Demisto Content Release Notes for version 19.5.0 (22786)
Published on 14 May 2019
Integrations
3 New Integrations
- Image OCR
Extracts text from images. - Netcraft
Enables you to open and handle takedown requests. - Palo Alto Networks WildFire v2
Perform malware dynamic analysis.
5 Improved Integrations
- Carbon Black Enterprise Protection v2
- Improved argument descriptions.
- Added various arguments that streamline search commands.
- For more information, see the Carbon Black Enterprise Protection v2 documentation.
- Cherwell
- Enhanced "Test Module" functionality.
- Fixed a syntax error.
- ServiceNow
Added caller as an optional field for create a ticket and update a ticket commands. - Palo Alto Networks WildFire
- Added the md5 and sha256 arguments to !file command.
- Invalid hashes in the !file command are regarded as a warning.
- Added the sha256 argument and deprecated the hash argument for the wildfire-report command.
- Added the wildfire-get-sample command.
- Rasterize
Rasterize URL error handling.
Scripts
2 New Scripts
- GDPRContactAuthorities
Returns the GDPR Data Protection Supervisory Authority Listing. A supervisory authority is an independent public authority which is established by a Member State pursuant to Article 51. GDPR - Art. 4. - GetDockerImageLatestTag
Gets the latest tag for a Docker image, by simulating the Docker pull flow, but does not actually pull the image. The script returns an entry with the latest tag of a Docker image if all is good, otherwise it will return an error.
9 Improved Scripts
- CherwellCreateIncident
Added tags and the dependsOn command. - CherwellGetIncident
Added tags and the dependsOn command. - CherwellIncidentOwnTask
Added tags and the dependsOn command. - CherwellIncidentUnlinkTask
Added tags and the dependsOn command. - CherwellQueryIncidents
Added tags and the dependsOn command. - CherwellUpdateIncident
Added tags and the dependsOn command. - DeleteContext
Fixed an issue where the script defines the index parameter as undefined when it set to zero. - IsEmailAddressInternal
Added the ability to check for sub-domains. - LinkIncidentsWithRetry
Improved script descriptions.
Deprecated Script
- SendEmail
Deprecated. Use the send-mail command instead.
Playbooks
5 New Playbooks
-
GDPR Breach Notification
This playbook executes when you manually create a GDPR data breach incident, and then performs the required tasks that are detailed in GDPR Article 33. For more information, see the GDPR Breach Notification documentation.***Disclaimer: This playbook does not ensure compliance to the GDPR regulation. Before using this playbook, we advise consulting with the relevant authority, and adjusting it to the organization's needs.
-
Account Enrichment - Generic v2.1
- Replaced the Active Directory integration with the Active Directory v2 Query integration.
- Removed redundant outputs.
-
Email Address Enrichment - Generic v2.1
- Enriches email addresses.
- Gets information from Active Directory for internal addresses
- Gets the domain-squatting reputation for external addresses.
- Uses the Active Directory v2 integration.
-
Endpoint Enrichment - Cylance Protect v2
Enrich endpoints using the Cylance Protect v2 integration. -
Endpoint Enrichment - Generic v2
Enriches endpoints using relevant v2 integrations.
4 Improved Playbooks
- Account Enrichment - Generic
Added support for the Active Directory Query v2 integration. - Entity Enrichment - Generic v2
The playbook now uses the v2.1 enrichment playbooks, which utilize v2 integrations. - Phishing Investigation - Generic v2
The playbook now uses Entity Enrichment - Phishing v2, as expected. - Entity Enrichment - Phishing v2
The playbook now uses the v2.1 enrichment playbooks, which utilize v2 integrations.
Incident Fields
Added a new incident field for GDPR Data Breach incidents.
Incident Layouts
1 New Incident Layout
- GDPR Data Breach
GDPR Data Breach Incident.