demisto/content 18.9.0

Demisto Content Release Notes for version 18.9.0 (12477)

on GitHub

Demisto Content Release Notes for version 18.9.0 (12477)

Published on 04 September 2018

Integrations

3 New Integrations

• PagerDuty v2
  Alert and notify users using PagerDuty. For more information, see the PagerDuty documentation.
• SCADAfence CNM
  Query and fetch data from SCADAfence CNM. For more information, see the SCADAfence documentation.
• Aella Starlight
  Pervasive breach detection system. For more information, see the Aella Starlight documentation.

20 Improved Integrations

• RSA Archer
  Passwords now support special characters.
• Carbon Black Defense
  Improved outputs in the cbd-get-alerts-details command. For more information, see the Carbon Black Defense documentation.
• CrowdStrike Falcon Host
  Improved outputs for the cs-device-search command. For more information, see the CrowdStrike Falcon Host documentation.
• Cybereason
  For more information, see the Cybereason documentation.
  • Added the following commands.
    • cybereason-add-comment
    • cybereason-query-malops
    • cybereason-update-malop-status
    • cybereason-malop-processes
  • Added malops fetch.
  • Added client-certificate authentication.
• McAfee ESM v10
  Added the following commands.
  • esm-get-alarm-event-details
  • esm-list-alarm-events
• GRR Rapid Response
  Improved property identifier to username. For more information, see the GRR Rapid Response documentation.
• MISP
  Fix proxy parameter issue.
• McAfee Advanced Threat Defense
  Deprecated several commands. You should use the relevant detonate playbook. For more information, see the McAfee Advanced Threat Defense documentation.
  • deprecate detonate-file
  • detonate-url commands
• McAfee NSM
  Added proxy support.
• Okta
  Added the following commands. For more information, see the Okta documentation.
  • okta-suspend-user
  • okta-unsuspend-user
• RSA NetWitness v11.1
  There are separate checkboxes to fetch incident data and to fetch alert data. If you want to fetch alert data, you need to select both checkboxes. For more information, see the NetWitness v11 documentation.
• Rapid7 Nexpose
  Added the nexpose-create-site command. For more information, see the Rapid7 Nexpose documentation.
• Salesforce
  Added the salesforce-delete-case command. For more information, see the Salesforce documentation.
• SplunkPy
  Fixed an encoding issue in the splunk-submit-event command.
• Cisco Threat Grid
  Added the playbook parameter.
• Tanium
  • Added the following commands.
    • tn-ask-manual-question
    • tn-get-sensor
    • tn-get-action
  • Modified the tn-deploy-package command.
    • Added sensor variables as an argument.
    • Added action details to the outputs.
    • Improved raw response.
  • Modified the tn-get-package command.
    • Added sensor variable to outputs.
• urlscan.io
  Fixed the display for empty ASN.
• VirusTotal
  ScanID will appear now in the context data instead of in the command war-room output.
• CyberArk AIM
  Added the cyber-ark-aim-query command.
• Atlassian Jira
  Improved the jira-edit-issue command. For more information, see the Jira documentation.

Scripts

1 New Script

• EncodeToAscii
  Input text data to encode as ASCII. (Ignores any chars that are not interpreted as ASCII).

13 Improved Scripts

• D2O365ComplianceSearch
  Fixed the file argument not found error.
• D2O365SearchAndDelete
  Fixed the file argument not found error.
• DeleteContext
  • Changed user from limited user to DBot.
  • Added support to keep keys from nested objects and auto-trim for context path.
• DomainReputation
  Domain argument marked as default, so script can be executed as ehnancement on Domain indicators.
• IsEmailAddressInternal
  Handled context to prevent duplicates.
• IsValueInArray
  Improved support for manual execution (parse string array).
• MatchRegex
  Added the option to return all matches.
• PagerDutyAlertOnIncident
  Updated to match PagerDuty API v2.
• PagerDutyAssignOnCallUser
  Updated to match PagerDuty API v2.
• PanoramaBlockIP
  Fixed the output types.
• ParseEmailFiles
  Fixed header parsing.
• ParseCSV
  • Added the entryID argument to get the file entry by ID.
  • The file argument is deprecated.
• IsIPInRanges
  Improved handling of spaces and new lines in provided IP ranges string.

Incident Fields

Added the In-Reply-To field to the incident details.

Classification & Mapping

New Classification & Mapping

• Aella Starlight

2 Improved Classification & Mapping

• EWS v2
  Removed default mapping of html-body to prevent the rendering of malicious links.
• Gmail
  Gmail classifier.

Demisto v4.0

This content will be available with the official release of Demisto v4.0.

Integrations

1 Improved Integration

• Palo Alto WildFire
  • Deprecated the detonate-file-remote and detonate-file commands.
    Use the WildFire Detonate playbook instead.
  • Added the wildfire-upload-file-remote command.
  • Improved outputs.
  • Added support for multiple inputs for the wildfire-report command.

Scripts

1 New Script

• FailedInstances
  Executes a test for all available integration instances, and returns a detailed table that displays information about failed integration instances.

Playbooks

2 Improved Playbooks

• Nexpose Scan Assets
  Fixed playbook inputs.
• Nexpose Scan Site
  Added validations.