demisto/content 18.8.1

Demisto Content Release Notes for version 18.8.1 (11545)

on GitHub

Demisto Content Release Notes for version 18.8.1 (11545)

Published on 09 August 2018

Integrations

4 New Integrations

• AlphaSOC Network Behavior Analytics
  Retrieve alerts from the AlphaSOC Analytics Engine. For more information, see the AlphaSOC Network Behavior Analysis documentation.
• JASK
  Freeing the analyst with autonomous decisions. For more information, see the JASK documentation.
• Palo Alto AppFramework
  This framework manages all Palo Alto Networks cloud managed products. For more information, see the Palo Alto AppFramework documentation.
• VirusTotal - Private API
  Analyze suspicious hashes, URLs, domains, and IP addresses. For more information, see the Virus Total - Private API documentation.

12 Improved Integrations

• ServiceNow
  Added the servicenow-get-computer command.
• SplunkPy
  Improved handling of same key in _raw event in parseNotableEventsRaw.
• Okta
  Added new commands.
  • list-groups
  • get-groups-members
    Added several arguments for other groups commands.
• urlscan.io
  Improved DBotScore calculation.
• ipinfo
  Improved DBotScore calculation.
• VirusTotal
  • Enhanced outputs for the ip, domain, and file commands.
  • Added support for scans table as output in the file and url commands.
• Zscaler
  Added 4 new commands. For more information, see the Zscaler documentation.
  • zscaler-category-add-url
  • zscaler-category-add-ip
  • zscaler-category-remove-url
  • zscaler-category-remove-ip
• FireEye (AX Series)
  Added the submit-url command.
• Atlassian Jira
  Added support for sub-task creation. For more information, see the Jira documentation.
• OPSWAT-Metadefender
  Added support for Metadefender on cloud.
• FireEye (AX Series)
  Added the submit-url command.
• Joe Security
  Added support for multiple values in the submit and info commands.

Scripts

3 New Scripts

• GenericPollingScheduledTask
  Runs the polling command repeatedly, completes a blocking manual task when polling is complete.
• GetDuplicatesMlv2
  Find duplicate incident candidates using machine learning techniques with pre-defined data.
• PrintErrorEntry
  Prints an error entry with a customizable message.

1 Improved Script

• FindSimilarIncidentsByText
  • Support for multiple time fields.
  • Support for custom text length.

1 Deprecated Script

• GetDuplicatesMl
  Use the GetDuplicatesMlv2 script instead.

Playbooks

New Playbook

• Dedup - Generic
  Generic playbook to find duplicate incidents with one of the methods we have.

8 Improved Playbook

• Process Email - Generic
  Auto-extract indicators from emails (inline).
• Entity Enrichment - Generic
  Added support for the VirusTotal Private API and Palo Alto Application Framework integrations.
• File Enrichment - Generic
  Added support for the VirusTotal Private API and Palo Alto Application Framework integrations.
• URL Enrichment
  Added support for the VirusTotal Private API integration.
• IP Enrichment
  Added support for the VirusTotal Private API integration.
• Domain Enrichment
  Added support for the VirusTotal Private API integration.
• Phishing Investigation - Generic
  Added support for indicators extraction from files.
• McAfee ATD Detonate File
  This playbook was added back to Demisto.

Demisto v4.0

This content will be available with the official release of Demisto v4.0.

Integrations

• Hybrid Analysis
  Fully automated malware analysis with unique Hybrid Analysis. An out-of-the-box integration instance is provided.
• Carbon Black Enterprise Live Response
  Added explicit Carbon Black Live Response commands.
  • cb-process-kill
  • cb-process-execute
  • cb-memdeump
  • cb-command-create
  • cb-file-delete-from-endpoint
  • cb-registry-query-value
  • cb-registry-create-key
  • cb-registry-delete-key
  • cb-registry-delete-value
  • cb-registry-set-value
  • cb-process-list
  • cb-get-file-from-endpoint
  • cb-push-file-to-endpoint
• Rapid7 Nexpose
  Added scan functionality using Nexpose Scan Site/Assests sub-playbooks.

Scripts

• RunPollingCommand
• EmailAskUser
  Communicate with a user through email, and process the reply directly into the investigation.
• TopMaliciousRatioIndicators
  Finds the top malicious ratio indicators.
• MaliciousRatioReputation
  Sets indicator reputation to suspicious when the malicious ratio exceeds the threshold.
• ScheduleGenericPolling
  Called by the GenericPolling playbook, schedules the polling task.

Playbooks

• GenericPolling
  Generic Polling Playbook.

Widgets

• Disk Usage % per Engine
  Current disk usage percentage per engine.
• Disk Usage % per Engine (last 24h)
  Disk usage percentage per engine in the previous 24 hours.
• CPU Usage % per Engine
  Current CPU usage percentage per engine.
• CPU Usage % per Engine (last 24h)
  CPU usage percentage per engine in the previous 24 hours.
• Memory Usage % per Engine
  Current memory usage percentage per engine.
• Memory Usage % per Engine (last 24h)
  Memory usage percentage per engine in the previous 24 hours.
• Workers per Engine
  Current number of workers per engine.
• Busy Workers Count per Engine
  Current number of busy workers per engine.
• Busy Workers per Engine (last 24h)
  Number of busy workers per engine in the previous 24 hours.
• TopMaliciousRatioIndicators
  Malicious Ratio indicator widget displays indicators that appear in high ratio compared to bad incidents.
• My Tasks
  Displays active to-do tasks assigned to a user.

Dashboards

• My Dashboard
  A user-focused dashboard that displays analyst progress and to-do lists.

For the full release notes, see Demisto Content Release v.18.8.1