns Demisto list |
ADListComputers | Deprecated. Retrieve the list of Computer objects stored in Active Directory. Use the attributes argument to include specific attributes in the results. |
PanoramaPcaps | Deprecated. Use the "panorama-get-pcap" command instead. |
SplunkEmailParser | Deprecated. Classify an incident created from an email originating from Splunk.\nThe mail type should be in plain text, and inline - table should be selected.\nParsing is done in the following manner -\ntype is the header sourcetype, severity is the mail importance level, \nthe incident name is the mail subject and the systems are taken from host. |
PWObservationDetails | Deprecated. Display details about the specified ProtectWise Observation. |
ADSetNewPassword | Deprecated. Set a new password for an Active Directory user |
CPCreateBackup | Deprecated. Connect to a checkpoint firewall appliance using SSH and trigger a task to create a configuration backup of the device. The user account being used to access the device must be set to use the SSH shell and not the built in Checkpoint CLI. Consult the Checkpoint documentation for instructions on how to do this. |
getMlFeatures | Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information. |
SNListTickets | Deprecated. List tickets from ServiceNow |
PWEvents | Deprecated. Retrieve events from ProtectWise. If query does not include a time range - default to the last 24 hrs. |
XBTimeline | Deprecated. This script is deprecated. Use the Exabeam integration instead. |
WhoisLookup | Deprecated. Do WHOIS lookup on multiple domains |
TaniumFindRunningProcesses | Deprecated. TaniumAskQuestionComplex - same as the AskQuestion command with additional filtering prepared by the script (an XML subsection added to the request). |
ExchangeAssignRole | Deprecated. This script is deprecated. Please use the Exchange 2016 Compliance Search integration instead. |
GetDuplicatesMl | Deprecated. Find duplicate incidents candidates. Using machine learning techniques with pre-defined data (can also use data from the local environment), this script takes into consideration different features such as - labels comparison, email labels (relevant for phishing), incident time difference and shared indicators, which can be customized by the arguments. |
JiraCreateIssue | Deprecated. Create a new issue on Jira |
ProofpointDecodeURL | Deprecated. Use UnEscapeURLs instead. Decode ProofPoint URLs to get the actual URLs. |
ExchangeDeleteMail | Deprecated. This script is deprecated. Please use the Exchange 2016 Compliance Search integration instead. |
PWObservations | Deprecated. Query for ProtectWise observations. Supports a comma-separated list of sensor IDs - will query each sensor with the given parameters. |
EPORepoList | Deprecated. List all configured instances of ePO integration. |
NessusScanDetails | Deprecated. Show information about the specified scan. |
ParseEmailFile | Deprecated. Parse an email from an eml or msg file and populate all relevant context data to investigate the email. Also extracts inner attachments and returns them to the war room. The incident labels themselves are preserved and not modified - only the "Label/x" context items that originated from the labels, and the best practice is to rely on these for the remainder of the playbook. Requires pip and access to python repository to install "olefile" package. This script is deprecated, use ParseEmailFiles. |
ExtractIP | Deprecated. We recommend using extractIndicators command instead. Extract IPs from the given text and place them both as output and in the context of a playbook. |
ADGetGroupUsers | Deprecated. Use Active Directory to retrieve the list of users who are members of the specified group. Group must be given by its AD Distinguished Name. The \"attributes\" argument receives a comma-separated list of additional attributes you wish to be displayed in the results.\nExample usage !ADGetGroupUsers groupdn=CN=Domain Admins,CN=Users,DC=demisto,DC=com attributes=badPwdCount,memberOf |
CPTaskStatus | Deprecated. Shows status of a checkpoint task by task uuid. |
SandboxDetonateFile | Deprecated. This script is deprecated. Use the available generic file detonation playbooks instead. |
CBFindHash | Deprecated. Search Carbon Black for connection to specified md5 hash(es). |
HTMLDocsAutomation | Deprecated. The recommended way to generate documentation is via the demisto-sdk. |
DataIPReputation | Deprecated. Evaluate reputation of an IP and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned. |
CheckWhitelist | Deprecated. Check whether the given item is in the allow list |
LCMHosts | Deprecated. This script is deprecated. LightCyber Magna is no longer available. |
ADGetGroupMembers | Deprecated. Use Active Directory to retrieve the list of users or computers that are members of the specified group. Group must be given by its AD Distinguished Name. The attributes argument receives a comma-separated list of additional attributes you wish to be displayed in the results.nExample usage !ADGetGroupMembers memberType=user groupdn=CN=Administrators,CN=Builtin,DC=acme,DC=int attributes=name,email |
CPSetRule | Deprecated. Set attributes of an access rule object configured in Checkpoint FW. |
GoogleappsGmailGetMail | Deprecated. Gets the specified message. |
CPShowBackupStatus | Deprecated. Connect to a checkpoint firewall appliance using SSH and retrieve status for backup tasks. The user account being used to access the device must be set to use the SSH shell and not the built in Checkpoint CLI. Consult the Checkpoint documentation for instructions on how to do this. |
VMRay | Deprecated. use "Detonate File - VMRay playbook instead" |
OktaSearch | Deprecated. Search for Okta users |
GetContextValue | Deprecated. The script returns a value from context |
OktaUpdateUser | Deprecated. Update user with a given login, all fields are optional, fields which are not set will not be overriden |
TaniumShowPendingActions | Deprecated. Send a request for a formatted result of a saved question. To receive the most up to date data, run the same command twice. See https://kb.tanium.com/SOAP for more information |
CSHuntByIOC | Deprecated. List devices that match a specific IOC - an IOC ran on them - limited to sha256, sha1, md5 and domain types |
CYFileRep | Deprecated. This script is deprecated. Use the Cylance integration instead. |
EPORetrieveCurrentDATVersion | Deprecated. Retrieve DAT version currently installed in the given ePO server |
VectraClassifier | Deprecated. Classifying Vectra incidents |
WildfireReport | Deprecated. Use the "wildfire-report" command instead. |
ADGetEmailForUser | Deprecated. Use Active Directory to retrieve the email address associated with the specified user. The user can be specified by name, email or as an Active Directory Distinguished Name (DN). |
ADGetUserGroups | Deprecated. Use Active Directory to retrieve the groups in which the specified user is a member. The user can be specified by name, email or as an Active Directory Distinguished Name (DN). |
CommonIntegration | Deprecated. Common code that will be merged into each server integration when it runs |
RunSqlQuery | Deprecated. Query a relational DB using SQL |
AwsCreateImage | Deprecated. This script is deprecated. Use the AWS-EC2 integration instead. |
SlackSend | Deprecated. Send messages to Slack teams |
WildfireUpload | Deprecated. Use the "wildfire-upload" command instead. |
NessusScanStatus | Deprecated. Retrieve current status for the specified scan. |
ExtractDomainFromURL | Deprecated. Extract Domain from a URL. Domain will include sub-domain as well |
VirustotalIsMalicious | Deprecated. Query Virustotal with a file hash |
IncidentToContext | Deprecated. Inserts incident info and labels into context for use inside playbooks. |
ADGetComputer | Deprecated. Use the ad-get-computer command in the Active Directory Query v2 instead. |
QrGetSearch | Deprecated. Gets a specific search id |
IPExtract | Deprecated. Extract IPs from the given text and place them both as output and in the context of a playbook |
NessusListScans | Deprecated. Display the list of folders and scans from Nessus. |
VectraTriage | Deprecated. The rules branch can be used to retrieve a listing of configured Triage rules. |
AwsCreateVolumeSnapshot | Deprecated. This script is deprecated. Use the AWS-EC2 integration instead. |
CSIndicators | Deprecated. Query CrowdStrike indicators based on given parameters. |
OktaGetGroups | Deprecated. Get all user groups |
ADExpirePassword | Deprecated. Expire the password of an Active Directory user. |
CBSearch | Deprecated. use the cb-binary command and cb-get-processes command, instead. |
DBotPredictPhishingLabel | Deprecated. This script is deprecated. See https://xsoar.pan.dev/docs/reference/playbooks/d-bot-create-phishing-classifier-v2 for more information. |
ExposeModules | Deprecated. Returns all Demisto modules (integrations instances) |
VectraGetHostById | Deprecated. Get host by id |
EPOCheckLatestDAT | Deprecated. Check latest version of the DAT AV signature update. |
ExtractEmail | Deprecated. We recommend using extractIndicators command instead. Extract Emails from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON. |
LCMSetHostComment | Deprecated. This script is deprecated. LightCyber Magna is no longer available. |
XBUser | Deprecated. This script is deprecated. Use the Exabeam integration instead. |
SEPScan | Deprecated. Scans ip/hostname with Symantec Endpoint Protection. DEPRECATED - this automation is deprecated as it was replaced by |
ReadPDFFile | Deprecated. Load the contents and metadata of a PDF file into context. |
VectraSummary | Deprecated. Summarize a Vectra incident (after incident was put into context)\nThe script extract malicious ip's and hashes if exists |
CSActors | Deprecated. Query CrowdStrike actors based on given parameters. For fields like countries and industries, multiple values can be passed separated by ','. |
Name | Description |
---|---|
Phishme Intelligence (Deprecated) | Deprecated. Human-vetted, Phishing-specific Threat Intelligence from Phishme. Deprecated. Use the Cofense Intelligence integration instead. |
PostgreSQL (Deprecated) | Deprecated. Use The Generic SQL integration instead. |
Secdo (Deprecated) | Deprecated. Secdo's automated incident response platform hunts threats in real time and delivers an endpoint detection and response solution. |
ExtraHop (Deprecated) | Deprecated. We recommend using ExtraHop Reveal(x) instead. ExtraHop performs real-time stream analysis of the packets that carry data across a network. |
Atlassian Jira (Deprecated) | Deprecated. Issue tracking product, developed by Atlassian |
CVE Search (Deprecated) | Deprecated. Search CVE Information - powered by circl.lu |
Azure Security Center (Deprecated) | Deprecated. Unified security management and advanced threat protection across hybrid cloud workloads. |
AlienVault OTX (Deprecated) | Deprecated. We recommend using AlienVault OTX v2 instead. Query IOCs in AlienVault |
Palo Alto Networks WildFire (Deprecated) | Deprecated. Perform malware dynamic analysis |
Symantec Endpoint Protection 14 (Deprecated) | Deprecated. Query the Symantec Endpoint Protection Manager using the official REST API- DEPRECATED. Please use Symantec Endpoint Protection V2 integration instead. |
