Release Notes for version 1.1.1
Integrations
- LightCyber
- Mimecast
- Checkpoint Sandblast Threat Emulation Sandbox
- Algosec BusinessFlow (ABF), Firewall Analyzer (AFA) and FireFlow (AFF)
- Giphy
Playbooks
- Enhanced Automated Phishing investigation playbook
- McAfee playbooks enhanced with automated tasks
- Default playbook enhanced with clearer steps to classify email alerts
- Classifier playbook centralizes the logic that picks the correct incident type for incoming incidents
- Tanium example playbook that demonstrates interaction with Tanium
Scripts
- ADExpirePassword - Set an AD user's password as expired
- ADSetNewPassword - Set a new password for an AD user
- TaniumShowPendingActions - Show actions pending approval (if four-eyes rule is configured)
- TaniumApprovePendingActions - Approve only actions which use the specified packages.
- MimecastFindEmail - Use Mimecast to search for an email across all mailboxes.
- TaniumAskQuestion - default timeout behavior fixed
- ADUserLogonInfo bugfix
- Slack Mirroring - new feature to mirror War Room activity into Slack
- SandboxDetonateFile now supports Sandblast
- SandboxDetonateFile now supports explicitly picking which sandboxes to use by specifying "using-brand" argument
- ScheduleCommand - Schedule recurring execution of a command. Can be used inside playbooks.
- Background reputation checks for URLs and IP addresses now include PassiveTotal (if configured).
- IncidentSet now updates context after modifying incident metadata
- StixParser script for incoming Threat Intel