demisto/content 19.2.1

Demisto Content Release version 19.2.1 (18725)

on GitHub

Demisto Content Release Notes for version 19.2.1 (18725)

Published on 19 February 2019

Integrations

5 New Integrations

• CounterTack
  CounterTack empowers endpoint security teams to assure endpoint protection
  for identifying cyber threats.
• EclecticIQ Platform
  A threat intelligence platform that connects and interprets intelligence data from open sources, commercial suppliers, and industry partnerships.
• Fidelis Elevate Network
  Automate detection and response to network threats and data leakage in your organization.
• Symantec Endpoint Protection V2
  Query the Symantec Endpoint Protection Manager using the official REST API.
• WhatsMyBrowser
  Parse user agents and determine if they are malicious as well as enrich information about the agent.

13 Improved Integrations

• Anomali ThreatStream
  Fixed an issue with the DBot score.
• ArcSight ESM
  • Fixed an issue in which fetch incidents creates duplicate incidents.
  • You can now update the severity field when running the as-update-case command.
  • Updated all time outputs to be date field, in Date format, not Epoch.
• RSA Archer
  Added the archer-get-valuelist command, which gets a field's value-list.
• EWS v2
  Added the option to search by message-id when running the ews-search-mailbox command.
• IntSights
  • Added the Sub account ID parameter (for MSSP accounts) to the instance configuration.
  • Added the intsights-mssp-get-sub-accounts command.
• MISP V2
  • Added the misp-add-sighting command.
  • Added test connection functionality.
• McAfee Advanced Threat Defense
  Fixed URL parsing.
• McAfee Threat Intelligence Exchange
  Indicators with a DBot reputation score of less than 30 are now set to bad.
• Microsoft Graph
  Improved partial content handling.
• PhishMe Intelligence
  • Reimplemented the way DBot score is calculated.
  • Added 4 threshold parameters to the instance configuration.
  • Added new output paths.
• urlscan.io
  Fixed an issue where the insecure setting was ignored during polling.
• Palo Alto WildFire
  Improved command outputs.
• Windows Defender Advanced Threat Protection
  Added support for OAUTH2 authentication.

Deprecated Integration

• Symantec Endpoint Protection 14 (Deprecated)
  Use Symantec Endpoint Protection V2 instead.

Scripts

New Script

• PcapHTTPExtractor
  Parses and extracts HTTP flows (requests/responses) from a pcap/pcapng file.

7 Improved Scripts

• CommonServerPython
  Added the return_outputs() function, which wraps the demisto.results() function.
• CopyFileD2
  Added overwrite support.
• D2Drop
  Added overwrite support.
• FilterByList
  The FilterByList script now supports regex items.
• ReadPDFFile
  Improved script outputs.
• RegPathReputationBasicLists
  • Fixed the score given to a RegistryPath.
  • Added outputs.
• UnEscapeURLs
  Added handling of Microsoft ATP protected URLs.

Deprecated Script

• SEPScan
  Use the sep-scan-endpoint command instead.

Reputations

• Added reputation value and context paths for IPs, escaped IPs, domains, MD5s, SHA-1s, URLs, and escaped URLs.
• Removed unnecessary scripts.