demisto/content 18.7.1

Demisto Content Release Notes for version 18.7.1 (10607)

on GitHub

Demisto Content Release Notes for version 18.7.1 (10607)

Published on 11 July 2018

Fixes

2 General Fixes

• In the Phishing Investigation - Generic playbook, a task fails due to missing incident fields.
• Added the Domain formatting script.

Integrations

4 New Integrations

• Mail Sender (New)
  Send Python-implemented emails with support for embedded images. For more information, see the Mail Sender (New) documentation.
• RedLock
  Cloud threat defense. For more information, see the RedLock documentation.
• Rapid7 Nexpose
  Rapid7's on-premise vulnerability management solution. For more information, see the Nexpose documentation.
• Recorded Future
  Unique threat intelligence technology that automatically serves up relevant insights in real time. For more information, see the Recorded Future documentation.

13 Improved Integrations

• CrowdStrike Falcon Sandbox
  Added support for single-server setup.
• Cylance Protect v2
  In context, device data outputs are now under path Endpoint.
• Farsight DNSDB
  • Improved error handling for 400 and 404 responses.
  • Improved human readable output.
• EWS v2
  Fixed handling of attachments with empty name or content.
• ipinfo
  Added support to use API token for paid plans.
• PostgreSQL
  Fixed the no rows returned error.
• Tanium
  Fixed Tanium timeout on errors.
• VMware
  Fixed VMware timeout on errors.
• CrowdStrike Falcon Intel
  Added support for v2 indicator API. For more information, see the CrowdStrike Falcon Intelligence v2 documentation.
• TruSTAR
  Added priority level and deep links to the related-indicators command.
• AWS - EC2
  Added 6 new commands:
  - aws-ec2-copy-image
  - aws-ec2-copy-snapshot
  - aws-ec2-describe-reserved-instances
  - aws-ec2-monitor-instances
  - aws-ec2-unmonitor-instances
  - aws-ec2-reboot-instances.
• Palo Alto WildFire
  Handled the missing report exception for the wildfire-report command.
• Demisto REST API
  Added the demisto-api-multipart and the demisto-api-download commands to upload and download files from Demisto server.

Scripts

4 New Scripts

• IPToHost
  Get the hostname correlated with the input IP.
• NexposeCreateIncidentsFromAssets
  Create incidents based on the Nexpose asset ID and vulnerability ID.
• DemistoLogsBundle
  Imports the Demisto Log Bundle to the current War Room.
• DemistoUploadFile
  Upload a file from the current incident's War Room to another incident's War Room.

2 Improved Scripts

• EmailAskUser
  Added cc and bcc arguments.
• ExtractDomainFromUrlAndEmail
  Avoid error in domain format script.

Playbooks

4 New Playbooks

• Access Investigation - Generic
  Investigate an access incident by gathering user and IP information.
• Access Investigation - QRadar
  Use the QRadar integration to investigate an access incident by gathering user and IP information.
• Vulnerability Handling - Nexpose
  Manage vulnerability remediation using Nexpose data, and optionally enrich data with 3rd-party tools.
• Vulnerability Management - Nexpose (Job)
  Manage assets' vulnerabilities using Rapid7 Nexpose.

5 Improved Playbooks

• Calculate Severity - 3rd-party integrations
  Added support for Nexpose severity.
• Calculate Severity - Generic
  Added support for Nexpose severity.
• IP Enrichment - Generic
  Added ip to host capability.
• Process Email - Generic
  This is now a generic playbook, and supports all relevant integrations (not only EWS).
• Tanium Demo Playbook
  Removed the deploy action command at the end of the playbook.