demisto/content 19.3.1

Demisto Content version 19.3.1 (19965)

on GitHub

Demisto Content Release Notes for version 19.3.1 (19965)

Published on 19 March 2019

Integrations

New Integrations

• DUO Admin
  Manage administrative functionality of DUO Security's two-factor authentication platform.

11 Improved Integrations

• Active Directory Query v2
  • Added the context-output argument to the ad-search command. If the argument is set to no, the command will not output results.
  • Improved functionality of the size-limit argument in the ad-search command.
• ArcSight ESM v2
  • Added the newparameter parameter, which defines the maximum number of unique case IDs to fetch.
  • Improved representation of ArcSight fields in the context.
  • For the as-get-case-event-ids command, added a flag that gets correlated events .
• Cybereason
  Added the machinename argument to the cybereason-malop-processes command.
• Gmail
  Improved fetched incidents functionality.
• Luminate
  Added severity to fetched incidents.
• Phish.AI
  Added the phish-ai-dispute-url command.
• ProtectWise
  Fixed a context output issue, which caused inaccessible items to be available in context.
• Symantec Advanced Threat Protection
  Fixed output for the satp-files command in cases when the file was not previously seen in ATP.
• Whois
  The integration is now disabled by default.
• Palo Alto Networks WildFire
  Improved error handling for the wildfire-report command.
• Zscaler
  Added the Use system proxy settings checkbox to the integration configuration. By default, the checkbox is selected. If you do not want to use system proxy settings, make sure you clear this checkbox.

Scripts

New Script

• CheckDockerImageAvailable
  Checks if a Docker image is available for performing Docker pull. The script simulates the Docker pull flow, but doesn't actually pull the image.

6 Improved Scripts

• ParseEmailFiles
  • EML files nested within EML files, and MSG files nested within MSG files are now extracted and parsed.
  • Use the HeadersMap (key-value structure) for output instead of Headers.
  • Added the parse_only_headers argument (set to true) to parse only headers.
• ExtractDomainFromUrlAndEmail
  Fixed domain extraction functionality when working with subdomains in an email.
• ExtractIndicatorsFromWordFile
  • Fixed an encoding issue.
  • Added support for encoding to UTF-8 when displaying the data.
• FindSimilarIncidents
  Future incidents are now ignored.
• ParseCSV
  Added support for non-UTF-8 codec.
• RegPathReputationBasicLists
  Fixed score output.

Deprecated Script

• ParseEmailHeaders
  Use the ParseEmailFiles script instead. You need to specify parse_only_headers=true.

Playbooks

2 Improved Playbooks

• Detonate File - HybridAnalysis
  The playbook now checks for an active integration instance enabled.
• Process Email - Generic
  Improved detection of EML and MSG files as attachments.

Widgets

8 New Widgets

• Active Incidents Assigned by User
• Active Incidents by Role
• Active Incidents - Line chart
• Active Incidents - Pie chart
• Closed Incidents by Role
• Unassigned Active Incidents
• Unassigned Closed Incidents
• Unassigned Pending Incidents

8 Improved Widgets

• Average Incident Duration by Role (Avg)
  Improved the query and updated the widget name.
• Incidents By Close Reason
  Improved the query and updated the widget name.
• Incidents Occurred Per Day
  Improved the query and updated the widget name.
• Incidents by Role
  Improved the query and updated the widget name.
• Incidents Top Close Analysts
  Improved the query and updated the widget name.
• MTTR by Type
  Improved the query and updated the widget name.
• MTTR Occurred by Type
  Improved the query and updated the widget name.
• Top Active Playbooks
  Improved the query and updated the widget name.

4 Removed Widgets

• ActiveIncidentByType
• ActiveIncidentsBySeverity
• IncidentsAssignedByUser
• Mttr