github demisto/content 19.2.1
Demisto Content Release version 19.2.1 (18725)

latest releases: 22.2.0, 22.1.0, 21.12.1...
5 years ago

Demisto Content Release Notes for version 19.2.1 (18725)

Published on 19 February 2019

Integrations

5 New Integrations

  • CounterTack
    CounterTack empowers endpoint security teams to assure endpoint protection
    for identifying cyber threats.
  • EclecticIQ Platform
    A threat intelligence platform that connects and interprets intelligence data from open sources, commercial suppliers, and industry partnerships.
  • Fidelis Elevate Network
    Automate detection and response to network threats and data leakage in your organization.
  • Symantec Endpoint Protection V2
    Query the Symantec Endpoint Protection Manager using the official REST API.
  • WhatsMyBrowser
    Parse user agents and determine if they are malicious as well as enrich information about the agent.

13 Improved Integrations

  • Anomali ThreatStream
    Fixed an issue with the DBot score.
  • ArcSight ESM
    • Fixed an issue in which fetch incidents creates duplicate incidents.
    • You can now update the severity field when running the as-update-case command.
    • Updated all time outputs to be date field, in Date format, not Epoch.
  • RSA Archer
    Added the archer-get-valuelist command, which gets a field's value-list.
  • EWS v2
    Added the option to search by message-id when running the ews-search-mailbox command.
  • IntSights
    • Added the Sub account ID parameter (for MSSP accounts) to the instance configuration.
    • Added the intsights-mssp-get-sub-accounts command.
  • MISP V2
    • Added the misp-add-sighting command.
    • Added test connection functionality.
  • McAfee Advanced Threat Defense
    Fixed URL parsing.
  • McAfee Threat Intelligence Exchange
    Indicators with a DBot reputation score of less than 30 are now set to bad.
  • Microsoft Graph
    Improved partial content handling.
  • PhishMe Intelligence
    • Reimplemented the way DBot score is calculated.
    • Added 4 threshold parameters to the instance configuration.
    • Added new output paths.
  • urlscan.io
    Fixed an issue where the insecure setting was ignored during polling.
  • Palo Alto WildFire
    Improved command outputs.
  • Windows Defender Advanced Threat Protection
    Added support for OAUTH2 authentication.
Deprecated Integration
  • Symantec Endpoint Protection 14 (Deprecated)
    Use Symantec Endpoint Protection V2 instead.

Scripts

New Script

  • PcapHTTPExtractor
    Parses and extracts HTTP flows (requests/responses) from a pcap/pcapng file.

7 Improved Scripts

  • CommonServerPython
    Added the return_outputs() function, which wraps the demisto.results() function.
  • CopyFileD2
    Added overwrite support.
  • D2Drop
    Added overwrite support.
  • FilterByList
    The FilterByList script now supports regex items.
  • ReadPDFFile
    Improved script outputs.
  • RegPathReputationBasicLists
    • Fixed the score given to a RegistryPath.
    • Added outputs.
  • UnEscapeURLs
    Added handling of Microsoft ATP protected URLs.

Deprecated Script

  • SEPScan
    Use the sep-scan-endpoint command instead.

Reputations

  • Added reputation value and context paths for IPs, escaped IPs, domains, MD5s, SHA-1s, URLs, and escaped URLs.
  • Removed unnecessary scripts.

Don't miss a new content release

NewReleases is sending notifications on new releases.