demisto/content 18.11.2

Demisto Content Release Notes for version 18.11.2 (15082)

on GitHub

Demisto Content Release Notes for version 18.11.2 (15082)

Published on 28 November 2018

Integrations

3 New Integrations

• Server Message Block (SMB)
  Retrieve files from an SMB server. For more information, see the SMB documentation.
• FortiGate
  Manage firewall settings and groups. For more information, see the FortiGate documentation.
• Tenable Security Center
  Get a real-time, continuous assessment of your security posture so you can find and fix vulnerabilities faster. For more information, see the Tenable.sc documentation.

12 Improved Integrations

• ServiceNow

  • Added support to retrieve records from any table generically in addition to tickets.
  • Deprecated the servicenow-get command. Use the servicenow-get-ticket and servicenow-get-record commands instead.
  • Deprecated the servicenow-create command. Use the servicenow-create-ticket and servicenow-create-record commands instead.
  • Deprecated the servicenow-update command. Use the servicenow-update-ticket and servicenow-update-record commands instead.
  • Deprecated the servicenow-query command. Use the servicenow-query-tickets and servicenow-query-table commands instead.
  • Added the servicenow-list-table-fields command.

• Cylance Protect v2
  Improved fetch incidents implementation.

• Lastline
  In the lastline-get-report command, we added the isArray option to the uuid argument.

• Mimecast

  • Added 3 authentication commands:
    - mimecast-login
    - mimecast-discover
    - mimecast-refresh-token
  • Improved outputs for the mimecast-query command command.
  • Added a process for automatic token refresh.

• PagerDuty v2
  Added fetch incidents functionality.

• Phish.AI
  Added generic polling functionality for URLs.

• IBM QRadar
  Added 5 commands:

  • qradar-create-reference-set
  • qradar-delete-reference-set
  • qradar-create-reference-set-value
  • qradar-update-reference-set-value
  • qradar-delete-reference-set-value

• Recorded Future
  Improved the error message when an IOC does not exist in Recorded Future.

• Venafi

  • Added the venafi-get-certificate-details command.
  • Improved outputs for the venafi-get-certificates command.

• RSA NetWitness Endpoint
  Fixed a bug when querying machines by hostname.

• FireEye HX
  Fixed a fireeye-hx-host-containment command name error.

• RSA NetWitness v11.1
  Fixed an error for bad responses when retrieving a token.

Scripts

6 New Scripts

• JSONFileToCSV
  Converts a JSON file War Room output to a CSV file.
• JSONtoCSV
  Converts a JSON War Room output via EntryID to a CSV file.
• SetByIncidentId
  Sets a value to the context with the specified context key of a given incident.
• URLDecode
  Decodes a URL from a URL query to human-readable URL.
• WordTokenize
  Tokenize the words of an input text.
• ParseJSON
  Parse a given JSON string "value" to a representative object.

4 Improved Scripts

• GetTime
  • Added time functions: UTC, year, month, day in week, hours, and UTC hours.
  • Fixed GMT time to use UTC, and to not be case-sensitive.
• LoadJSON
  Parses complicated JSON structures.
• CreateEmailHtmlBody
  • Added the ability to have custom fields in the template in both .incident.CustomFields. and incident._ formats.
  • Added the option to replace non-found placeholder values with empty string.
• ActiveUsersD2
  Discarded uniqBy use.

Playbooks

New Playbooks

• Detonate File - Cuckoo
  Detonates files using the Cuckoo integration.
• Detonate URL - Cuckoo
  Detonates URLs using the Cuckoo integration.
• Detonate URL - Phish.AI
  Detonates a URL using the Phish.AI integration.
• Launch Scan - Tenable.sc
  Launches an existing Tenable.sc scan by scan ID, and waits for the scan to finish by polling the scan status according to predefined intervals.

2 Improved Playbooks

• Detonate File - Generic
  Added support for Cuckoo Sandbox.
• Detonate URL - Generic
  Added support for Cuckoo Sandbox.