This repository contains all Demisto content and from here we share content updates
Switch branches/tags
Clone or download
Failed to load latest commit information.
.circleci Clear release notes - 18.9.2 (#2149) Sep 20, 2018
.hooks Removed Docs Sep 6, 2018
Classifiers Clear release notes 18.9.0 (#2096) Sep 6, 2018
Connections Add vt connections (#1742) Jul 2, 2018
Dashboards Clear release notes - 18.9.2 (#2149) Sep 20, 2018
Documentation add useful constants from commonServer to the script helper (#2112) Sep 7, 2018
IncidentFields Clear release notes - 18.9.2 (#2149) Sep 20, 2018
Integrations Crowdstrike Falcon Host - Fixed support for "Trust any certificate" c… Sep 21, 2018
Layouts Clear release notes - 18.9.2 (#2149) Sep 20, 2018
Misc Clear release notes - 18.7.3 (#1859) Jul 26, 2018
Playbooks Clear release notes - 18.9.2 (#2149) Sep 20, 2018
Reports clear rn Apr 12, 2018
Scripts Clear release notes - 18.9.2 (#2149) Sep 20, 2018
TestData added_malicious_emls (#2092) Sep 4, 2018
TestPlaybooks Table to markdown python string array (#2138) Sep 20, 2018
Tests Skip symantec (#2147) Sep 20, 2018
Tools Adding o365 with agent tools in new content update ready structure. P… Nov 20, 2016
Utils documentation automation enhancements (#1841) Jul 25, 2018
Widgets Clear release notes 18.9.0 (#2096) Sep 6, 2018
docs Add index.html for website Sep 6, 2018
.gitignore Add _site to gitignore Sep 6, 2018 Create Feb 11, 2018 Update (#1909) Aug 8, 2018
LICENSE Create LICENSE Nov 23, 2016 Update (#2018) Aug 27, 2018
content-descriptor.json Added Demisto Content prefix to release notes (#1029) Nov 27, 2017 Fixed build Sep 6, 2018
demisto_content_logo.png add logo Mar 5, 2018 Updated integration name source (#1775) Jul 12, 2018 clear test rn May 3, 2018
requirements.txt add vmware py dep Jan 7, 2018 Fix missing release notes (#1767) Jul 9, 2018

Content logo


Demisto Platform - Content Repository

This repo contains content provided by Demisto to automate and orchestrate your Security Operations. Here we will share our ever-growing list of playbooks, automation scripts, report templates and other useful content.

We security folks love to tinker, keep enhancing and sharpening our toolset and we decided to open up everything and make it a collaborative process for the entire security community. We want to create useful knowledge and build flexible, customizable tools, sharing them with each other as we go along.

We invite you to use the playbooks and scripts, modify them to suit your needs and see what works for you, get involved in the community discussion and of course remember to give back and contribute so that others can enjoy and learn from your hard work and build upon it to enhance it even further.


The Demisto Platform includes a visual playbook editor - you can add and modify tasks, create control flow according to answers returned by your queries, and automate everything with your existing security tools, services and products. You can also export your work to a file in the COPS format, and import playbooks shared by your peers who have done the same.

We will be releasing more and more playbooks for interesting scenarios, so stay tuned. If you are working on an interesting playbook of your own, feel free to send us a Pull Request and let's build it together.

The spec for our open playbook format, COPS, can be found here.


These scripts written in Python or Javascript perform Security Operations tasks. The scripts are built to run inside the Demisto Platform - they can query or send commands to a long list of existing security products, and react based on the output.

You can take your logic and the way you want to work and write your own scripts, allowing for maximum flexibility. The services and products you use can be online Cloud-based or on-premises setups, and we have tools to support more complex topologies such as when the product's subnet is firewalled off.


Integrations written in Javascript or Python enable the Demisto Platform to orchestrate security and IT products. Each integration provides capabilities in the form of commands and each command usually reflects a product capability (API) and returns both a human readable and computer readable response.


Demisto Platform support flexible reports written in JSON. All of our standard reports calculating various incident statistics and metrics are stored in this repo.

Contributing Content

For instructions about adding/modifying playbooks and scripts please see our contributor guide.

Enjoy and feel free to reach out to us on the DFIR Community Slack channel, or at

Git configuration

Copy the pre-commit hook from .hooks to .git/hooks. Run the following command from the repository root:

cp .hooks/* .git/hooks