Demisto Content Release Notes for version 19.3.1 (19965)
Published on 19 March 2019
Integrations
New Integrations
- DUO Admin
Manage administrative functionality of DUO Security's two-factor authentication platform.
11 Improved Integrations
- Active Directory Query v2
- Added the context-output argument to the ad-search command. If the argument is set to no, the command will not output results.
- Improved functionality of the size-limit argument in the ad-search command.
- ArcSight ESM v2
- Added the newparameter parameter, which defines the maximum number of unique case IDs to fetch.
- Improved representation of ArcSight fields in the context.
- For the as-get-case-event-ids command, added a flag that gets correlated events .
- Cybereason
Added the machinename argument to the cybereason-malop-processes command. - Gmail
Improved fetched incidents functionality. - Luminate
Added severity to fetched incidents. - Phish.AI
Added the phish-ai-dispute-url command. - ProtectWise
Fixed a context output issue, which caused inaccessible items to be available in context. - Symantec Advanced Threat Protection
Fixed output for the satp-files command in cases when the file was not previously seen in ATP. - Whois
The integration is now disabled by default. - Palo Alto Networks WildFire
Improved error handling for the wildfire-report command. - Zscaler
Added the Use system proxy settings checkbox to the integration configuration. By default, the checkbox is selected. If you do not want to use system proxy settings, make sure you clear this checkbox.
Scripts
New Script
- CheckDockerImageAvailable
Checks if a Docker image is available for performing Docker pull. The script simulates the Docker pull flow, but doesn't actually pull the image.
6 Improved Scripts
- ParseEmailFiles
- EML files nested within EML files, and MSG files nested within MSG files are now extracted and parsed.
- Use the HeadersMap (key-value structure) for output instead of Headers.
- Added the parse_only_headers argument (set to true) to parse only headers.
- ExtractDomainFromUrlAndEmail
Fixed domain extraction functionality when working with subdomains in an email. - ExtractIndicatorsFromWordFile
- Fixed an encoding issue.
- Added support for encoding to UTF-8 when displaying the data.
- FindSimilarIncidents
Future incidents are now ignored. - ParseCSV
Added support for non-UTF-8 codec. - RegPathReputationBasicLists
Fixed score output.
Deprecated Script
- ParseEmailHeaders
Use the ParseEmailFiles script instead. You need to specify parse_only_headers=true.
Playbooks
2 Improved Playbooks
- Detonate File - HybridAnalysis
The playbook now checks for an active integration instance enabled. - Process Email - Generic
Improved detection of EML and MSG files as attachments.
Widgets
8 New Widgets
- Active Incidents Assigned by User
- Active Incidents by Role
- Active Incidents - Line chart
- Active Incidents - Pie chart
- Closed Incidents by Role
- Unassigned Active Incidents
- Unassigned Closed Incidents
- Unassigned Pending Incidents
8 Improved Widgets
- Average Incident Duration by Role (Avg)
Improved the query and updated the widget name. - Incidents By Close Reason
Improved the query and updated the widget name. - Incidents Occurred Per Day
Improved the query and updated the widget name. - Incidents by Role
Improved the query and updated the widget name. - Incidents Top Close Analysts
Improved the query and updated the widget name. - MTTR by Type
Improved the query and updated the widget name. - MTTR Occurred by Type
Improved the query and updated the widget name. - Top Active Playbooks
Improved the query and updated the widget name.
4 Removed Widgets
- ActiveIncidentByType
- ActiveIncidentsBySeverity
- IncidentsAssignedByUser
- Mttr