github demisto/content 18.10.3
Demisto Content Release Notes for version 18.10.3 (14022)
on GitHub

latest releases: 22.2.0, 22.1.0, 21.12.1...
5 years ago

Demisto Content Release Notes for version 18.10.3 (14022)

Published on 30 October 2018

Integrations

3 New Integrations

  • AWS - CloudWatchLogs
    Amazon Web Services CloudWatch Logs (logs). For more information, see the Amazon Web Services CloudWatch documentation.
  • BitDam
    BitDam secure email gateway protects against advanced content-borne threats with the most accurate prevention of known and unknown threats, at their source. For more information, see the BitDam documentation.
  • Red Canary
    Red Canary collects endpoint data using Carbon Black Response and CrowdStrike Falcon.

15 Improved Integrations

  • AWS - S3
    Added the aws-s3-upload-file command. For more information, see the AWS S3 documentation.
  • Carbon Black Enterprise Live Response
    Improved the integration test.
  • IntSights
    Improved integration implementation and execution. For more information, see the IntSights documentation.
  • Devo
    Added a default results limit of 30.
  • EWS v2
    Added support for Public Folders and compliance search in Office 365.
  • FireEye HX
    Added enforcement of passing either the defaultSystemScript argument or both the script and scriptName arguments when running the fireeye-hx-data-acquisition command.
  • Lastline
    For more information, see the Lastline documentation.
    • Improved outputs, error messages, and code readability.
    • Added support to insert multiple inputs for the lastline-get command.
  • PagerDuty v2
    Added support to send ServiceKey with the PagerDuty-submit-event command.
  • Dell Secureworks
    Added support for getting ticket attachments.
  • ServiceNow
    • Added support for the catalog task ticket type.
    • Improved error messages.
  • SumoLogic
    Added support to use the equal sign in the query and headers arguments for the search command.
  • ThreatConnect
    Fixed a filter issue when the ratingThreshold argument is specified.
  • FireEye iSIGHT
    Added DBot score output for indicators that do not contain data.
  • McAfee ePO
    Added 2 commands:
    • epo-get-tables
    • epo-query-table
  • Cisco Umbrella Investigate
    Added 13 commands:
    • domain
    • umbrella-get-related-domains
    • umbrella-get-domain-classifiers
    • umbrella-get-domain-queryvolume
    • umbrella-get-domain-details
    • umbrella-get-domains-for-email-registrar
    • umbrella-get-domains-for-nameserver
    • umbrella-get-whois-for-domain
    • umbrella-get-malicious-domains-for-ip
    • umbrella-get-domains-using-regex
    • umbrella-get-domain-timeline
    • umbrella-get-ip-timeline
    • umbrella-get-url-timeline

Scripts

2 New Scripts

  • IsListExist
    Checks if a list exists in Demisto lists.
  • RegexGroups
    Extracts elements that are contained in all the subgroups that match the pattern.

5 Improved Scripts

  • EPOFindSystem
    Improved error handling.
  • FireEyeDetonateFile
    Added arguments to enable setting analysis type and pre-fetch when running the script.
  • PagerDutyAlertOnIncident
    PagerDuty API v2 is now supported.
  • UnzipFile
    Enabled decompression of AES encrypted files.
  • TextFromHTML
    Added support for multiple languages.

Deprecated Script

  • CloseInvestigation
    Use the closeInvestigation command.

Playbooks

13 New Playbooks

  • Add Indicator to Miner - Palo Alto MineMeld
    Add indicators to the relevant Miner using MineMeld.
  • Detonate File - BitDam
    Detonates one or more files using BitDam integration.
  • Block Account - Generic
    This playbook blocks malicious usernames using all integrations that you have enabled.
  • Block File - Carbon Black Response
    This playbook receives an MD5 hash and adds it to the blacklist in Carbon Black Enterprise Response..
  • Block File - Generic
    A generic playbook for blocking files from running on endpoints.
  • Block IP - Generic
    This playbook blocks malicious IPs using all integrations that you have enabled.
  • Block Indicators - Generic
    This playbook blocks malicious Indicators using all integrations that you have enabled.
  • Block URL - Generic
    This playbook blocks malicious URLs using all integrations that you have enabled.
  • Demisto Self-Defense - Account policy monitoring playbook
    Get list of Demisto users through the REST API, and alert if any non-SAML user accounts are found.
  • Detonate File - Lastline
    Detonates a File using the Lastline sandbox.
  • Detonate URL - Lastline
    Detonates a URL using the Lastline sandbox integration.
  • Office 365 Search and Delete
    Run a ComplianceSearch on Office 365 and delete the results.
  • Phishing Investigation - Generic
    Use this playbook to investigate and remediate a potential phishing incident. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself.

3 Improved Playbooks

  • Detonate File - Generic
    Added the Lastline Detonate File playbook.
  • Detonate URL - Generic
    Added the Lastline Detonate URL playbook.
  • Phishing Investigation - Generic
    Added support for blocking malicious indicators in relevant integrations.
Check out latest releases or
releases around demisto/content 18.10.3

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications