github demisto/content 1.1.0
Demisto Content Update 1.1.0 - 27Nov2016
on GitHub

latest releases: 22.2.0, 22.1.0, 21.12.1...
7 years ago

Release Notes for version 1.1.0

Integrations

  • Amazon Web Services
  • Vectra
  • Okta
  • Box
  • Imperva Skyfence
  • Imperva Incapsula

Playbooks

  • Rapid IOC Hunting playbook - Takes an incoming CSV with new IPs and MD5s and reacts rapidly to search and block them using a variety of security integrations.
  • Symantec Endpoint Compliance playbook - Use Symantec Endpoint Protection to check the latest AV Definitions from Symantec Cloud and verify AV Definitions versions in endpoints. If any outdated endpoints are found open a ticket and send an email alert.
  • McAfee ePO Repository compliance - Ensures that ePO servers are updated to the latest McAfee published AV signatures (DAT file version).
  • McAfee ePO Endpoint compliance - Discover endpoints that are not using the latest McAfee AV Signatures.
  • McAfee ePO Endpoint Connectivity Diagnostics playbook - Perform a check on ePO endpoints to see if any endpoints are unmanaged or lost connectivity with ePO and take steps to return to valid state.
  • Checkpoint Firewall Configuration Backup playbook - Connects to several Checkpoint firewall appliances using SSH and triggers a backup task, then pulls the resulting backup file to Demisto using SCP, while generating a report to show whether any firewalls failed to trigger the backup task.

Scripts

  • VolJson and VolMalfindDump are now server scripts using RemotExec (ssh through a RemoteAccess integration instance) to run volatility without running a d2 agent
  • CheckSenderDomainDistance - may now receive a comma-separated list of domains as an argument. It will check if the sender's email address uses a domain that is close to any of the domains supplied. This is useful in case your organization has several domains being used for employee email addresses e.g. both acmemail.com and acme.com
  • CBFindIP and CBFindHash - use Carbon Black to search your enterprise quickly for an IP or Hash.
  • CBLiveGetFile - Use Carbon Black to open a Live shell on an endpoint and pull the designated file
  • CBPBanHash - Now supports banning multiple hashes at once (comma-separated) using Carbon Black Protection (Bit9)
  • CBPCatalogFindHash - Look up a hash in the Bit9 file catalog
  • PWFindEvents - Takes several IP addresses and finds all events involving at least one of them.
  • Elasticsearch
  • SearchIncidents - search for other existing incidents within Demisto
Check out latest releases or
releases around demisto/content 1.1.0

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications