Release Notes for version 17.11.0 (4518)
General
- The form of Demisto content versions has been changed to make them easier to follow. Content version numbers will now be as follows: '<YY>.<MM>.<#>'. For example 17.11.0 is November 2017 first version
Playbooks
2 New Playbooks
- Arcsight - Get events related to the Case
-- Get the Case's Arcsight ResourceID from the FetchID field, or the "ID" label. If neither are available, ask user for the ID - QRadar - Get offense correlations
-- Get more information from a Qradar Offence
Integrations
5 New Integrations
- Carbon Black Defense
-- Next-generation antivirus + EDR in one cloud-delivered platform that stops commodity malware, advanced malware, non-malware attacks and ransomware - IsItPhishing
-- Collaborative web service that provides validation on whether a URL is a phishing related page (or not) by analyzing the content of the webpage - McAfee Threat Intelligence Exchange
-- Connect to TIE using its DXL client - McAfee Web Gateway
-- Blacklist/Whitelist URLs - TCPIPUtils
-- Use the TCPIPUtils.com API to get enrichment data about an IP address
5 Improved Integrations
- AlienValut OTX
-- The 'not found' error is now handled more gracefully - ArcSight ESM
-- Added new commands- as-case-delete
- as-get-all-query-viewers
- as-get-case-event-ids
There is no need for ArcSight XML integration anymore, fetch can be done via ArcSight ESM
- Remedy On-Demand
-- Port parameter is now optional - SplunkPy
-- Support different timezones on Splunk ES incident fetch - Nessus
-- Fixed list-scans command issue
Scripts
2 New Scripts
- ContextContains
-- This script searches for a value in a context path - ExposeIncidentOwner
-- Copy the incident owner into 'IncidentOwner' context key
5 Improved Scripts
- ATDDetonate
-- Returns an error on unsupported files - DeleteContext
-- Change function to return an error when no arguments are provided (rather than return a regular message) - ExportToCSV
-- Display string representation of inner object fields - QRadarGetCorrelationLogs
-- Added Context outputs - QRadarGetOffenseCorrelations
-- Updated context outputs
1 Depracated Script
- QRadarClassifier
- Use the Demisto "Classification and Mapping" tool instead