Cymon (Deprecated) | Deprecated. Analyzes suspicious domains and IP addresses |
Lockpath KeyLight (Deprecated) | Deprecated. Use LockPath KeyLight v2. |
Cylance Protect (Deprecated) | Deprecated. Manage Endpoints using Cylance protect |
Palo Alto Networks MineMeld (Deprecated) | Deprecated. MineMeld streamlines the aggregation, enforcement and sharing of threat intelligence. |
ArcSight ESM (Deprecated) | Deprecated. ArcSight ESM SIEM by Micro Focus (Formerly HPE Software). |
Intezer (Deprecated) | Deprecated. Malware detection and analysis based on code reuse. |
SafeBreach (Deprecated) | Deprecated. SafeBreach simulates attacks across the kill chain, to validate security policy, configuration, and effectiveness. Quantify the real impact of a cyber attack on your systems at any given moment. Identify remediation options. Stay ahead of attackers. |
EWS (Deprecated) | Deprecated. Exchange Web Services and Office 365 (mail) |
Palo Alto Networks Magnifier (Deprecated) | Deprecated. Magnifier Behavioral Analytics empowers organizations to quickly find and stop the stealthiest network threats. |
Mimecast (Deprecated) | Deprecated. Mimecast unified email management offers cloud email services for email security, continuity and archiving emails |
Kenna (Deprecated) | Deprecated. Use Kenna v2. |
Azure Compute (Deprecated) | Deprecated. Create and Manage Azure Virtual Machines |
OPSWAT-Metadefender (Deprecated) | Deprecated. At the heart of the solution, the Metadefender multi-scanning engine uses 30+ anti-malware engines to scan files for threats, significantly increasing malware detection. |
Lastline (Deprecated) | Deprecated. Provides threat analysts and incident response teams with the advanced malware isolation and inspection environment, needed to safely execute advanced malware samples and understand their behavior. |
Amazon Web Services (Deprecated) | Deprecated. AWS - amazon public cloud , EC2 service |
Have I Been Pwned? (Deprecated) | Deprecated. Use the Have I Been Pwned? V2 integration instead. Checks whether emails or domains have been compromised in recent breaches, using the Have I Been Pwned? service. |
Mimecast Authentication (Deprecated) | Deprecated. Creates Access Key and Secret Key for Mimecast API |
MISP (Deprecated) | Deprecated. Malware Information Sharing Platform and Threat Sharing (This integration is deprecated, use MISP V2 instead) |
Shodan (Deprecated) | Deprecated. use Shodan v2 instead. Search engine for Internet-connected devices. |
Proofpoint TAP (Deprecated) | Deprecated. Proofpoint's Targeted Attack Protection (TAP) helps protect against and provide additional visibility into phishing and other malicious email attacks. |
Palo Alto Networks Cortex (Deprecated) | Deprecated. We recommend using the Cortex Data Lake integration instead. This framework manages all PA's cloud managed products |
Pack Name | Pack By |
---|---|
nessus | By: Cortex XSOAR |
CommonPlaybooks | By: Cortex XSOAR |
Base | By: Cortex XSOAR |
CrowdStrikeHost | By: Cortex XSOAR |
McAfee-TIE | By: Cortex XSOAR |
CommonTypes | By: Cortex XSOAR |
CarbonBlackProtect | By: Cortex XSOAR |
EWS | By: Cortex XSOAR |
McAfee-MAR | By: Cortex XSOAR |
Jira | By: Cortex XSOAR |
CommonScripts | By: Cortex XSOAR |
ProtectWise | By: Cortex XSOAR |
VirusTotal-Private_API | By: Partner |
Slack | By: Cortex XSOAR |
Vectra | By: Cortex XSOAR |
PAN-OS | By: Cortex XSOAR |
Active_Directory_Query | By: Cortex XSOAR |
Zscaler | By: Cortex XSOAR |
SentinelOne | By: Cortex XSOAR |
Twilio | By: Cortex XSOAR |
CheckpointFirewall | By: Cortex XSOAR |
AutoFocus | By: Cortex XSOAR |
VMRay | By: Partner |
RemoteAccess | By: Cortex XSOAR |
qualys | By: Cortex XSOAR |
Rapid7_Nexpose | By: Cortex XSOAR |
Cybereason | By: Cortex XSOAR |
Okta | By: Cortex XSOAR |
ipinfo | By: Cortex XSOAR |
ExtraHop | By: Partner |
CrowdStrikeIntel | By: Cortex XSOAR |
QRadar | By: Cortex XSOAR |
DemistoRESTAPI | By: Cortex XSOAR |
Tanium | By: Cortex XSOAR |
SymantecEndpointProtection | By: Cortex XSOAR |
McAfee_DXL | By: Cortex XSOAR |
PaloAltoNetworks_PAN_OS_EDL_Management | By: Cortex XSOAR |
Carbon_Black_Enterprise_Response | By: Cortex XSOAR |
Palo_Alto_Networks_WildFire | By: Cortex XSOAR |
CuckooSandbox | By: Cortex XSOAR |
rasterize | By: Cortex XSOAR |
CVESearch | By: Cortex XSOAR |
Cylance_Protect | By: Cortex XSOAR |
D2 | By: Cortex XSOAR |
GenericSQL | By: Cortex XSOAR |
Phishing | By: Cortex XSOAR |
ServiceNow | By: Cortex XSOAR |
McAfee_Advanced_Threat_Defense | By: Cortex XSOAR |
epo | By: Cortex XSOAR |
RsaNetwitnessSecurityAnalytics | By: Cortex XSOAR |
FiltersAndTransformers | By: Cortex XSOAR |
Carbon_Black_Enterprise_Live_Response | By: Cortex XSOAR |
Pack Name | Pack By |
---|---|
CrowdStrikeFalcon | By: Cortex XSOAR |
Whois | By: Cortex XSOAR |
SumoLogic | By: Cortex XSOAR |
DomainTools | By: Partner |
CortexXDR | By: Cortex XSOAR |
Traps | By: Cortex XSOAR |
Shodan | By: Cortex XSOAR |
Elasticsearch | By: Cortex XSOAR |
JsonWhoIs | By: Cortex XSOAR |
PANWComprehensiveInvestigation | By: Cortex XSOAR |
Scripts
DocumentationAutomation
- Added type validations and other internal code improvements.
Integrations
ExtraHop (Deprecated)
- Documentation fixes
Palo Alto Networks MineMeld (Deprecated)
- Documentation fixes
Playbooks
Phishing Playbook - Automated
- Documentation fixes
Phishing Investigation - Generic
- Documentation fixes
Block Indicators - Generic
- Documentation fixes
Block IP - Generic
- Documentation fixes
Scripts
CheckWhitelist
- Documentation fixes
Integrations
Palo Alto Networks Cortex (Deprecated)
- Maintenance and stability enhancements.
Integrations
Palo Alto Networks MineMeld (Deprecated)
- Updated the Docker image to: demisto/python:2.7.18.20958.
