github demisto/content 18.11.0
Demisto Content Release Notes for version 18.11.0 (14606)
on GitHub

latest releases: 22.2.0, 22.1.0, 21.12.1...
5 years ago

Demisto Content Release Notes for version 18.11.0 (14606)

Published on 13 November 2018

Integrations

5 New Integrations

  • BigFix
    IBM BigFix Patch provides an automated, simplified patching process that is administered from a single console. For more information, see the IBM BigFix documentation.
  • Google Vault
    Archiving and eDiscovery for G Suite. For more information, see the Google Vault documentation.
  • Luminate
    Enrich reports and respond to incidents. For more information, see the Luminate documentation.
  • Tenable.io
    A comprehensive asset centric solution to accurately track resources while accommodating dynamic assets such as cloud, mobile devices, containers and web applications. For more information, see the Tenable.io documentation.
  • Windows Defender Advanced Threat Protection
    Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. For more information, see the Windows Defender ATP documentation.

18 Improved Integrations

  • Carbon Black Enterprise Live Response
    • Improved error messages for the session-create-and-wait command.
    • Improved results for the cb-session-close command to reflect the actual session status for a CB Response case.
  • Carbon Black Enterprise Response
    • Improved outputs for the command cb-binary command to display full results for the Hostname field.
    • Improved implementation of the cb-process-events command to prevent failure in case the information returned is partial.
  • CrowdStrike Falcon Intel
    Improved output for DBotScore when an indicator is not found.
  • EWS v2
    Fixed a typo in compliance search methods.
  • Gmail
    Added two commands to implement an email blockage use case. For more information, see the Gmail documentation.
    • gmail-add-delete-filter
    • gmail-add-filter
  • Cylance Protect v2
    Added 5 commands:
    • cylance-protect-download-threat
    • cylance-protect-add-hash-to-list
    • cylance-protect-delete-hash-from-lists
    • cylance-protect-get-policy-details
    • cylance-protect-delete-devices
  • Mimecast v2
    • Refactored the Mimecast integration. Mimecast v1 is now deprecated.
    • Implemented incident fetching.
      • Fetch URL logs: Fetches email logs containing malicious URLs
      • Fetch attachment logs: Fetches email logs containing malicious attachments
      • Fetch impersonation logs: Fetches email logs containing impersonation incidents
    • Added 12 commands:
      • mimecast-list-blocked-sender-policies
      • mimecast-create-policy
      • mimecast-delete-policy
      • mimecast-get-policy
      • mimecast-query
      • mimecast-url-decode
      • mimecast-manage-sender
      • mimecast-list-managed-url
      • mimecast-create-managed-url
      • mimecast-list-messages
      • mimecast-get-url-logs
      • mimecast-get-impersonation-logs
      • mimecast-get-attachment-logs
  • Palo Alto MineMeld
    Improved implementation of whitelist/blacklist initialization.
  • Rapid7 Nexpose
    Added support to view, stop, pause and resume scans. For more information, see the Rapid7 Nexpose documentation.
  • SCADAfence CNM
    Added two commands. For more information, see the SCADAfence CNM documentation.
    • scadafence-getAllConnections
    • scadafence-createAlert
  • SplunkPy
    Added support to fetch notable events using Splunk Time instead of the Demisto server time.
  • VirusTotal - Private API
    Improved the error message when the quota is exceeded.
  • Palo Alto WildFire
    The wildfire-upload command now supports multiple uploads.
  • McAfee ePO
    • Added two commands.
      • epo-find-system
      • epo-get-version
    • Improved outputs for the epo-query-table command.
  • Rasterize
    Added rasterize-image command to securely display images in war room.
  • IBM QRadar
    • Added the qradar-get-reference-by-name command.
    • Reimplemented the integration in Python.
  • Cisco Threat Grid
    • Updated the integration to align with changes in Threat Grid API.
    • Enhanced outputs for the threat-grid-get-analysis-by-id command.
    • Added two commands:
      - threat-grid-search-urls
      - threat-grid-search-samples
  • urlscan.io
    • The ip and file commands are no longer supported.
    • Reformatted context outputs.
    • Added the command urlscan-search

Scripts

2 New Scripts

  • ExifRead
    Read image files' metadata and provide Exif tags.
  • ParseExcel
    The automation takes an Excel file (entryID) as an input and parses its content to the War Room and context.

6 Improved Scripts

  • ADGetUser
    Improved display formatting of UserAccountControl flags.
  • BlockIP
    The rulename and ipname arguments are now optional, and include improved defaults.
  • CPBlockIP
    The rulename and ipname arguments are now optional, and include improved defaults.
  • PanoramaBlockIP
    The rulename argument is now optional, and includes improved defaults.
  • ProofpointDecodeURL
    Improved handling of error scenarios.
  • ReadPDFFile
    Improved handling PSEOF error.

Playbooks

2 New Playbooks

  • QRadarFullSearch
    This playbook runs a QRadar query and returns the query results to the context.
  • Tenable.io Scan
    Run a Tenable.io scan.
Check out latest releases or
releases around demisto/content 18.11.0

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications