Introduction to Utility Commands
LAST UPDATED: JULY 22, 2025
Conversely, users have the ability to create and customize their own utility commands, allowing for greater control data processing and utility functions. The Utility Commands module features an editor interface that facilitates the creation of custom commands using either Codeless Playbook or Python implementations. Refer to Custom Command Overview for details.
Utility commands fall into three categories:
Basic Utility: Handles simple data processing on the following data types: Text, Number, Boolean, DateTime, Text Array, Number Array, Boolean Array, DateTime Array, JSON Array, JSON Object, File, and File Array.
Examples of basic utility commands include:
Check if Text Exists in Text Array
Convert String to HTML Table
Extract Key/Value Pairs from JSON Object
Get Current UTC Time
Remove Special Characters from JSON Object Keys
Cyber Utility: Focuses on cyber-specific data processing for enriching or extracting information from artifacts such as Email, Event, File, HostName, Port, and Process.
Examples of cyber utility commands include:
Check IP Subnet
Extract Artifacts From Excel File
Extract IOCs
Get Agent Details
Set Artifact Is Key Asset Field
System Utility: Performs actions on system objects such as Incident, Context Data, Users, Global List, and SLA.
Examples of system utility commands include:
Add or Update Artifact Reputation
Dismiss
Get Excel File Content
Export Incident Report
Update Identical Event
The D3 platform also supports exporting and importing custom utility commands between different D3 SOAR environments. Refer to Exporting and Importing Utility Commands for details.
READER NOTE
For detailed information, refer to Utility Commands.