Introduction to Utility Commands

LAST UPDATED: JULY 22, 2025

Conversely, users have the ability to create and customize their own utility commands, allowing for greater control data processing and utility functions. The Utility Commands module features an editor interface that facilitates the creation of custom commands using either Codeless Playbook or Python implementations. Refer to Custom Command Overview for details.

Utility commands fall into three categories:

Basic Utility: Handles simple data processing on the following data types: Text, Number, Boolean, DateTime, Text Array, Number Array, Boolean Array, DateTime Array, JSON Array, JSON Object, File, and File Array.
Examples of basic utility commands include:
- Check if Text Exists in Text Array
- Convert String to HTML Table
- Extract Key/Value Pairs from JSON Object
- Get Current UTC Time
- Remove Special Characters from JSON Object Keys
Cyber Utility: Focuses on cyber-specific data processing for enriching or extracting information from artifacts such as Email, Event, File, HostName, Port, and Process.
Examples of cyber utility commands include:
- Check IP Subnet
- Extract Artifacts From Excel File
- Extract IOCs
- Get Agent Details
- Set Artifact Is Key Asset Field
System Utility: Performs actions on system objects such as Incident, Context Data, Users, Global List, and SLA.
Examples of system utility commands include:
- Add or Update Artifact Reputation
- Dismiss
- Get Excel File Content
- Export Incident Report
- Update Identical Event

The D3 platform also supports exporting and importing custom utility commands between different D3 SOAR environments. Refer to Exporting and Importing Utility Commands for details.

READER NOTE

For detailed information, refer to Utility Commands.