demisto/content 18.8.2

Demisto Content Release Notes for version 18.8.2 (11982)

on GitHub

Demisto Content Release Notes for version 18.8.2 (11982)

Published on 21 August 2018

Integrations

2 New Integrations

• Gmail
  Search and process emails in the organizational Gmail mailboxes.
• FireEye ETP
  FireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks. For more information, see the FireEye ETP documentation.

5 Improved Integrations

• Moloch
  Updated the moloch_sessions_json command. For more information, see the Moloch documentation.
  • Returns http method and status code.
  • Follows the new API structure.
• Shodan
  Made several enhancements to this integration. For more information, see the Shodan documentation.
  • Added error handling of 404 error responses.
  • Enhanced human readable output for the ip command.
• Zscaler
  • Added the zscaler-get-categories command.
  • Improved support for custom categories.
• Cisco Threat Grid
  Added the playbook argument to the threat-grid-upload-sample command.
• Atlassian Jira
  Added new commands.
  • jira-edit-issue
  • jira-get-comments

Scripts

3 New Scripts

• DBotClosedIncidentsPercentage
  Data output script for populating a dashboard pie graph widget with the percentage of incidents closed by DBot vs. incidents closed by analysts. See the corresponding Closed by DBot widget in the Widgets section.
• DemistoGetIncidentTasksByState
  Get all tasks for a specific incident according to the incident state.
• ShowScheduledEntries
  Display all scheduled entries for a specific incident.

6 Improved Scripts

• DeleteContext
  Added the ability to delete a specific index in a key.
• ParseCSV
  Fixed a unicode encoding issue.
• TopMaliciousRatioIndicators
  Improved handling of duplicate indicators.
• FindSimilarIncidents
  Enhanced the output declaration.
• FindSimilarIncidentsByText
  Enhanced the output declaration.
• GetDuplicatesMlv2
  Enhanced the output declaration.

Playbooks

3 New Playbooks

• File Enrichment - File reputation
  Get the reputation for a file using one or more integrations.
• File Enrichment - Virus Total Private API
  Get file information using the Virus Total Private API integration.
• Get Original Email - Generic
  Use this playbook to retrieve the original email in the thread, including headers and attachments, when the reporting user forwarded the original email not as an attachment. This playbook contains the following sub-playbooks:
  • Get Original Email - EWS
  • Get Original Email - Gmail

5 Improved Playbooks

• File Enrichment - Generic
  Added support for the VirusTotal Private API and Palo Alto Application Framework integrations.
• Domain Enrichment - Generic
  Added support for the VirusTotal Private API integration.
• IP Enrichment - Generic
  Added support for the VirusTotal Private API integration.
• URL Enrichment - Generic
  Added support for the VirusTotal Private API integration.
• Process Email - Generic
  Added support for retrieving the original email from both EWS and Gmail mail services.

Widgets

New Widget

• Closed By DBot
  Displays the percentage of incidents handled and closed by DBot, without an assigned owner, across all incidents in the specified time period.

Classification & Mapping

New Classification & Mapping

• Gmail
  Added Phishing mapping for Gmail Mapping.