Demisto Content Release Notes for version 18.3.2 (7777)
Published on 07 March 2018
Playbooks
15 New Playbooks
- Malware Investigation - Generic
-- Investigate a malware using one or more integrations - Malware Investigation - Generic - Setup
-- Verify file sample and hostname information for the "Malware Investigation - Generic" playbook - Default Playbook
-- Enrich indicators in incident using one or more integrations - Phishing Playbook - Automated
-- An automated playbook to investigate suspected Phishing attempts - Phishing Investigation - Generic
-- Investigate a phishing incident using one or more integrations - Email Address Enrichment - Generic
-- Get email address reputation using one or more integrations - Process Email - Generic
-- Add email details into the relevant context entities and handle the case where you have attached original emails - Extract Indicators - Generic
-- Extract indicators from input data - DBot Indicator Enrichment - Generic
-- Get indicators internal Dbot score - Calculate Severity - Generic
-- Calculate incident severity by indicators' reputation and user/endpoint membership in critical groups - Entity Enrichment - Generic
-- Enrich entities using one or more integrations - File Enrichment - Generic
-- Get file reputation using one or more integrations - Search Endpoints By Hash - CrowdStrike
-- Hunt for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host - Search Endpoints By Hash - TIE
-- Hunt for sightings of MD5, SHA1 and/or SHA256 hashes on endpoints, using McAfee TIE - Search Endpoints By Hash - Carbon Black Response
-- Hunt for malicious indicators using Carbon Black
Improved Playbooks
- URL Enrichment - Generic
-- Add URL SSL verification
Scripts
2 New Scripts
- URLSSLVerification
-- Verify URL SSL certificate - getMlFeatures
-- Calculate features for machine learning
2 Improved Scripts
- GetIndicatorDBotScore
-- Support for custom indicator types - IsMaliciousIndicatorFound
-- Handle 'includeSuspicious' argument properly
Integrations
2 New Integrations
- Remedy AR
-- Professional development environment that leverages the recommendations of the IT Infrastructure Library (ITIL) and provides a foundation for Business Service Management (BSM) solutions - EWS v2
-- Exchange Web Services and Office 365 - More commands, better outputs structure and more reliable
6 Improved Integrations
- McAfee ESM-v10
-- Support changing organization when editing a case - Okta
-- Fix issue with unlock action - Remedy On-Demand
-- Added fetch-incidents support - ServiceNow
-- Fetch incidents now supports customised tables - SplunkPy
-- Add command splunk-parse-raw that parse Splunk '_raw' result. Protect Splunk notable events fetch from nil pointer - Rasterize
-- Forcing white background on emails for better visibility in the dark theme
Depracated
- EWS - use EWS v2 instead
Reputation
- Change IP regex to capture valid IP addresses only