demisto/content 19.5.1

Demisto Content version 19.5.1 (23606)

on GitHub

Demisto Content Release Notes for version 19.5.1 (23606)

Published on 28 May 2019

Integrations

5 New Integrations

• AlienVault USM Anywhere
  Search and monitor alarms and events from AlienVault USM Anywhere.
• Forescout
  Unified device visibility and control platform for IT and OT security.
• PhishLabs IOC
  Get live feeds of IOC data from PhishLabs.
• Minerva Labs Anti-Evasion Platform
  Minerva eliminates the endpoint security gap while empowering companies to embrace technology fearlessly.
• LogRhythmRest
  LogRhythm security intelligence.

11 Improved Integrations

• Image OCR
  Updated argument descriptions.
• FireEye HX
  Fixed an issue that caused an error when running the fireeye-hx-fetch-incidents and fireeye-hx-get-alert commands.
• FortiGate
  • Fixed an issue with SRC and DST addresses in human readable output.
  • Policy creation now supports multiple sources and destinations.
  • Fixed an issue with the fortigate-update-policy command.
• IntSights
  Added the severity_level parameter, which fetches incidents based on the incident severity level.
• Mail Sender (New)
  Improved an error message when testing the integration instance.
• Palo Alto Networks Minemeld
  Added handling for the addition and removal of multiple indicators on miners.
• Palo Alto Networks PAN-OS
  Added the log_forwarding argument to the panorama-create-rule and panorama-custom-block-rule commands. The argument is only available for Panorama instances.
• Rasterize
  Added the with_errors parameter, which enables the integration to return warnings instead of errors.
• EWS Mail Sender
  Improved error messages.
• VMRay
  Deprecated all previous commands, and added new commands.
• Whois
  Added a package that enables improved parsing of Whois entries.

3 Deprecated Integrations

• Secdo - Deprecated
  Deprecated, use the Palo Alto Networks Cortex integration instead.
• Palo Alto Networks Magnifier - Deprecated
  Deprecated, use the Palo Alto Networks Cortex integration instead.
• Amazon Web Services - Deprecated
  Changed the integration name to reflect deprecated status.

Scripts

2 New Scripts

• PhishLabsPopulateIndicators
  Populate indicators by the PhishLabs IOC global feed.
• ReadPDFFileV2
  Load the content and metadata of a PDF file into context.

3 Improved Scripts

• ParseEmailFiles
  Fixed an issue with ParseEmailFiles when there is EML file inside an EML file.
• FilterByList
  Added ability to ignore case.
• StixCreator
  • Added support for registry indicators, CVE CVSS vulnerability and doesn't throw exception on total failure.
  • Added support for the stix2-validator package.

3 Deprecated Scripts

• VMRay
  Deprecated, use the Detonate File - VMRay playbook instead.
• vmray_getResults
  Deprecated, use the Detonate File - VMRay playbook instead.
• ReadPDFFile
  Deprecated, use the ReadPDFFileV2 script instead.

Playbooks

4 New Playbooks

• Detonate File - FireEye AX
  Detonate one or more files using the FireEye AX integration. This playbook returns relevant reports to the War Room and file reputations to the context data.
• PhishLabs - Populate Indicators
  Populate indicators from PhishLabs, according to a defined period of time.
• PhishLabs - Whitelist false positives
  This playbook can be used in a job to whitelist indicators from PhishLabs, which were classified as false positives, according to a defined period of time.
• Detonate File - VMRay
  Detonate a file using the VMRay integration.

Improved Playbook

• Detonate File - Generic
  Added support for the VMRay and FireEye AX integrations.