github demisto/content 19.6.1
Demisto Content Release version 19.6.1 (24849)
on GitHub

latest releases: 22.2.0, 22.1.0, 21.12.1...
5 years ago

Demisto Content Release Notes for version 19.6.1 (24849)

Published on 25 June 2019

Integrations

8 New Integrations

  • Anomali ThreatStream v2
    Use the Anomali ThreatStream integration to query and submit threats.
  • Palo Alto Networks AutoFocus v2
    Use the Palo Alto Networks AutoFocus v2 integration to access samples and session data.
  • BlueCat
    Use the BlueCat integration to enrich IP addresses and manage response policies.
  • Cloaken
    Use the Cloaken integration to unshorten URLs onsite using the power of a Tor proxy server to prevent leaking IP addresses to adversaries.
  • Cofense Triage
    Use the Cofense Triage integration to manage reports and attachments.
  • Intezer v2
    Use the Intezer v2 integration to detect and analyze malware, based on code reuse.
  • Perch
    Use the Perch integration to manage alerts, indicators, and communities.
  • ThreatX
    Use the ThreatX integration to automate enforcement and intel gathering actions.

13 Improved Integrations

  • ArcSight ESM v2
    Improved logging functionality.
  • EWS Mail Sender
    Improved handling of EWS concurrency limits.
  • Gmail
    Added proxy support.
  • ipstack
    Improved naming and descriptions.
  • Palo Alto Networks Cortex
    Added the Cortex XDR Analytics query type for fetch incidents.
  • Rasterize
    Improved error suppression.
  • McAfee ESM-v10
    • Fixed an issue with the logout process.
    • Added event information to fetched alarms.
  • Server Message Block (SMB)
    Added the server IP/hostname and NETBios (AD) name command arguments. They still exist as optional instance parameters.
  • IntSights
    Fixed an issue with fetching incidents.
  • Microsoft Graph Security
    Improved the flow for authenticating Demisto. You need to delete all current integration instances and configure new instances using the new authentication flow. For more information, see the Microsoft Graph Security documenation.
  • Microsoft Graph Mail
    Improved the flow for authenticating Demisto. You need to delete all current integration instances and configure new instances using the new authentication flow. For more information, see the Microsoft Graph Mail documenation.
  • Microsoft Graph User
    Improved the flow for authenticating Demisto. You need to delete all current integration instances and configure new instances using the new authentication flow. For more information, see the Microsoft Graph User documenation.
  • Microsoft Defender Advanced Threat Protection
    • Improved the flow for authenticating Demisto. You need to delete all current integration instances and configure new instances using the new authentication flow. For more information, see the Microsoft Defender Advanced Threat Protection documenation.
    • Added three new commands:
      • microsoft-atp-advanced-hunting: Run advanced queries as you would using the ATP portal.
      • microsoft-atp-create-alert: Create a new alert entity using event data, obtained from the Advanced Hunting.
      • microsoft-atp-get-alert-related-user: Retrieves the user associated with a specific alert.

Scripts

7 New Scripts

  • CheckEmailAuthenticity
    Checks email authenticity based on the email's SPF, DMARC, and DKIM.
  • D2Remove
    Removes the Demisto D2 agent from the system using the d2_remove command.
  • FindSimilarIncidents
    Identifies similar incidents by common incident keys, labels, custom fields, or context keys.
  • IntezerScanHost
    Scans the Intezer host.
  • Ping
    Pings an IP address or URL to verify that it is active.
  • GenerateSummaryReports
    Generates report summaries for the specified incidents.
  • IntezerRunScanner
    Runs the Intezer Endpoint Analysis Scanner.

Playbooks

7 New Playbooks

  • Detonate File - ThreatStream
    Detonates one or more files using the Anomali ThreatStream v2 integration. This playbook returns relevant reports to the War Room, and file reputations to the context data.
  • Detonate URL - ThreatStream
    Detonates one or more URLs using the Anomali ThreatStream v2 sandbox integration.
    Returns relevant reports to the War Room and URL reputations to the context data.
  • Intezer - Analyze Uploaded file
    Uploads a file to Intezer Analyze for analysis and enriches the file reputation.
  • Intezer - Analyze by hash
    Analyzes the given file hash on Intezer Analyze and enriches the file reputation. Supports SHA256, SHA1, and MD5.
  • Intezer - scan host
    Uses Demisto D2 agent to scan a host using Intezer scanner.
  • Send Investigation Summary Reports
    This playbook iterates over closed incidents, then generates a summary report for each closed incident, and emails the reports to specified users.
  • Send Investigation Summary Reports Job
    This playbook calls the sub-playbook, "Send Investigation Summary Reports", and closes the incident. By default, the playbook will search all incidents closed within the last hour. This playbook should run as a scheduled job, at an interval of once every 15 minutes.

2 Improved Playbooks

  • Extract Indicators From File - Generic
    File info data is ignored when checking Word documents.
  • Extract Indicators From File - Generic v2
    File info data is ignored when checking Word documents.
Check out latest releases or
releases around demisto/content 19.6.1

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications