Demisto Content Release Notes for version 18.10.3 (14022)
Published on 30 October 2018
Integrations
3 New Integrations
- AWS - CloudWatchLogs
Amazon Web Services CloudWatch Logs (logs). For more information, see the Amazon Web Services CloudWatch documentation. - BitDam
BitDam secure email gateway protects against advanced content-borne threats with the most accurate prevention of known and unknown threats, at their source. For more information, see the BitDam documentation. - Red Canary
Red Canary collects endpoint data using Carbon Black Response and CrowdStrike Falcon.
15 Improved Integrations
- AWS - S3
Added the aws-s3-upload-file command. For more information, see the AWS S3 documentation. - Carbon Black Enterprise Live Response
Improved the integration test. - IntSights
Improved integration implementation and execution. For more information, see the IntSights documentation. - Devo
Added a default results limit of 30. - EWS v2
Added support for Public Folders and compliance search in Office 365. - FireEye HX
Added enforcement of passing either the defaultSystemScript argument or both the script and scriptName arguments when running the fireeye-hx-data-acquisition command. - Lastline
For more information, see the Lastline documentation.- Improved outputs, error messages, and code readability.
- Added support to insert multiple inputs for the lastline-get command.
- PagerDuty v2
Added support to send ServiceKey with the PagerDuty-submit-event command. - Dell Secureworks
Added support for getting ticket attachments. - ServiceNow
- Added support for the catalog task ticket type.
- Improved error messages.
- SumoLogic
Added support to use the equal sign in the query and headers arguments for the search command. - ThreatConnect
Fixed a filter issue when the ratingThreshold argument is specified. - FireEye iSIGHT
Added DBot score output for indicators that do not contain data. - McAfee ePO
Added 2 commands:- epo-get-tables
- epo-query-table
- Cisco Umbrella Investigate
Added 13 commands:- domain
- umbrella-get-related-domains
- umbrella-get-domain-classifiers
- umbrella-get-domain-queryvolume
- umbrella-get-domain-details
- umbrella-get-domains-for-email-registrar
- umbrella-get-domains-for-nameserver
- umbrella-get-whois-for-domain
- umbrella-get-malicious-domains-for-ip
- umbrella-get-domains-using-regex
- umbrella-get-domain-timeline
- umbrella-get-ip-timeline
- umbrella-get-url-timeline
Scripts
2 New Scripts
- IsListExist
Checks if a list exists in Demisto lists. - RegexGroups
Extracts elements that are contained in all the subgroups that match the pattern.
5 Improved Scripts
- EPOFindSystem
Improved error handling. - FireEyeDetonateFile
Added arguments to enable setting analysis type and pre-fetch when running the script. - PagerDutyAlertOnIncident
PagerDuty API v2 is now supported. - UnzipFile
Enabled decompression of AES encrypted files. - TextFromHTML
Added support for multiple languages.
Deprecated Script
- CloseInvestigation
Use the closeInvestigation command.
Playbooks
13 New Playbooks
- Add Indicator to Miner - Palo Alto MineMeld
Add indicators to the relevant Miner using MineMeld. - Detonate File - BitDam
Detonates one or more files using BitDam integration. - Block Account - Generic
This playbook blocks malicious usernames using all integrations that you have enabled. - Block File - Carbon Black Response
This playbook receives an MD5 hash and adds it to the blacklist in Carbon Black Enterprise Response.. - Block File - Generic
A generic playbook for blocking files from running on endpoints. - Block IP - Generic
This playbook blocks malicious IPs using all integrations that you have enabled. - Block Indicators - Generic
This playbook blocks malicious Indicators using all integrations that you have enabled. - Block URL - Generic
This playbook blocks malicious URLs using all integrations that you have enabled. - Demisto Self-Defense - Account policy monitoring playbook
Get list of Demisto users through the REST API, and alert if any non-SAML user accounts are found. - Detonate File - Lastline
Detonates a File using the Lastline sandbox. - Detonate URL - Lastline
Detonates a URL using the Lastline sandbox integration. - Office 365 Search and Delete
Run a ComplianceSearch on Office 365 and delete the results. - Phishing Investigation - Generic
Use this playbook to investigate and remediate a potential phishing incident. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself.
3 Improved Playbooks
- Detonate File - Generic
Added the Lastline Detonate File playbook. - Detonate URL - Generic
Added the Lastline Detonate URL playbook. - Phishing Investigation - Generic
Added support for blocking malicious indicators in relevant integrations.