Azure Security Center (Deprecated)
- Updated the Docker image to: demisto/python:2.7.18.20958.
Azure Compute (Deprecated)
- Updated the Docker image to: demisto/python:2.7.18.20958.
Cymon (Deprecated)
- Updated the Docker image to: demisto/python:2.7.18.20958.
Scripts
LCMPathFinderScanHost
- Updated the Docker image to: demisto/python:2.7.18.20958.
IPExtract
- Updated the Docker image to: demisto/python:2.7.18.20958.
BinaryReputationPy
- Updated the Docker image to: demisto/python:2.7.18.20958.
AwsStartInstance
- Updated the Docker image to: demisto/python:2.7.18.20958.
OktaGetUser
- Updated the Docker image to: demisto/python:2.7.18.20958.
LCMDetectedEntities
- Updated the Docker image to: demisto/python:2.7.18.20958.
OktaActivateUser
- Updated the Docker image to: demisto/python:2.7.18.20958.
ExchangeDeleteIDsFromContext
- Updated the Docker image to: demisto/python:2.7.18.20958.
PWFindEvents
- Updated the Docker image to: demisto/python:2.7.18.20958.
EPORetrieveCurrentDATVersion
- Updated the Docker image to: demisto/python:2.7.18.20958.
LCMHosts
- Updated the Docker image to: demisto/python:2.7.18.20958.
VectraSettings
- Updated the Docker image to: demisto/python:2.7.18.20958.
NessusShowEditorTemplates
- Updated the Docker image to: demisto/python:2.7.18.20958.
CPTaskStatus
- Updated the Docker image to: demisto/python:2.7.18.20958.
VectraTriage
- Updated the Docker image to: demisto/python:2.7.18.20958.
CBFindHash
- Updated the Docker image to: demisto/python:2.7.18.20958.
AwsCreateVolumeSnapshot
- Updated the Docker image to: demisto/python:2.7.18.20958.
JiraCreateIssue
- Updated the Docker image to: demisto/python:2.7.18.20958.
LCMIndicatorsForEntity
- Updated the Docker image to: demisto/python:2.7.18.20958.
MD5Extract
- Updated the Docker image to: demisto/python:2.7.18.20958.
CSActors
- Updated the Docker image to: demisto/python:2.7.18.20958.
ParseEmailHeaders
- Updated the Docker image to: demisto/python:2.7.18.20958.
EPORepositoryComplianceCheck
- Updated the Docker image to: demisto/python:2.7.18.20958.
VectraClassifier
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADIsUserMember
- Updated the Docker image to: demisto/python:2.7.18.20958.
XBLockouts
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetEmailForUser
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetAllUsersEmail
- Updated the Docker image to: demisto/python:2.7.18.20958.
GoogleappsGmailSearch
- Updated the Docker image to: demisto/python:2.7.18.20958.
XBUser
- Updated the Docker image to: demisto/python:2.7.18.20958.
XBNotable
- Updated the Docker image to: demisto/python:2.7.18.20958.
CheckWhitelist
- Updated the Docker image to: demisto/python:2.7.18.20958.
ProofpointDecodeURL
- Updated the Docker image to: demisto/python:2.7.18.20958.
ExchangeSearch
- Updated the Docker image to: demisto/python:2.7.18.20958.
VectraGetDetetctionsById
- Updated the Docker image to: demisto/python:2.7.18.20958.
Elasticsearch
- Updated the Docker image to: demisto/python:2.7.18.20958.
LCMResolveHost
- Updated the Docker image to: demisto/python:2.7.18.20958.
PWObservationDetails
- Updated the Docker image to: demisto/python:2.7.18.20958.
OktaCreateUser
- Updated the Docker image to: demisto/python:2.7.18.20958.
PWEventPcapInfo
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADListUsers
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADExpirePassword
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetUserGroups
- Updated the Docker image to: demisto/python:2.7.18.20958.
CheckFilesWildfirePy
- Updated the Docker image to: demisto/python:2.7.18.20958.
OktaUpdateUser
- Updated the Docker image to: demisto/python:2.7.18.20958.
AwsCreateImage
- Updated the Docker image to: demisto/python:2.7.18.20958.
VectraSummary
- Updated the Docker image to: demisto/python:2.7.18.20958.
SplunkSearchJsonPy
- Updated the Docker image to: demisto/python:2.7.18.20958.
CheckIPs
- Updated the Docker image to: demisto/python:2.7.18.20958.
NessusScanDetails
- Updated the Docker image to: demisto/python:2.7.18.20958.
OktaSearch
- Updated the Docker image to: demisto/python:2.7.18.20958.
NessusListScans
- Updated the Docker image to: demisto/python:2.7.18.20958.
CheckURLs
- Updated the Docker image to: demisto/python:2.7.18.20958.
IsContextSet
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetComputerGroups
- Updated the Docker image to: demisto/python:2.7.18.20958.
SetSeverityByScore
- Updated the Docker image to: demisto/python:2.7.18.20958.
CYFileRep
- Updated the Docker image to: demisto/python:2.7.18.20958.
ConferSetSeverity
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADUserLogonInfo
- Updated the Docker image to: demisto/python:2.7.18.20958.
NessusHostDetails
- Updated the Docker image to: demisto/python:2.7.18.20958.
IngestCSV
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetGroupUsers
- Updated the Docker image to: demisto/python:2.7.18.20958.
SlackAskUser
- Updated the Docker image to: demisto/python:2.7.18.20958.
JiraIssueQuery
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetComputer
- Updated the Docker image to: demisto/python:2.7.18.20958.
URLExtract
- Updated the Docker image to: demisto/python:2.7.18.20958.
CPShowAccessRulebase
- Updated the Docker image to: demisto/python:2.7.18.20958.
IncidentSet
- Updated the Docker image to: demisto/python:2.7.18.20958.
CPCreateBackup
- Updated the Docker image to: demisto/python:2.7.18.20958.
