github demisto/content 19.10.0
Demisto Content Release Notes for version 19.10.0 (30654)

latest releases: 22.2.0, 22.1.0, 21.12.1...
5 years ago

Demisto Content Release Notes for version 19.10.0 (30654)

Published on 02 October 2019

Integrations

3 New Integrations

  • BitDam
    Use the BitDam integration to submit files for analysis.
  • Palo Alto Networks Traps
    Use the Palo Alto Networks Traps integration to initiate scans, retrieve files from events, isolate endpoints, quarantine files, and manage the blacklist.
  • Exabeam
    Use the Exabeam Security Management Platform integration to get data and labels for users and to get data for watchlists.

15 Improved Integrations

  • ArcSight ESM v2
    Limited the incident fetch limit to 50 incidents per fetch.
  • Palo Alto Networks AutoFocus V2
    Improved handling of empty responses for the autofocus-samples-search and autofocus-sessions-search commands.
  • Have I Been Pwned? V2
    • Added handling for cases where the rate limit is exceeded.
    • Added the max_retry_time integration parameter, which defines the maximum time per request.
  • AttackIQ Platform
    Changed the integration name from AttackIQ FireDrill to AttackIQ Platform.
  • BluecatAddressManager
    • Added the bluecat-am-get-range-by-ip command.
    • Improved handling of cases in which an error is returned from querying a non-existing IP address.
  • Microsoft Teams
    • Added support for single port mapping.
    • Added the microsoft-teams-integration-health command.
  • OnboardingIntegration
    Fixed an issue where incidents weren't fetched when the frequency parameter was set.
  • Shodan v2
    Added display name clarification.
  • Slack v2
    Added support for sending blocks (graphical attachments) in messages. For more information see the integration documentation.
  • SplunkPy
    Added the Earliest time to fetch and Latest time to fetch parameters, which are the names of the Splunk fields whose value defines the query's earliest and latest time to fetch.
  • PagerDuty v2
    Added new arguments to the PagerDuty-get-users-on-call-now command.
    • escalation_policy_ids
    • schedule_ids
  • Windows Defender Advanced Threat Protection
    Fixed an issue in the fetch incidents functionality.
  • Snowflake
    Fixed an issue in the fetch incidents functionality.
  • SentinelOne V2
    • Fixed an issue with the sentinelone-disconnect-agent command.
    • Fixed human-readable output in the sentinelone-get-threat command in cases where the content_hash does not exist.
  • Recorded Future
    Added the Suspicious Threshold parameter.

Scripts

New Script

  • PanwIndicatorCreateQueries
    The script accepts indicators as input and creates an indicator query in the relevant Palo Alto Networks products.

6 Improved Scripts

  • FilterByList
    Regular expressions (regex) now work as expected.
  • ParseEmailFiles
    Improved handling for smime signed file attachments in MSG emails.
  • CheckEmailAuthenticity
    Fixed an issue that prevented playbooks from using this script.
  • CommonServerPython
    • Added requests debugging logger when debug-mode=true.
    • Added the BaseClient and DemistoException objects.
    • Added the build_dbot_entry and build_malicious_dbot_entry functions.
    • Added spaces between cells for tableToMarkdown function output, to prevent auto-extract over multiple cells.
  • SlackAsk
    Added support for users to reply to messages received from the Demisto integration using buttons. For more information see the integration documentation.
  • SaneDocReports
    • Fixed several issues related to tables in reports generated as DOCX files.
    • Generating the new investigation layout in a report as a DOCX file works as expected.

Playbooks

2 New Playbooks

  • AutoFocusPolling
    Use this playbook as a sub-playbook to query the Palo Alto Networks AutoFocus threat intelligence system. This sub-playbook is the same as the generic polling sub-playbook except that it provides outputs in the playbook. The reason for that is that in AutoFocus it is not possible to query the results of the same query more than once, so the outputs have to be in the polling context.
  • Autofocus Query Samples, Sessions and Tags
    Use this playbook to query the PANW threat intelligence AutoFocus system. The playbook accepts indicators such as IPs, hashes, and domains to run basic queries or model advanced queries that can leverage several query parameters. We recommend that you create advanced queries using the AutoFocus UI https://autofocus.paloaltonetworks.com/#/dashboard/organization to created a query and then use the export search button. The result can be used as a playbook input.

3 Improved Playbooks

  • Panorama Query Logs
    Fixed an issue in the Panorama Query logs playbook.
  • Cortex XDR Incident Handling
    The Is AutoFocus Enabled? task now checks for the AutoFocus v2 integration.
  • Phishing Investigation - Generic v2
    Fixed an issue where the email authenticity check task failed to find the relevant script.

Incident Layouts

New Incident Layout

  • GDPR Data Breach - Summary
    Added a new layout for the GDPR Data Breach incident type.

Improved Incident Layout

  • Phishing - Summary
    Added email authenticity check to phishing incident layout (summary page).

Don't miss a new content release

NewReleases is sending notifications on new releases.