Demisto Content Release Notes for version 19.5.1 (23606)
Published on 28 May 2019
Integrations
5 New Integrations
- AlienVault USM Anywhere
Search and monitor alarms and events from AlienVault USM Anywhere. - Forescout
Unified device visibility and control platform for IT and OT security. - PhishLabs IOC
Get live feeds of IOC data from PhishLabs. - Minerva Labs Anti-Evasion Platform
Minerva eliminates the endpoint security gap while empowering companies to embrace technology fearlessly. - LogRhythmRest
LogRhythm security intelligence.
11 Improved Integrations
- Image OCR
Updated argument descriptions. - FireEye HX
Fixed an issue that caused an error when running the fireeye-hx-fetch-incidents and fireeye-hx-get-alert commands. - FortiGate
- Fixed an issue with SRC and DST addresses in human readable output.
- Policy creation now supports multiple sources and destinations.
- Fixed an issue with the fortigate-update-policy command.
- IntSights
Added the severity_level parameter, which fetches incidents based on the incident severity level. - Mail Sender (New)
Improved an error message when testing the integration instance. - Palo Alto Networks Minemeld
Added handling for the addition and removal of multiple indicators on miners. - Palo Alto Networks PAN-OS
Added the log_forwarding argument to the panorama-create-rule and panorama-custom-block-rule commands. The argument is only available for Panorama instances. - Rasterize
Added the with_errors parameter, which enables the integration to return warnings instead of errors. - EWS Mail Sender
Improved error messages. - VMRay
Deprecated all previous commands, and added new commands. - Whois
Added a package that enables improved parsing of Whois entries.
3 Deprecated Integrations
- Secdo - Deprecated
Deprecated, use the Palo Alto Networks Cortex integration instead. - Palo Alto Networks Magnifier - Deprecated
Deprecated, use the Palo Alto Networks Cortex integration instead. - Amazon Web Services - Deprecated
Changed the integration name to reflect deprecated status.
Scripts
2 New Scripts
- PhishLabsPopulateIndicators
Populate indicators by the PhishLabs IOC global feed. - ReadPDFFileV2
Load the content and metadata of a PDF file into context.
3 Improved Scripts
- ParseEmailFiles
Fixed an issue with ParseEmailFiles when there is EML file inside an EML file. - FilterByList
Added ability to ignore case. - StixCreator
- Added support for registry indicators, CVE CVSS vulnerability and doesn't throw exception on total failure.
- Added support for the stix2-validator package.
3 Deprecated Scripts
- VMRay
Deprecated, use the Detonate File - VMRay playbook instead. - vmray_getResults
Deprecated, use the Detonate File - VMRay playbook instead. - ReadPDFFile
Deprecated, use the ReadPDFFileV2 script instead.
Playbooks
4 New Playbooks
- Detonate File - FireEye AX
Detonate one or more files using the FireEye AX integration. This playbook returns relevant reports to the War Room and file reputations to the context data. - PhishLabs - Populate Indicators
Populate indicators from PhishLabs, according to a defined period of time. - PhishLabs - Whitelist false positives
This playbook can be used in a job to whitelist indicators from PhishLabs, which were classified as false positives, according to a defined period of time. - Detonate File - VMRay
Detonate a file using the VMRay integration.
Improved Playbook
- Detonate File - Generic
Added support for the VMRay and FireEye AX integrations.