GoogleappsListUsers
- Updated the Docker image to: demisto/python:2.7.18.20958.
IncidentToContext
- Updated the Docker image to: demisto/python:2.7.18.20958.
QrFullSearch
- Updated the Docker image to: demisto/python:2.7.18.20958.
LCMAcknowledgeHost
- Updated the Docker image to: demisto/python:2.7.18.20958.
AwsStopInstance
- Updated the Docker image to: demisto/python:2.7.18.20958.
XBTriggeredRules
- Updated the Docker image to: demisto/python:2.7.18.20958.
LCMDetectedIndicators
- Updated the Docker image to: demisto/python:2.7.18.20958.
RunSqlQuery
- Updated the Docker image to: demisto/python:2.7.18.20958.
NessusCreateScan
- Updated the Docker image to: demisto/python:2.7.18.20958.
QrOffenses
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADListUsersEx
- Updated the Docker image to: demisto/python:2.7.18.20958.
EPOUpdateEndpoints
- Updated the Docker image to: demisto/python:2.7.18.20958.
NessusGetReport
- Updated the Docker image to: demisto/python:2.7.18.20958.
SlackSend
- Updated the Docker image to: demisto/python:2.7.18.20958.
ClassifierNotifyAdmin
- Updated the Docker image to: demisto/python:2.7.18.20958.
QrSearches
- Updated the Docker image to: demisto/python:2.7.18.20958.
SendEmail
- Updated the Docker image to: demisto/python:2.7.18.20958.
VectraGetHostById
- Updated the Docker image to: demisto/python:2.7.18.20958.
PWEvents
- Updated the Docker image to: demisto/python:2.7.18.20958.
XBInfo
- Updated the Docker image to: demisto/python:2.7.18.20958.
PWObservations
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetEmailForAllUsers
- Updated the Docker image to: demisto/python:2.7.18.20958.
PWSensors
- Updated the Docker image to: demisto/python:2.7.18.20958.
SNListTickets
- Updated the Docker image to: demisto/python:2.7.18.20958.
SNUpdateTicket
- Updated the Docker image to: demisto/python:2.7.18.20958.
GoogleappsGetUser
- Updated the Docker image to: demisto/python:2.7.18.20958.
NetwitnessSAUpdateIncident
- Updated the Docker image to: demisto/python:2.7.18.20958.
LCMSetHostComment
- Updated the Docker image to: demisto/python:2.7.18.20958.
EPOUpdateRepository
- Updated the Docker image to: demisto/python:2.7.18.20958.
vmray_getResults
- Updated the Docker image to: demisto/python:2.7.18.20958.
JiraGetIssue
- Updated the Docker image to: demisto/python:2.7.18.20958.
VectraHosts
- Updated the Docker image to: demisto/python:2.7.18.20958.
QrGetSearch
- Updated the Docker image to: demisto/python:2.7.18.20958.
AdSearch
- Updated the Docker image to: demisto/python:2.7.18.20958.
CPShowBackupStatus
- Updated the Docker image to: demisto/python:2.7.18.20958.
NessusLaunchScan
- Updated the Docker image to: demisto/python:2.7.18.20958.
GoogleappsGmailGetMail
- Updated the Docker image to: demisto/python:2.7.18.20958.
PWEventDetails
- Updated the Docker image to: demisto/python:2.7.18.20958.
XBTimeline
- Updated the Docker image to: demisto/python:2.7.18.20958.
VMRay
- Updated the Docker image to: demisto/python:2.7.18.20958.
JiraIssueAddLink
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetGroupMembers
- Updated the Docker image to: demisto/python:2.7.18.20958.
WhoisLookup
- Updated the Docker image to: demisto/python:2.7.18.20958.
OktaDeactivateUser
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADSetNewPassword
- Updated the Docker image to: demisto/python:2.7.18.20958.
GoogleappsRevokeUserRole
- Updated the Docker image to: demisto/python:2.7.18.20958.
CPDeleteRule
- Updated the Docker image to: demisto/python:2.7.18.20958.
SandboxDetonateFile
- Updated the Docker image to: demisto/python:2.7.18.20958.
AwsRunInstance
- Updated the Docker image to: demisto/python:2.7.18.20958.
OktaGetGroups
- Updated the Docker image to: demisto/python:2.7.18.20958.
CommonIntegrationPython
- Updated the Docker image to: demisto/python:2.7.18.20958.
JiraIssueUploadFile
- Updated the Docker image to: demisto/python:2.7.18.20958.
EPODetermineRepository
- Updated the Docker image to: demisto/python:2.7.18.20958.
LocateAttachment
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetCommonGroups
- Updated the Docker image to: demisto/python:2.7.18.20958.
GetContextValue
- Updated the Docker image to: demisto/python:2.7.18.20958.
PWObservationPcapInfo
- Updated the Docker image to: demisto/python:2.7.18.20958.
CPBlockIP
- Updated the Docker image to: demisto/python:2.7.18.20958.
CPShowHosts
- Updated the Docker image to: demisto/python:2.7.18.20958.
EPORepoList
- Updated the Docker image to: demisto/python:2.7.18.20958.
CSHuntByIOC
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADListComputers
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetGroupComputers
- Updated the Docker image to: demisto/python:2.7.18.20958.
VectraDetections
- Updated the Docker image to: demisto/python:2.7.18.20958.
VirustotalIsMalicious
- Updated the Docker image to: demisto/python:2.7.18.20958.
DocumentationAutomation
- Updated the Docker image to: demisto/python:2.7.18.20958.
VectraSensors
- Updated the Docker image to: demisto/python:2.7.18.20958.
JiraIssueAddComment
- Updated the Docker image to: demisto/python:2.7.18.20958.
CSIndicators
- Updated the Docker image to: demisto/python:2.7.18.20958.
