Demisto Content Release Notes for version 18.11.0 (14606)
Published on 13 November 2018
Integrations
5 New Integrations
- BigFix
IBM BigFix Patch provides an automated, simplified patching process that is administered from a single console. For more information, see the IBM BigFix documentation. - Google Vault
Archiving and eDiscovery for G Suite. For more information, see the Google Vault documentation. - Luminate
Enrich reports and respond to incidents. For more information, see the Luminate documentation. - Tenable.io
A comprehensive asset centric solution to accurately track resources while accommodating dynamic assets such as cloud, mobile devices, containers and web applications. For more information, see the Tenable.io documentation. - Windows Defender Advanced Threat Protection
Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. For more information, see the Windows Defender ATP documentation.
18 Improved Integrations
- Carbon Black Enterprise Live Response
- Improved error messages for the session-create-and-wait command.
- Improved results for the cb-session-close command to reflect the actual session status for a CB Response case.
- Carbon Black Enterprise Response
- Improved outputs for the command cb-binary command to display full results for the Hostname field.
- Improved implementation of the cb-process-events command to prevent failure in case the information returned is partial.
- CrowdStrike Falcon Intel
Improved output for DBotScore when an indicator is not found. - EWS v2
Fixed a typo in compliance search methods. - Gmail
Added two commands to implement an email blockage use case. For more information, see the Gmail documentation.- gmail-add-delete-filter
- gmail-add-filter
- Cylance Protect v2
Added 5 commands:- cylance-protect-download-threat
- cylance-protect-add-hash-to-list
- cylance-protect-delete-hash-from-lists
- cylance-protect-get-policy-details
- cylance-protect-delete-devices
- Mimecast v2
- Refactored the Mimecast integration. Mimecast v1 is now deprecated.
- Implemented incident fetching.
- Fetch URL logs: Fetches email logs containing malicious URLs
- Fetch attachment logs: Fetches email logs containing malicious attachments
- Fetch impersonation logs: Fetches email logs containing impersonation incidents
- Added 12 commands:
- mimecast-list-blocked-sender-policies
- mimecast-create-policy
- mimecast-delete-policy
- mimecast-get-policy
- mimecast-query
- mimecast-url-decode
- mimecast-manage-sender
- mimecast-list-managed-url
- mimecast-create-managed-url
- mimecast-list-messages
- mimecast-get-url-logs
- mimecast-get-impersonation-logs
- mimecast-get-attachment-logs
- Palo Alto MineMeld
Improved implementation of whitelist/blacklist initialization. - Rapid7 Nexpose
Added support to view, stop, pause and resume scans. For more information, see the Rapid7 Nexpose documentation. - SCADAfence CNM
Added two commands. For more information, see the SCADAfence CNM documentation.- scadafence-getAllConnections
- scadafence-createAlert
- SplunkPy
Added support to fetch notable events using Splunk Time instead of the Demisto server time. - VirusTotal - Private API
Improved the error message when the quota is exceeded. - Palo Alto WildFire
The wildfire-upload command now supports multiple uploads. - McAfee ePO
- Added two commands.
- epo-find-system
- epo-get-version
- Improved outputs for the epo-query-table command.
- Added two commands.
- Rasterize
Added rasterize-image command to securely display images in war room. - IBM QRadar
- Added the qradar-get-reference-by-name command.
- Reimplemented the integration in Python.
- Cisco Threat Grid
- Updated the integration to align with changes in Threat Grid API.
- Enhanced outputs for the threat-grid-get-analysis-by-id command.
- Added two commands:
- threat-grid-search-urls
- threat-grid-search-samples
- urlscan.io
- The ip and file commands are no longer supported.
- Reformatted context outputs.
- Added the command urlscan-search
Scripts
2 New Scripts
- ExifRead
Read image files' metadata and provide Exif tags. - ParseExcel
The automation takes an Excel file (entryID) as an input and parses its content to the War Room and context.
6 Improved Scripts
- ADGetUser
Improved display formatting of UserAccountControl flags. - BlockIP
The rulename and ipname arguments are now optional, and include improved defaults. - CPBlockIP
The rulename and ipname arguments are now optional, and include improved defaults. - PanoramaBlockIP
The rulename argument is now optional, and includes improved defaults. - ProofpointDecodeURL
Improved handling of error scenarios. - ReadPDFFile
Improved handling PSEOF error.
Playbooks
2 New Playbooks
- QRadarFullSearch
This playbook runs a QRadar query and returns the query results to the context. - Tenable.io Scan
Run a Tenable.io scan.