Demisto Content Release Notes for version 18.8.2 (11982)
Published on 21 August 2018
Integrations
2 New Integrations
- Gmail
Search and process emails in the organizational Gmail mailboxes. - FireEye ETP
FireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks. For more information, see the FireEye ETP documentation.
5 Improved Integrations
- Moloch
Updated the moloch_sessions_json command. For more information, see the Moloch documentation.- Returns http method and status code.
- Follows the new API structure.
- Shodan
Made several enhancements to this integration. For more information, see the Shodan documentation.- Added error handling of 404 error responses.
- Enhanced human readable output for the ip command.
- Zscaler
- Added the zscaler-get-categories command.
- Improved support for custom categories.
- Cisco Threat Grid
Added the playbook argument to the threat-grid-upload-sample command. - Atlassian Jira
Added new commands.- jira-edit-issue
- jira-get-comments
Scripts
3 New Scripts
- DBotClosedIncidentsPercentage
Data output script for populating a dashboard pie graph widget with the percentage of incidents closed by DBot vs. incidents closed by analysts. See the corresponding Closed by DBot widget in the Widgets section. - DemistoGetIncidentTasksByState
Get all tasks for a specific incident according to the incident state. - ShowScheduledEntries
Display all scheduled entries for a specific incident.
6 Improved Scripts
- DeleteContext
Added the ability to delete a specific index in a key. - ParseCSV
Fixed a unicode encoding issue. - TopMaliciousRatioIndicators
Improved handling of duplicate indicators. - FindSimilarIncidents
Enhanced the output declaration. - FindSimilarIncidentsByText
Enhanced the output declaration. - GetDuplicatesMlv2
Enhanced the output declaration.
Playbooks
3 New Playbooks
- File Enrichment - File reputation
Get the reputation for a file using one or more integrations. - File Enrichment - Virus Total Private API
Get file information using the Virus Total Private API integration. - Get Original Email - Generic
Use this playbook to retrieve the original email in the thread, including headers and attachments, when the reporting user forwarded the original email not as an attachment. This playbook contains the following sub-playbooks:- Get Original Email - EWS
- Get Original Email - Gmail
5 Improved Playbooks
- File Enrichment - Generic
Added support for the VirusTotal Private API and Palo Alto Application Framework integrations. - Domain Enrichment - Generic
Added support for the VirusTotal Private API integration. - IP Enrichment - Generic
Added support for the VirusTotal Private API integration. - URL Enrichment - Generic
Added support for the VirusTotal Private API integration. - Process Email - Generic
Added support for retrieving the original email from both EWS and Gmail mail services.
Widgets
New Widget
- Closed By DBot
Displays the percentage of incidents handled and closed by DBot, without an assigned owner, across all incidents in the specified time period.
Classification & Mapping
New Classification & Mapping
- Gmail
Added Phishing mapping for Gmail Mapping.