Demisto Content Release Notes for version 18.11.2 (15082)
Published on 28 November 2018
Integrations
3 New Integrations
- Server Message Block (SMB)
Retrieve files from an SMB server. For more information, see the SMB documentation. - FortiGate
Manage firewall settings and groups. For more information, see the FortiGate documentation. - Tenable Security Center
Get a real-time, continuous assessment of your security posture so you can find and fix vulnerabilities faster. For more information, see the Tenable.sc documentation.
12 Improved Integrations
-
ServiceNow
- Added support to retrieve records from any table generically in addition to tickets.
- Deprecated the servicenow-get command. Use the servicenow-get-ticket and servicenow-get-record commands instead.
- Deprecated the servicenow-create command. Use the servicenow-create-ticket and servicenow-create-record commands instead.
- Deprecated the servicenow-update command. Use the servicenow-update-ticket and servicenow-update-record commands instead.
- Deprecated the servicenow-query command. Use the servicenow-query-tickets and servicenow-query-table commands instead.
- Added the servicenow-list-table-fields command.
-
Cylance Protect v2
Improved fetch incidents implementation. -
Lastline
In the lastline-get-report command, we added the isArray option to the uuid argument. -
Mimecast
- Added 3 authentication commands:
- mimecast-login
- mimecast-discover
- mimecast-refresh-token - Improved outputs for the mimecast-query command command.
- Added a process for automatic token refresh.
- Added 3 authentication commands:
-
PagerDuty v2
Added fetch incidents functionality. -
Phish.AI
Added generic polling functionality for URLs. -
IBM QRadar
Added 5 commands:- qradar-create-reference-set
- qradar-delete-reference-set
- qradar-create-reference-set-value
- qradar-update-reference-set-value
- qradar-delete-reference-set-value
-
Recorded Future
Improved the error message when an IOC does not exist in Recorded Future. -
Venafi
- Added the venafi-get-certificate-details command.
- Improved outputs for the venafi-get-certificates command.
-
RSA NetWitness Endpoint
Fixed a bug when querying machines by hostname. -
FireEye HX
Fixed a fireeye-hx-host-containment command name error. -
RSA NetWitness v11.1
Fixed an error for bad responses when retrieving a token.
Scripts
6 New Scripts
- JSONFileToCSV
Converts a JSON file War Room output to a CSV file. - JSONtoCSV
Converts a JSON War Room output via EntryID to a CSV file. - SetByIncidentId
Sets a value to the context with the specified context key of a given incident. - URLDecode
Decodes a URL from a URL query to human-readable URL. - WordTokenize
Tokenize the words of an input text. - ParseJSON
Parse a given JSON string "value" to a representative object.
4 Improved Scripts
- GetTime
- Added time functions: UTC, year, month, day in week, hours, and UTC hours.
- Fixed GMT time to use UTC, and to not be case-sensitive.
- LoadJSON
Parses complicated JSON structures. - CreateEmailHtmlBody
- Added the ability to have custom fields in the template in both .incident.CustomFields. and incident._ formats.
- Added the option to replace non-found placeholder values with empty string.
- ActiveUsersD2
Discarded uniqBy use.
Playbooks
New Playbooks
- Detonate File - Cuckoo
Detonates files using the Cuckoo integration. - Detonate URL - Cuckoo
Detonates URLs using the Cuckoo integration. - Detonate URL - Phish.AI
Detonates a URL using the Phish.AI integration. - Launch Scan - Tenable.sc
Launches an existing Tenable.sc scan by scan ID, and waits for the scan to finish by polling the scan status according to predefined intervals.
2 Improved Playbooks
- Detonate File - Generic
Added support for Cuckoo Sandbox. - Detonate URL - Generic
Added support for Cuckoo Sandbox.