Demisto Content Release Notes for version 18.1.0 (5638)
Published at 07 January 2018
Playbooks
4 New Playbooks
- Calculate Severity - Generic
-- Calculate incident severity by indicator reputation and user/endpoint membership in critical groups - Get File Sample From Hash - Generic
-- Returns to the war-room a file sample that corresponds to the hash, using one or more products/services - Get File Sample From Hash - Carbon Black Enterprise Response
-- Returns to the war-room a file sample that corresponds to an MD5 hash, using Carbon Black Enterprise Response integration - Get File Sample From Hash - Cylance Protect
-- Returns to the war-room a file sample that corresponds to a SHA256 hash, using Cylance Protect integration
Integrations
3 New Integrations
- Kenna
-- Kenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and re-mediate vulnerabilities - Joe Security
-- Cloud-based sandbox service - Check Point Sandblast Appliance
-- Query, upload and download data using Check Point Sandblast
4 Improved Integrations
- Remedy On-Demand
-- Added option to add custom fields to incident creation and perform insecure login - ArcSight Logger
-- ArcSight events logger - IntSights
-- Integration can now fetch incidents - Zendesk
-- Added zendesk-add-user for adding end users. Added zendesk-get-article to get help center article
Scripts
7 New Scripts
- ActiveUsersD2
-- Get active users from a D2 agent and parse them into context - CrowdStrikeStreamingPreProcessing
-- Pre processing script for CrowdStrike Streaming - D2ActiveUsers
-- Show local accounts - D2ExecuteCommand
-- Run a D2 built-in command on a D2 agent - FetchFileD2
-- Get a file from endpoint using a D2 agent - ParseWordDoc
-- Takes docx file (entryID) as an input and saves a text file (file entry) with the original file's contents - UserEnrichAD
-- Enhancement automation for user type indicator, to enrich the user name from Active Directory data
5 Improved Scripts
- ADGetComputer
-- Automation will now create hostname indicator. default argument is now 'name' - ADGetUser
-- Automation will now create user indicator - ParseCSV
-- ParseCSV by default will parse the whole csv - ParseEmailHeaders
-- Support multi values headers (e.g. Received header) - Set (Set context)
-- If object passed as string, Set will parse the value to JSON then set to context
Reputations
- Add new user type reputation to use for manual indicator and in automations