demisto/content 18.12.2

Demisto Content Release version 18.12.2 (16142)

on GitHub

🎄 Demisto Content Release Notes for version 18.12.2 (16142) 🎄

Published on 25 December 2018

❄️ Integrations ❄️

3 New Integrations

• HashiCorp Vault
  Manage secrets and protect sensitive data.
• Attivo BOTsink
  Network-based threat deception for post-compromise threat detection.
• AbuseIP
  Central repository to report and identify IP addresses that have been associated with malicious activity online.

4 Improved Integrations

• EWS v2
  Improved error messages.
• FireEye HX
  Added two commands:
  • fireeye-hx-search
  • fireeye-hx-get-host-set-information
• Rasterize
  Improved error handling for Rasterize errors.
• Palo Alto Networks Panorama
  • Added support for Palo Alto Firewall.
  • Added 28 new commands, which are related to:
    - Commit and push configurations
    - Object handling: Addresses, Address Groups, Custom URL Category and URL FIltering
    - Security rule management: Create, edit, move, and delete rules

☃️ Scripts ☃️

5 New Scripts

• DBotPredictPhishingEvaluation
  Evaluate pre-trained machine learning phishing model in Demisto.
• DBotPredictPhishingLabel
  Predict text labels using the pre-trained machine learning phishing model.
• DBotPredictTextLabel
  Predict text labels using the pre-trained machine learning phishing model.
• DBotPreparePhishingData
  This script is part of phishing model training using machine learning.
• DBotTrainTextClassifier
  Create a text classifier model using machine learning.

Improved Script

• findIncidentsWithIndicator
  Fixed the Indicator and incidentIDs context keys (this fix is not backward compatible).

6 Deprecated Scripts

• PanoramaBlockIP
  Use the panorama-custom-block-rule command.
• PanoramaCommit
  Use the integration panorama-commit command.
• PanoramaConfig
  Use the panorama-config command.
• PanoramaDynamicAddressGroup
  Use the panorama-create-address-group command.
• PanoramaMove
  Use the panorama-move-rule command.
• PanoramaPcaps

🎅 Playbooks 🎅

3 New Playbooks

• DBotCreatePhishingClassifier
  Create a phishing classifier using machine learning technique, based on email content. For more information, see the Demisto Phishing Email Classifier documentation.
• DBotCreatePhishingClassifierJob
  Train the phishing machine learning model.
• PanoramaCommitConfiguration
  Commit configurations to Palo Alto Networks Firewall and Panorama.

7 Improved Playbooks

• Detonate File - BitDam
  Only supported file types are submitted to BitDam.
• Detonate File - Lastline
  Only supported file types are submitted to Lastline.
• ATD - Detonate File
  Only supported file types are submitted to McAfee ATD.
• Detonate File - SNDBOX
  Only supported file types are submitted to SNDBOX.
• Detonate File - ThreatGrid
  Only supported file types are submitted to ThreatGrid.
• WildFire - Detonate file
  Only supported file types are submitted to WildFire.
• Extract Indicators From File - Generic
  Fixed duplicate parsing of .eml and .msg files. These file types are now ignored when extracting indicators from files.

Demisto Wishes You Happy Holidays !