VectraHealth
- Updated the Docker image to: demisto/python:2.7.18.20958.
SNOpenTicket
- Updated the Docker image to: demisto/python:2.7.18.20958.
AggregateIOCs
- Updated the Docker image to: demisto/python:2.7.18.20958.
CPSetRule
- Updated the Docker image to: demisto/python:2.7.18.20958.
ConferIncidentDetails
- Updated the Docker image to: demisto/python:2.7.18.20958.
ExtractDomainFromURL
- Updated the Docker image to: demisto/python:2.7.18.20958.
SlackMirror
- Updated the Docker image to: demisto/python:2.7.18.20958.
IPInfoQuery
- Updated the Docker image to: demisto/python:2.7.18.20958.
NessusScanStatus
- Updated the Docker image to: demisto/python:2.7.18.20958.
ADGetUsersByEmail
- Updated the Docker image to: demisto/python:2.7.18.20958.
OktaSetPassword
- Updated the Docker image to: demisto/python:2.7.18.20958.
QrGetSearchResults
- Updated the Docker image to: demisto/python:2.7.18.20958.
EPOCheckLatestDAT
- Updated the Docker image to: demisto/python:2.7.18.20958.
CSCountDevicesForIOC
- Updated the Docker image to: demisto/python:2.7.18.20958.
GoogleappsGetUserRoles
- Updated the Docker image to: demisto/python:2.7.18.20958.
Scripts
ParseEmailFile
- Updated the Docker image to: demisto/python:2.7.18.20958.
Scripts
VectraTriage
- Documentation and metadata improvements.
Playbooks
Account Enrichment
- Playbook was updated with the "deprecated" field.
Account Enrichment - Generic
- Playbook was updated with the "deprecated" field.
Account Enrichment - Generic v2
- Playbook was updated with the "deprecated" field.
Add Indicator to Miner - Palo Alto MineMeld
- Playbook was updated with the "deprecated" field.
Block File - Generic
- Playbook was updated with the "deprecated" field.
Block IP - Generic
- Playbook was updated with the "deprecated" field.
Block Indicators - Generic
- Playbook was updated with the "deprecated" field.
Calculate Severity - Critical assets
- Playbook was updated with the "deprecated" field.
Calculate Severity - Generic
- Playbook was updated with the "deprecated" field.
Carbon Black Rapid IOC Hunting
- Playbook was updated with the "deprecated" field.
Checkpoint Firewall Configuration Backup Playbook
- Playbook was updated with the "deprecated" field.
CrowdStrike Rapid IOC Hunting
- Playbook was updated with the "deprecated" field.
DBot Create Phishing Classifier
- Playbook was updated with the "deprecated" field.
DBot Create Phishing Classifier Job
- Playbook was updated with the "deprecated" field.
DeDup incidents
- Playbook was updated with the "deprecated" field.
DeDup incidents - ML
- Playbook was updated with the "deprecated" field.
Dedup - Generic
- Playbook was updated with the "deprecated" field.
Demisto Self-Defense - Account policy monitoring playbook
- Playbook was updated with the "deprecated" field.
Domain Enrichment - Generic
- Playbook was updated with the "deprecated" field.
Email Address Enrichment - Generic
- Playbook was updated with the "deprecated" field.
Email Address Enrichment - Generic v2
- Playbook was updated with the "deprecated" field.
Endpoint Enrichment - Generic
- Playbook was updated with the "deprecated" field.
Endpoint Enrichment - Generic v2
- Playbook was updated with the "deprecated" field.
Endpoint data collection
- Playbook was updated with the "deprecated" field.
Enrich DXL with ATD verdict
- Playbook was updated with the "deprecated" field.
Enrich McAfee DXL using 3rd party sandbox
- Playbook was updated with the "deprecated" field.
Enrichment Playbook
- Playbook was updated with the "deprecated" field.
Entity Enrichment - Generic
- Playbook was updated with the "deprecated" field.
ExtraHop - Ticket Tracking
- Playbook was updated with the "deprecated" field.
Extract Indicators - Generic
- Playbook was updated with the "deprecated" field.
Extract Indicators From File - Generic
- Playbook was updated with the "deprecated" field.
Failed Login Playbook - Slack v2
- Playbook was updated with the "deprecated" field.
Failed Login Playbook With Slack
- Playbook was updated with the "deprecated" field.
File Enrichment - Generic
- Playbook was updated with the "deprecated" field.
Get File Sample By Hash - Generic
- Playbook was updated with the "deprecated" field.
Get Mails By Folder Pathes
- Playbook was updated with the "deprecated" field.
Hunt Extracted Hashes
- Playbook was updated with the "deprecated" field.
Hunt for bad IOCs
- Playbook was updated with the "deprecated" field.
Hunting C&C Communication Playbook
- Playbook was updated with the "deprecated" field.
IP Enrichment - Generic
- Playbook was updated with the "deprecated" field.
Incident Enrichment
- Playbook was updated with the "deprecated" field.
Malware Investigation - Generic
- Playbook was updated with the "deprecated" field.
Malware Investigation - Generic - Setup
- Playbook was updated with the "deprecated" field.
Malware Playbook - Manual
- Playbook was updated with the "deprecated" field.
McAfee ePO Endpoint Compliance Playbook
- Playbook was updated with the "deprecated" field.
McAfee ePO Endpoint Connectivity Diagnostics Playbook
- Playbook was updated with the "deprecated" field.
McAfee ePO Repository Compliance Playbook
- Playbook was updated with the "deprecated" field.
PAN-OS - Block IP and URL - External Dynamic List
- Playbook was updated with the "deprecated" field.
PAN-OS EDL Setup
- Playbook was updated with the "deprecated" field.
PAN-OS EDL Setup v2
- Playbook was updated with the "deprecated" field.
PANW - Hunting and threat detection by indicator type
- Playbook was updated with the "deprecated" field.
