Demisto Content Release Notes for version 19.2.2 (18802)
Published on 21 February 2019
Integrations
5 New Integrations
- CounterTack
CounterTack empowers endpoint security teams to assure endpoint protection
for identifying cyber threats. - EclecticIQ Platform
A threat intelligence platform that connects and interprets intelligence data from open sources, commercial suppliers, and industry partnerships. - Fidelis Elevate Network
Automate detection and response to network threats and data leakage in your organization. - Symantec Endpoint Protection V2
Query the Symantec Endpoint Protection Manager using the official REST API. - WhatsMyBrowser
Parse user agents and determine if they are malicious as well as enrich information about the agent.
13 Improved Integrations
- Anomali ThreatStream
Fixed an issue with the DBot score. - ArcSight ESM
- Fixed an issue in which fetch incidents creates duplicate incidents.
- You can now update the severity field when running the as-update-case command.
- Updated all time outputs to be date field, in Date format, not Epoch.
- RSA Archer
Added the archer-get-valuelist command, which gets a field's value-list. - EWS v2
Added the option to search by message-id when running the ews-search-mailbox command. - IntSights
- Added the Sub account ID parameter (for MSSP accounts) to the instance configuration.
- Added the intsights-mssp-get-sub-accounts command.
- MISP V2
- Added the misp-add-sighting command.
- Added test connection functionality.
- McAfee Advanced Threat Defense
Fixed URL parsing. - McAfee Threat Intelligence Exchange
Indicators with a DBot reputation score of less than 30 are now set to bad. - Microsoft Graph
Improved partial content handling. - PhishMe Intelligence
- Reimplemented the way DBot score is calculated.
- Added 4 threshold parameters to the instance configuration.
- Added new output paths.
- urlscan.io
Fixed an issue where the insecure setting was ignored during polling. - Palo Alto WildFire
Improved command outputs. - Windows Defender Advanced Threat Protection
Added support for OAUTH2 authentication.
Deprecated Integration
- Symantec Endpoint Protection 14 (Deprecated)
Use Symantec Endpoint Protection V2 instead.
Scripts
New Script
- PcapHTTPExtractor
Parses and extracts HTTP flows (requests/responses) from a pcap/pcapng file.
7 Improved Scripts
- CommonServerPython
Added the return_outputs() function, which wraps the demisto.results() function. - CopyFileD2
Added overwrite support. - D2Drop
Added overwrite support. - FilterByList
The FilterByList script now supports regex items. - ReadPDFFile
Improved script outputs. - RegPathReputationBasicLists
- Fixed the score given to a RegistryPath.
- Added outputs.
- UnEscapeURLs
Added handling of Microsoft ATP protected URLs.
Deprecated Script
- SEPScan
Use the sep-scan-endpoint command instead.
Reputations
- Added reputation value and context paths for IPs, escaped IPs, domains, MD5s, SHA-1s, URLs, and escaped URLs.
- Removed unnecessary scripts.
Breaking Changes
ArcSight ESM instance configuration settings deleted
If you installed Content Release v19.2.1 (18725), certain ArcSight ESM instance parameters might have been deleted in the instances configured before installing this content version.