Demisto Content Release Notes for version 19.1.2 (17432)
Published on 22 January 2019
Integrations
4 New Integrations
- Alexa Rank Indicator
Alexa provides website ranking information that can be useful in determining if the domain in question has a strong web presence. - MaxMind GeoIP2
Enriches IP addresses. - ThreatMiner
Discover additional information on IOCs. - Google Resource Manager
Google Cloud Platform Resource Manager
20 Improved Integrations
- AWS - CloudTrail
Fixed a bug in aws-cloudtrail-lookup-events command. - AWS - CloudWatchLogs
Improved argument implementation for the region command. - AWS - S3
Fixed a bug in the aws-s3-upload-file command. - Carbon Black Enterprise Live Response
Improved outputs for the cb-directory-listing command. - Cybereason
- Enhanced outputs for the cybereason-query-malops command.
- Improved implementation of the command cybereason-isolate-machine to match all Cybereason versions.
- Cylance Protect
Enhanced outputs for the cp-download-threat and cylance-protect-download-threat commands. - EWS v2
Improved EWS instance configuration. - Gmail
Improved text conversion for HTML only emails. - Hybrid Analysis
Added the hybrid-analysis-get-report-status command. - Microsoft Graph
Implemented OAUTH2 authentication, please see integration documentation for further details. - Palo Alto Firewall and Panorama
- Improved error handling for port configuration.
- improved implementation of the panorama-custom-block command.
- Fixed generic rulename given to Security Rules when not supplying a rule name, for several commands.
- RSA NetWitness v11.1
Fixed a bug in the netwitness-update-incident command. - Shodan
Added the page argument to the search command. - SplunkPy
- Added the unsecure parameter.
- Fixed a bug in the command splunk-notable-event-edit.
- ThreatConnect
For the tc-update-indicator command, we added support for the following arguments:- falsePositive
- observations
- securityLabel
- threatAssessConfidence
- threatAssessRating
- Cisco Threat Grid
Added data to raw response for the feeds commands. - Windows Defender Advanced Threat Protection
Added the microsoft-atp-update-alert command. - Rasterize
Added the size argument to the rasterize-image command. - FireEye HX
Added the fireeye-hx-create-indicator command. - JASK
- Improved implementation of fetched incidents
- Added a parameter which enables you to define the result limit.
Scripts
5 New Scripts
- ConvertKeysToTableFieldFormat
Converts object keys to match table keys.
Use this script when mapping object/collection to a grid (table) field. - ExtractIndicatorsFromTextFile
Extracts indicators from a text-based file. - ExtractIndicatorsFromWordFile
Extracts indicators from Word files (DOC, DOCX). - ReadPDFFile
Loads a PDF file's contents and metadata into context. - StringContainsArray
Checks whether a substring or an array of substrings is within a string array (each item will be checked).
5 Improved Scripts
- ExtractIndicatorsFromTextFile
Updated the script to use the enhanced extractIndicators command. - IsMaliciousIndicatorFound
Added support for Email and Domain indicators. - ParseCSV
Improved handling of null byte character. - Ping
Updated the script to use native ping utility. - ReadPDFFile
Updated the script to use the enhanced extractIndicators command.
Playbooks
New Playbook
- Detonate File - HybridAnalysis
Detonates one or more files using the Hybrid Analysis integration.
5 Improved Playbooks
- Calculate Severity - Critical assets
Replaced use of the StringContains script with a new filter. - Detonate File - Generic
Added the Hybrid Analysis detonate file playbook. - Extract Indicators From File - Generic
The playbook now utilizes the new feature of extracting indicators from Word documents. - Get File Sample By Hash - Cylance Protect
Added support fo Cylance Protect v2 and Cylance Protect v1 integrations. - Get File Sample From Hash - Generic
Added MD5 and SHA-256 inputs to the playbook.