Demisto Content Release Notes for version 18.6.0 (9870)
Published on 13 June 2018
Integrations
7 New Integrations
- IBM Resilient Systems
Case management that enables visibility across your tools for continual IR improvement. For more information, see the IBM Resilient Systems documentation. - Dell SecureWorks
Handle tickets in SecureWorks. For more information, see the Dell SecureWorks documentation. - AWS - EC2
Amazon Web Services Elastic Compute Cloud (EC2). For more information, see the AWS EC2 documentation. - AWS - GuardDuty
Amazon Web Services Guard Duty Service (gd). For more information, see the AWS GuardDuty documentation. - AWS - IAM
Amazon Web Services Identity and Access Management (IAM). For more information, see the AWS IAM documentation. - AWS - Route53
Amazon Web Services Managed Cloud DNS Service. For more information, see the AWS Route 53 documentation. - AWS - SQS
Amazon Web Services Simple Queuing Service (SQS). For more information, see the AWS SQS documentation.
5 Improved Integrations
- EWS Mail Sender
Solved the error_message not defined issue. - AWS - S3
Changed authentication method to STS assumerole. For more information, see the AWS S3 documentation. - EWS v2
This integration can now handle errors when moving an item between mailboxes using impersonation. For more information, see the EWS Mail Sender documentation. - Rasterize
Improved Test button functionality. - Cisco Umbrella Investigate
Fixed categorization false positive.
Scripts
2 New Scripts
- CrowdStrikeUrlParse
Parse a CrowdStrike alert URL, extract the Agent ID, and pass to the cs-device-details command to return device details. - DecodeMimeHeader
Decode MIME base64 headers.
12 Improved Scripts
- BuildEWSQuery
- Converted to Python.
- Added output context.
- Added support for query limitation.
- EmailAskUserResponse
This script can now handle BR tags in an HTML response. - FindSimilarIncidents
This script can now:- Handle exceptions for empty results.
- Support more than one incident key.
- Support multiple date formats.
- ParseEmailFiles
You can now print both text and HTML body parts in a War Room entry. - Strings
Improved handling of text files. - SetDateField
Changed the SetDateField time format, to correctly include year. - IncidentSet
Deprecated - use the setIncident command instead.
Better error handling for:
- DomainReputation
- EmailReputation
- FileReputation
- IPReputation
- URLReputation
Playbooks
6 New Playbooks
- Calculate Severity - 3rd-party integrations
Calculates the incident severity level according to the methodology of a 3rd-party integration. - Calculate Severity - Critical assets
Determines if a critical asset is associated with the investigation. The playbook returns a severity level of Critical if a critical asset is associated with the investigation. - Calculate Severity - Indicators DBotScore
Calculates the incident severity level according to the highest indicator DBotScore. - Search And Delete Emails - EWS
This playbook searches EWS to identify and delete emails with similar attributes of a malicious email. - Search And Delete Emails - Generic
This playbook searches and deletes emails with similar attributes of a malicious email.
2 Improved Playbooks
- Calculate Severity - Generic
Separated playbook logic into sub-playbooks, and improved documentation. - Phishing Investigation - Generic
Added a response section, including support for search and delete malicious emails.
Incident Layouts
New Incident Layouts
- Malware
New Summary and New/Edit layout for malware.
Classification & Mapping
New Classification & Mapping
- crowdstrike-streaming-api
Added Malware mapping for CrowdStrike Mapping.
Improved Classification & Mapping
- SplunkPy
Added Malware mapping.