github demisto/content 19.3.0
Demisto Content Release version 19.3.0 (19237)
on GitHub

latest releases: 22.2.0, 22.1.0, 21.12.1...
5 years ago

Demisto Content Release Notes for version 19.3.0 (19237)

Published on 05 March 2019

Integrations

6 New Integrations

  • Active Directory Query v2
    Active Directory Query integration enables you to access and manage Active Directory objects (users, contacts, and computers).
  • Azure Compute
    Create and manage Azure Virtual Machines.
  • Azure Security Center
    Unified security management and advanced threat protection across hybrid
    cloud workloads.
  • ArcSight ESM v2
    ArcSight ESM SIEM by Micro Focus (formerly HPE Software).
  • Thinkst Canary
    By presenting itself as an apparently benign and legitimate service, the Canary draws the attention of unwanted activity. When someone trips one of the Canary's triggers, an alert is sent to notify the responsible parties so that action can be taken before valuable systems in your network are compromised.
  • Exchange 2016 Compliance Search
    Exchange Server 2016 Compliance Search enables you to search for and delete an email message from all mailboxes in your organization.

32 Improved Integrations

  • Anomali ThreatStream
    Added Push Indicators functionality.
  • RSA Archer
    Added the archer-reset-cache command, which resets the integration cache.
  • Check Point Firewall
    Improved entries and outputs.
  • CounterTack
    Updated output descriptions.
  • CVE Search
    The integration is now disabled by default.
  • Gmail
    Fixed the from argument in the gmail-add-filter command.
  • Hybrid Analysis
    The integration is now disabled by default.
  • ipinfo
    The integration is now disabled by default.
  • LogRhythm
    You can now add the server URL as an integration instance parameter.
  • MISP V2
    Improved handling of warning messages from PyMISP.
  • McAfee Active Response
    Added several new commands.
  • Mimecast
    Fixed potential bug in mimecast-list-managed-url.
  • okta
    Implemented aesthetic improvements.
  • OpenPhish
    The integration is now disabled by default.
  • Palo Alto Minemeld
    Improved error handling.
  • PhishTank
    The integration is now disabled by default.
  • RSA NetWitness v11.1
    Fixed an issue with the netwitness-update-incident command in which the assignee argument was ignored.
  • RTIR
    Fixed a certification verification error.
  • Check Point Sandblast Cloud Services
    Fixed test button, so that it will fail if the user is out of quota.
  • ServiceNow
    • Custom fields work as expected.
    • Improved indication of errors when fetching incidents.
    • Improved handling of the No Record Found error.
  • SplunkPy
    Fixed an issue with the command splunk-search, when the result contained unicode values.
  • Symantec Endpoint Protection V2
    Added lastScanTime to output in the sep-endpoints-info.
  • Symantec Advanced Threat Protection
    Fixed output for the satp-files command in cases when ATP has not seen the file.
  • Threat Crowd
    The integration is now disabled by default.
  • Cisco Threat Grid
    The threat-grid-upload-sample now works as expected with file names that contain new line characters.
  • urlscan.io
    The integration is now disabled by default.
  • urlscan.io
    Added the wait and retries rate limit arguments to the url command.
  • VirusTotal
    Improved error handling and parameters checks.
  • Whois
    The integration is now disabled by default.
  • IBM X-Force Exchange
    401 error handling.
  • dnstwist
    Added an option to specify the whois argument for the dnstwist-domain-variations command.
  • FireEye (AX Series)
    Fixed a client token parameter issue.
Deprecated Integration
  • ArcSight ESM
    Use the ArcSight ESM v2 integration instead.

Scripts

3 Improved Scripts

  • FindSimilarIncidents
    Fixed escaping of special characters.
  • FindSimilarIncidentsByText
    Improved algorithm with short texts.
  • ShowScheduledEntries
    The script does not return tasks that have completed schedules.

8 Deprecated Scripts

  • ADGetComputer
    Use the ad-get-computer command instead.
  • ADGetGroupMembers
    Use the ad-get-group-members command instead.
  • ExtractDomain
    Use the extractIndicators command instead.
  • ExtractEmail
    Use the extractIndicators command instead.
  • ExtractHash
    Use the extractIndicators command instead.
  • ExtractIP
    Use the extractIndicators command instead.
  • ExtractURL
    Use the extractIndicators command instead.
  • InviteUser
    Use the DemistoSendInvite script instead.

Playbooks

New Playbook

  • Exchange 2016 Search and Delete
    Run a compliance search in Exchange Server 2016 and delete the results.

5 Improved Playbooks

  • ArcsSight - Get events related to the Case
    The playbook now supports ArcSight ESM v2.
  • Malware Investigation - Generic - Setup
    Updated the tests comment.
  • SentinelOne - Endpoint data collection
    Added a task that checks if SentinelOne is enabled.
  • DeDup incidents
    The condition that checks if there is a context key is now set to true.
  • Detonate File - ThreatGrid
    • Fixed handling of file types.
    • The playbook only detonates files larger than 0 KB.

7 Deprecated Playbooks

  • Account Enrichment
    Use the Account Enrichment - Generic playbook instead.
  • Detonate files
    Use the Detonate File - Generic playbook instead.
  • Enrichment Playbook
    Use the Entity Enrichment - Generic playbook instead.
  • Extract Indicators - Generic
    Use the extractIndicators command instead.
  • Incident Enrichment
    Use the Default playbook instead.
  • Phishing Playbook - Automated
    Use the Phishing investigation - Generic playbook instead.
  • Process Email
    Use the Process Email - Generic playbook instead.
Check out latest releases or
releases around demisto/content 19.3.0

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications