Demisto Content Release Notes for version 19.2.1 (18725)
Published on 19 February 2019
Integrations
5 New Integrations
- CounterTack
CounterTack empowers endpoint security teams to assure endpoint protection
for identifying cyber threats. - EclecticIQ Platform
A threat intelligence platform that connects and interprets intelligence data from open sources, commercial suppliers, and industry partnerships. - Fidelis Elevate Network
Automate detection and response to network threats and data leakage in your organization. - Symantec Endpoint Protection V2
Query the Symantec Endpoint Protection Manager using the official REST API. - WhatsMyBrowser
Parse user agents and determine if they are malicious as well as enrich information about the agent.
13 Improved Integrations
- Anomali ThreatStream
Fixed an issue with the DBot score. - ArcSight ESM
- Fixed an issue in which fetch incidents creates duplicate incidents.
- You can now update the severity field when running the as-update-case command.
- Updated all time outputs to be date field, in Date format, not Epoch.
- RSA Archer
Added the archer-get-valuelist command, which gets a field's value-list. - EWS v2
Added the option to search by message-id when running the ews-search-mailbox command. - IntSights
- Added the Sub account ID parameter (for MSSP accounts) to the instance configuration.
- Added the intsights-mssp-get-sub-accounts command.
- MISP V2
- Added the misp-add-sighting command.
- Added test connection functionality.
- McAfee Advanced Threat Defense
Fixed URL parsing. - McAfee Threat Intelligence Exchange
Indicators with a DBot reputation score of less than 30 are now set to bad. - Microsoft Graph
Improved partial content handling. - PhishMe Intelligence
- Reimplemented the way DBot score is calculated.
- Added 4 threshold parameters to the instance configuration.
- Added new output paths.
- urlscan.io
Fixed an issue where the insecure setting was ignored during polling. - Palo Alto WildFire
Improved command outputs. - Windows Defender Advanced Threat Protection
Added support for OAUTH2 authentication.
Deprecated Integration
- Symantec Endpoint Protection 14 (Deprecated)
Use Symantec Endpoint Protection V2 instead.
Scripts
New Script
- PcapHTTPExtractor
Parses and extracts HTTP flows (requests/responses) from a pcap/pcapng file.
7 Improved Scripts
- CommonServerPython
Added the return_outputs() function, which wraps the demisto.results() function. - CopyFileD2
Added overwrite support. - D2Drop
Added overwrite support. - FilterByList
The FilterByList script now supports regex items. - ReadPDFFile
Improved script outputs. - RegPathReputationBasicLists
- Fixed the score given to a RegistryPath.
- Added outputs.
- UnEscapeURLs
Added handling of Microsoft ATP protected URLs.
Deprecated Script
- SEPScan
Use the sep-scan-endpoint command instead.
Reputations
- Added reputation value and context paths for IPs, escaped IPs, domains, MD5s, SHA-1s, URLs, and escaped URLs.
- Removed unnecessary scripts.