PANW - Hunting and threat detection by indicator type V2
- Playbook was updated with the "deprecated" field.
Palo Alto Networks - Endpoint Malware Investigation v2
- Playbook was updated with the "deprecated" field.
PanoramaCommitConfiguration
- Playbook was updated with the "deprecated" field.
PanoramaQueryTrafficLogs
- Playbook was updated with the "deprecated" field.
Phishing Investigation - Generic
- Playbook was updated with the "deprecated" field.
Phishing Playbook - Automated
- Playbook was updated with the "deprecated" field.
Process Email
- Playbook was updated with the "deprecated" field.
Process Email - Add custom fields
- Playbook was updated with the "deprecated" field.
QRadar - Get offense correlations
- Playbook was updated with the "deprecated" field.
Rapid IOC Hunting Playbook
- Playbook was updated with the "deprecated" field.
Search Endpoints By Hash - Carbon Black Response
- Playbook was updated with the "deprecated" field.
Search Endpoints By Hash - Generic
- Playbook was updated with the "deprecated" field.
URL Enrichment - Generic
- Playbook was updated with the "deprecated" field.
Vulnerability Handling - Qualys
- Playbook was updated with the "deprecated" field.
Vulnerability Handling - Qualys - Add custom fields to default layout
- Playbook was updated with the "deprecated" field.
Integrations
Azure Security Center (Deprecated)
- Maintenance and stability enhancements.
Classifiers
Palo Alto Networks Cortex
- Maintenance and stability enhancements.
Scripts
SearchIncidents
Updated the script to execute using the LimitedUser role.
GetDuplicatesMl
Updated the script to execute using the LimitedUser role.
DBotPreparePhishingData
Updated the script to execute using the LimitedUser role.
getMlFeatures
Updated the script to execute using the LimitedUser role.
Integrations
Azure Security Center (Deprecated)
- Maintenance and stability enhancements
Lastline (Deprecated)
- Maintenance and stability enhancements
SafeBreach (Deprecated)
- Maintenance and stability enhancements
Cymon (Deprecated)
- Maintenance and stability enhancements
Symantec Endpoint Protection 14 (Deprecated)
- Maintenance and stability enhancements
Palo Alto Networks Magnifier (Deprecated)
- Maintenance and stability enhancements
Azure Compute (Deprecated)
- Maintenance and stability enhancements
Palo Alto Networks Cortex (Deprecated)
- Maintenance and stability enhancements
Mimecast (Deprecated)
- Maintenance and stability enhancements
CVE Search (Deprecated)
- Maintenance and stability enhancements
MISP (Deprecated)
- Maintenance and stability enhancements
Secdo (Deprecated)
- Maintenance and stability enhancements
Intezer (Deprecated)
- Maintenance and stability enhancements
Phishme Intelligence (Deprecated)
- Maintenance and stability enhancements
Cylance Protect (Deprecated)
- Maintenance and stability enhancements
Lockpath KeyLight (Deprecated)
- Maintenance and stability enhancements
Mimecast Authentication (Deprecated)
- Maintenance and stability enhancements
AlienVault OTX (Deprecated)
- Maintenance and stability enhancements
ExtraHop (Deprecated)
- Maintenance and stability enhancements
Shodan (Deprecated)
- Maintenance and stability enhancements
Atlassian Jira (Deprecated)
- Maintenance and stability enhancements
EWS (Deprecated)
- Maintenance and stability enhancements
Palo Alto Networks MineMeld (Deprecated)
- Maintenance and stability enhancements
Proofpoint TAP (Deprecated)
- Maintenance and stability enhancements
Palo Alto Networks WildFire (Deprecated)
- Maintenance and stability enhancements
Kenna (Deprecated)
- Maintenance and stability enhancements
OPSWAT-Metadefender (Deprecated)
- Maintenance and stability enhancements
ArcSight ESM (Deprecated)
- Maintenance and stability enhancements
Have I Been Pwned? (Deprecated)
- Maintenance and stability enhancements
Amazon Web Services (Deprecated)
- Maintenance and stability enhancements
Playbooks
Block IP - Generic
- Maintenance and stability enhancements
Palo Alto Networks - Endpoint Malware Investigation v2
- Maintenance and stability enhancements
Malware Investigation - Generic
- Maintenance and stability enhancements
Calculate Severity - Critical assets
- Maintenance and stability enhancements
URL Enrichment - Generic
- Maintenance and stability enhancements
Dedup - Generic
- Maintenance and stability enhancements
Endpoint Enrichment - Generic
- Maintenance and stability enhancements
Endpoint data collection
- Maintenance and stability enhancements
PanoramaCommitConfiguration
- Maintenance and stability enhancements
Extract Indicators From File - Generic
- Maintenance and stability enhancements
Block File - Generic
- Maintenance and stability enhancements
DeDup incidents - ML
- Maintenance and stability enhancements
Checkpoint Firewall Configuration Backup Playbook
- Maintenance and stability enhancements
DBot Create Phishing Classifier Job
- Maintenance and stability enhancements
IP Enrichment - Generic
- Maintenance and stability enhancements
Hunting C&C Communication Playbook
- Maintenance and stability enhancements
Vulnerability Handling - Qualys - Add custom fields to default layout
- Maintenance and stability enhancements
Phishing Investigation - Generic
- Maintenance and stability enhancements
Endpoint Enrichment - Generic v2
- Maintenance and stability enhancements
Hunt Extracted Hashes
- Maintenance and stability enhancements
Malware Investigation - Generic - Setup
- Maintenance and stability enhancements
McAfee ePO Repository Compliance Playbook
- Maintenance and stability enhancements
PanoramaQueryTrafficLogs
- Maintenance and stability enhancements
Enrich DXL with ATD verdict
- Maintenance and stability enhancements
Calculate Severity - Generic
- Maintenance and stability enhancements
Account Enrichment - Generic v2
- Maintenance and stability enhancements
DBot Create Phishing Classifier
