Demisto Content Release Notes for version 19.4.1 (21467)
Published on 16 April 2019
Integrations
3 New Integrations
- Atlassian Jira (v2)
Use the Jira integration to manage issues and create Demisto incidents from the projects. - Palo Alto Networks Cortex
The Cortex framework manages all Palo Alto Networks cloud-based products. - Google Cloud Compute
Google Compute Engine delivers virtual machines running in Google's innovative data centers and worldwide fiber network. Compute Engine's tooling and workflow support enable scaling from single instances to global, load-balanced cloud computing.
12 Improved Integrations
- AD Query v2
Fixed an issue when configuring the port parameter. - CrowdStrike Falcon
Improved wording and descriptions for the platform_name argument in the cs-falcon-search-device command. - Fidelis Elevate Network
Improved the fetch incidents function. - Snowflake
Updated documentation and setting descriptions. - CrowdStrike Falcon Sandbox
Deprecated the crowdstrike-detonate-file command and the crowdstrike-detonate-url command. Use the Crowdstrike Falcon Sandbox - Detonate playbooks instead. - McAfee ESM-v10
Improved the fetch incidents function. - HashiCorp Vault
Fixed fetching credentials. - Phish.AI
Replaced the url argument with the scan_id argument in the phish-ai-check-status command. You must replace the url argument with the scan_id argument in automations and playbooks. Backward compatibility is not supported. Added outputs that enable the Detonate URL playbook to initiate as expected. - Tanium
- Fixed an issue with testing the integration.
- Added log messages.
- VirusTotal - Private API
- Added a mechanism that supports multiple URLs, for the _vt-private-get-url-report command.
- Fixed an issue with the API.
- Added context to _vt-private-get-domain-report, _vt-private-get-file-report, and vt-private-get-url-report commands.
- Fixed the DBot score in the ip-report command.
- Added a mechanism that determines if a file or URL are malicious, based on trusted vendors.
- VirusTotal
Added a mechanism that determines whether a file or URL are malicious, based on trusted vendors. - Palo Alto Networks WildFire
Improved handling of context for the wildfire-report command in cases that hashes contain network data.
Deprecated Integration
- Atlassian Jira
Use the Atlassian Jira v2 integration instead.
Scripts
New Script
- WordTokenizerNLP
Tokenize the words of input text.
7 Improved Scripts
- ParseEmailFiles
Improved how email file types are detected. - CommonServerPython
- Added logger support for Python3.
- Common code that will be merged into each server script, when it runs.
- DemistoUploadFile
- Added a body argument.
- Improved the script description.
- DemistoUploadFileToIncident
- Added a body argument.
- Improved the script description.
- ExtractDomainFromUrlAndEmail
Executes the UnEscapeURLs script before extracting the domain. - UnEscapeIPs
The script input now supports arrays. - UnEscapeURLs
The script input now supports arrays.
Playbooks
6 Improved Playbooks
- Detonate File - JoeSecurity
Added missing outputs. - ATD - Detonate File
Added missing outputs. - Detonate URL - JoeSecurity
Added missing outputs. - Detonate URL - McAfee ATD
Added missing outputs. - Detonate URL - Phish.AI
- Improved playbook implementation.
- Added outputs.
- Process Email - Generic
Fixed how indicators are extracted.