Demisto Content Release Notes for version 18.9.1 (12565)
Published on 06 September 2018
Integrations
3 New Integrations
- PagerDuty v2
Alert and notify users using PagerDuty. For more information, see the PagerDuty documentation. - SCADAfence CNM
Query and fetch data from SCADAfence CNM. For more information, see the SCADAfence documentation. - Aella Starlight
Pervasive breach detection system. For more information, see the Aella Starlight documentation.
20 Improved Integrations
- RSA Archer
Passwords now support special characters. - Carbon Black Defense
Improved outputs in the cbd-get-alerts-details command. For more information, see the Carbon Black Defense documentation. - CrowdStrike Falcon Host
Improved outputs for the cs-device-search command. For more information, see the CrowdStrike Falcon Host documentation. - Cybereason
For more information, see the Cybereason documentation.- Added the following commands.
- cybereason-add-comment
- cybereason-query-malops
- cybereason-update-malop-status
- cybereason-malop-processes
- Added malops fetch.
- Added client-certificate authentication.
- Added the following commands.
- McAfee ESM v10
Added the following commands.- esm-get-alarm-event-details
- esm-list-alarm-events
- GRR Rapid Response
Improved property identifier to username. For more information, see the GRR Rapid Response documentation. - MISP
Fix proxy parameter issue. - McAfee Advanced Threat Defense
Deprecated several commands. You should use the relevant detonate playbook. For more information, see the McAfee Advanced Threat Defense documentation.- deprecate detonate-file
- detonate-url commands
- McAfee NSM
Added proxy support. - Okta
Added the following commands. For more information, see the Okta documentation.- okta-suspend-user
- okta-unsuspend-user
- RSA NetWitness v11.1
There are separate checkboxes to fetch incident data and to fetch alert data. If you want to fetch alert data, you need to select both checkboxes. For more information, see the NetWitness v11 documentation. - Rapid7 Nexpose
Added the nexpose-create-site command. For more information, see the Rapid7 Nexpose documentation. - Salesforce
Added the salesforce-delete-case command. For more information, see the Salesforce documentation. - SplunkPy
Fixed an encoding issue in the splunk-submit-event command. - Cisco Threat Grid
Added the playbook parameter. - Tanium
- Added the following commands.
- tn-ask-manual-question
- tn-get-sensor
- tn-get-action
- Modified the tn-deploy-package command.
- Added sensor variables as an argument.
- Added action details to the outputs.
- Improved raw response.
- Modified the tn-get-package command.
- Added sensor variable to outputs.
- Added the following commands.
- urlscan.io
Fixed the display for empty ASN. - VirusTotal
ScanID will appear now in the context data instead of in the command war-room output. - CyberArk AIM
Added the cyber-ark-aim-query command. - Atlassian Jira
Improved the jira-edit-issue command. For more information, see the Jira documentation.
Scripts
1 New Script
- EncodeToAscii
Input text data to encode as ASCII. (Ignores any chars that are not interpreted as ASCII).
13 Improved Scripts
- D2O365ComplianceSearch
Fixed the file argument not found error. - D2O365SearchAndDelete
Fixed the file argument not found error. - DeleteContext
- Changed user from limited user to DBot.
- Added support to keep keys from nested objects and auto-trim for context path.
- DomainReputation
Domain argument marked as default, so script can be executed as ehnancement on Domain indicators. - IsEmailAddressInternal
Handled context to prevent duplicates. - IsValueInArray
Improved support for manual execution (parse string array). - MatchRegex
Added the option to return all matches. - PagerDutyAlertOnIncident
Updated to match PagerDuty API v2. - PagerDutyAssignOnCallUser
Updated to match PagerDuty API v2. - PanoramaBlockIP
Fixed the output types. - ParseEmailFiles
Fixed header parsing. - ParseCSV
- Added the entryID argument to get the file entry by ID.
- The file argument is deprecated.
- IsIPInRanges
Improved handling of spaces and new lines in provided IP ranges string.
Incident Fields
Added the In-Reply-To field to the incident details.
Classification & Mapping
New Classification & Mapping
- Aella Starlight
2 Improved Classification & Mapping
- EWS v2
Removed default mapping of html-body to prevent the rendering of malicious links. - Gmail
Gmail classifier.
Demisto v4.0
This content will be available with the official release of Demisto v4.0.
Integrations
1 Improved Integration
- Palo Alto WildFire
- Deprecated the detonate-file-remote and detonate-file commands.
Use the WildFire Detonate playbook instead. - Added the wildfire-upload-file-remote command.
- Improved outputs.
- Added support for multiple inputs for the wildfire-report command.
- Deprecated the detonate-file-remote and detonate-file commands.
Scripts
1 New Script
- FailedInstances
Executes a test for all available integration instances, and returns a detailed table that displays information about failed integration instances.
Playbooks
2 Improved Playbooks
- Nexpose Scan Assets
Fixed playbook inputs. - Nexpose Scan Site
Added validations.