- Maintenance and stability enhancements
McAfee ePO Endpoint Connectivity Diagnostics Playbook
- Maintenance and stability enhancements
Entity Enrichment - Generic
- Maintenance and stability enhancements
PAN-OS - Block IP and URL - External Dynamic List
- Maintenance and stability enhancements
Carbon Black Rapid IOC Hunting
- Maintenance and stability enhancements
PAN-OS EDL Setup
- Maintenance and stability enhancements
Incident Enrichment
- Maintenance and stability enhancements
DeDup incidents
- Maintenance and stability enhancements
ExtraHop - Ticket Tracking
- Maintenance and stability enhancements
Rapid IOC Hunting Playbook
- Maintenance and stability enhancements
QRadar - Get offense correlations
- Maintenance and stability enhancements
Vulnerability Handling - Qualys
- Maintenance and stability enhancements
Demisto Self-Defense - Account policy monitoring playbook
- Maintenance and stability enhancements
Malware Playbook - Manual
- Maintenance and stability enhancements
PANW - Hunting and threat detection by indicator type
- Maintenance and stability enhancements
Search Endpoints By Hash - Carbon Black Response
- Maintenance and stability enhancements
Email Address Enrichment - Generic v2
- Maintenance and stability enhancements
PANW - Hunting and threat detection by indicator type V2
- Maintenance and stability enhancements
Phishing Playbook - Automated
- Maintenance and stability enhancements
Process Email
- Maintenance and stability enhancements
Account Enrichment
- Maintenance and stability enhancements
Search Endpoints By Hash - Generic
- Maintenance and stability enhancements
Failed Login Playbook - Slack v2
- Maintenance and stability enhancements
Enrich McAfee DXL using 3rd party sandbox
- Maintenance and stability enhancements
File Enrichment - Generic
- Maintenance and stability enhancements
Process Email - Add custom fields
- Maintenance and stability enhancements
Account Enrichment - Generic
- Maintenance and stability enhancements
Enrichment Playbook
- Maintenance and stability enhancements
Access Investigation - Generic
- Maintenance and stability enhancements
Extract Indicators - Generic
- Maintenance and stability enhancements
Hunt for bad IOCs
- Maintenance and stability enhancements
CrowdStrike Rapid IOC Hunting
- Maintenance and stability enhancements
Block Indicators - Generic
- Maintenance and stability enhancements
PAN-OS EDL Setup v2
- Maintenance and stability enhancements
Domain Enrichment - Generic
- Maintenance and stability enhancements
Failed Login Playbook With Slack
- Maintenance and stability enhancements
McAfee ePO Endpoint Compliance Playbook
- Maintenance and stability enhancements
Get File Sample By Hash - Generic
- Maintenance and stability enhancements
Email Address Enrichment - Generic
- Maintenance and stability enhancements
Add Indicator to Miner - Palo Alto MineMeld
- Maintenance and stability enhancements
Scripts
InviteUser
- Maintenance and stability enhancements
TaniumDeployAction
- Maintenance and stability enhancements
DemistoDeleteIncident
- Maintenance and stability enhancements
ExposeUsers
- Maintenance and stability enhancements
GoogleAuthURL
- Maintenance and stability enhancements
DataDomainReputation
- Maintenance and stability enhancements
TaniumApprovePendingActions
- Maintenance and stability enhancements
WhileNotMdLoop
- Maintenance and stability enhancements
PanoramaBlockIP
- Maintenance and stability enhancements
DefaultIncidentClassifier
- Maintenance and stability enhancements
TriagePhishing
- Maintenance and stability enhancements
TaniumAskQuestionComplex
- Maintenance and stability enhancements
PanoramaCommit
- Maintenance and stability enhancements
CloseInvestigation
- Maintenance and stability enhancements
ExtractHash
- Maintenance and stability enhancements
ExchangeDeleteMail
- Maintenance and stability enhancements
TaniumFindRunningProcesses
- Maintenance and stability enhancements
BlockIP
- Maintenance and stability enhancements
PanoramaConfig
- Maintenance and stability enhancements
ExtractDomain
- Maintenance and stability enhancements
ExtractIP
- Maintenance and stability enhancements
AwsGetInstanceInfo
- Maintenance and stability enhancements
WhoisSummary
- Maintenance and stability enhancements
SplunkEmailParser
- Maintenance and stability enhancements
DBotPredictPhishingLabel
- Maintenance and stability enhancements
ExtractEmail
- Maintenance and stability enhancements
SetIncidentCustomFields
- Maintenance and stability enhancements
SEPScan
- Maintenance and stability enhancements
CommonIntegration
- Maintenance and stability enhancements
PanoramaDynamicAddressGroup
- Maintenance and stability enhancements
DataURLReputation
- Maintenance and stability enhancements
IsIPInSubnet
- Maintenance and stability enhancements
TaniumAskQuestion
- Maintenance and stability enhancements
EsmExample
- Maintenance and stability enhancements
DataIPReputation
- Maintenance and stability enhancements
ExchangeSearchMailbox
- Maintenance and stability enhancements
TaniumShowPendingActions
- Maintenance and stability enhancements
WhileNotExistLoop
- Maintenance and stability enhancements
DataHashReputation
- Maintenance and stability enhancements
CheckFiles
- Maintenance and stability enhancements
CBSearch
- Maintenance and stability enhancements
ExtractURL
- Maintenance and stability enhancements
ExposeModules
- Maintenance and stability enhancements
ExchangeAssignRole
- Maintenance and stability enhancements
ExposeList
- Maintenance and stability enhancements
SplunkSearch
- Maintenance and stability enhancements
Integrations
Palo Alto Networks MineMeld
Added the Stateless parameter, which indicates whether to update all indicators or only the indicators that are added or removed.
Integrations
SafeBreach (deprecated)
- Use the SafeBreach v2 integration instead.