github demisto/content 19.4.0
Demisto Content version 19.4.0 (20832)
on GitHub

latest releases: 22.2.0, 22.1.0, 21.12.1...
5 years ago

Demisto Content Release Notes for version 19.4.0 (20832)

Published on 02 April 2019

Integrations

6 New Integrations

  • CrowdStrike Falcon
    The CrowdStrike Falcon OAuth 2 API integration (formerly Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.
  • ExtraHop
    ExtraHop performs real-time stream analysis of the packets that carry data across a network.
  • Signal Sciences WAF
    Protect your web application using Signal Sciences.
  • Snowflake
    Analytic data warehouse provided as Software-as-a-Service.
  • Tufin
    Retrieve and analyze network access controls across Tufin-managed firewalls, SDN, and public cloud to identify vulnerable access paths of an attack.
  • Vertica
    Analytic database management software.

23 Improved Integrations

  • Active Directory Query v2
    • Added the context-output argument to the ad-search command. If the argument is set to no, the command will not output results.
    • Improved functionality of the size-limit argument in the ad-search command.
  • ArcSight ESM v2
    Added an integration instance parameter that limits the number of incidents that are fetched each time.
  • Azure Compute
    Fixed an issue with the azure-vm-create-instance command.
  • Palo Alto AutoFocus
    • Fixed an issue with entry tables.
    • Improved handling of HTTP errors.
  • Centreon
    Fixed proxy logic.
  • Cisco Umbrella Investigate
    Added a threshold parameter to the integration instance configuration, which can override the default malicious score.
  • CrowdStrike Falcon Sandbox
    Improved how URLs are submitted to CrowdStrike.
  • Cyber Triage
    Added support for Cyber Triage 2.6.
  • DUO Admin
    Renamed the 1_minutes_ago argument to 1_minute_ago.
  • McAfee ESM-v10
    • Improved how incidents are fetched.
    • Added support for ESM timezone.
    • The esm-get-cases-list command now supports filtering by time range.
    • Added the time format parameter.
  • Endgame
    Improved descriptions for the endgame-deploy argument.
  • HashiCorp Vault
    • Improved integration test error messages.
    • Fixed several issues with fetching credentials.
    • The list-secrets command now supports KV1 engines.
  • LogRhythm
    Added several outputs and updated context.
  • Mail Sender (New)
    • Improved error handling and messaging.
    • Added the FQDN parameter to the integration instance configuration.
  • McAfee Advanced Threat Defense
    Improved error messages for incorrect username, incorrect password, and incorrect header.
  • Palo Alto Minemeld
    • Added validation of deleting indictors from miners of type localDB.
    • Added default values to the threat intel commands.
  • Palo Alto Networks Cortex
    Implemented OAuth2 authentication.
  • Palo Alto Firewall and Panorama
    • Added the panorama-get-pcap and panorama-list-pcaps commands.
    • Improved error messages, handling of invalid inputs, catch move-rule errors and display them as message.
  • Server Message Block (SMB)
    • Added the smb-upload command.
    • Added option to print out the contents of a file instead of downloading it.
  • urlscan.io
    • Add RediredctedURLs and EffectiveURL data from the !url command to context.
    • Added the threshold parameter to the integration instance configuration.
  • VirusTotal - Private API
    • The vt-private-get-url-report command now supports multiple URLs.
    • Fixed an issue with the API.
    • Added context for the get-url, file, and domain-report commands.
    • Fixed DBot score in the ip-report command.
    • Added the Preferred Vendors List and Preferred Vendors Threshold parameters, which help determine if files and URLs are malicious.
  • Zscaler
    Fixed an issue with the rate limit error. Now several requests in short interval will produce a retry in case of failure.

Scripts

New Script

  • FindSimilarIncidents
    Find similar incidents by common incident keys, labels, custom fields, or context keys.
    We recommend using incident keys if possible, for example: "type" for the same incident type.
    For performance reasons, we recommend avoid using context keys if possible, for example, if the value also appears in the label key, use "label".

7 Improved Scripts

  • CheckDockerImageAvailable
    Checks if a Docker image is accessible for pull commands.
  • CommonServerPython
    Added proxy handling method.
  • FilterByList
    Updated the context when the list is empty.
  • IsMaliciousIndicatorFound
    Fix to only depend on DBotScore.Score.
  • ReadFile
    Fixing unicode parsing error.
  • ReadPDFFile
    Improved the error message when the script fails on reading encrypted files.
  • StixParser
    Added support for STIX2.0.

Playbooks

2 Improved Playbooks

  • Extract Indicators From File - Generic
    Improved the Is there a PDF file task, which checks if file.type and file.info contains pdf.
  • Process Email - Generic
    Improved detection of attachments that are emails.

Reports

12 Improved Reports

  • Critical and High incidents
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Daily incidents
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Critical and High incidents
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Daily incidents
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Investigation Summary
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Open Incidents
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Investigation Summary
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Last 24 hours incidents
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Last 30 days incidents
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Last 7 days incidents
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Open Incidents
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
  • Unknown severity incidents
    Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.

Widgets

Improved Widget

  • Mentions
    Only unread messages are now displayed.

Incident Layouts

4 Improved Incident Layouts

  • Access - Summary
    Applied incident source fields.
  • Malware - Summary
    Applied incident source fields.
  • Phishing - Summary
    Removed 'Email Body HTML' from default Phishing incident type summary layout.
  • Vulnerability - Summary
    Applied incident source fields.
Check out latest releases or
releases around demisto/content 19.4.0

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications