Demisto Content Release Notes for version 19.7.2 (26095)
Published on 23 July 2019
Integrations
6 New Integrations
- Cisco ISE
Use the Cisco ISE integration to get endpoint data, and to manage and update endpoints and ANC policies. - Palo Alto Networks Cortex XDR - Investigation and Response
Use the Palo Alto Networks Cortex XDR integration to get a list of incidents and detailed incident data, and to update incident fields. - Proofpoint TAP v2
Use the Proofpoint Targeted Attack Protection (TAP) integration to protect against and provide additional visibility into phishing and other malicious email attacks. - URLhaus
Use the URLhaus integration to get information about URLs and domains, and to download malware samples. - Atlassian Confluence Server
Use the Atlassian Confluence Server API integration to manage your Confluence spaces and content. - VulnDB
Use the VulnDB integration to get information about vulnerabilities for various products, including operating systems, applications, and so on.
18 Improved Integrations
- Cisco AMP
- Changed the name of the Credential parameter to Client ID.
- Added information in the Detailed Description section on how to generate a Client ID and API Key.
- MaxMind GeoIP2
The Trust any certificate parameter now works as expected. - Rapid7 Nexpose
Fixed an issue in the nexpose-get-asset command in which the command fails to handle dates without milliseconds. - SumoLogic
Fixed an issue with fetching incidents by adding the timeZone parameter. - LogRhythmRest
Added 5 new commands.- lr-get-hosts
- lr-get-alarm-data
- lr-get-alarm-events
- lr-get-networks
- lr-get-persons
- Windows Defender Advanced Threat Protection
Improved handling of cases when the isAadJoined key is missing from API responses. - Netcraft
Fixed an issue in the netcraft-report-attack command. - Google Vault
- Improved error handling.
- Added support for new integration parameters.
- Use system proxy settings
- Trust any certificate
- Zendesk
- Attachments are now visible in context when you run the zendesk-ticket-details command.
- Added a test playbook.
- CVE Search
Fixed an issue in which UserAgent was not present in the request. - Cisco Umbrella Investigate
The Trust any certificate parameter now works as expected. - Atlassian Jira (v2)
Fixed an issue when fetching incidents in which multiple incidents with the same ticket ID were fetched. - EWS Mail Sender
Added support for embedding inline images in emails. - MISP V2
Added 4 new commands.- misp-add-events-from-feed
- misp-add-ip-object commands
- misp-add-domain-object commands
- misp-add-email-object commands
- misp-add-generic-object commands
- Vertica
Improved connection failure logging. - urlscan.io
- Screenshots are now fetched when the Trust any certificate parameter is selected.
- The Trust any certificate parameter now works as expected.
- CrowdStrike Falcon Sandbox
- Fixed DBot score mapping.
- Fixed an issue in which an indicator was undefined in DBot context.
- Okta
Fixed an issue in which filters were double encoded, and results are now returned according to the specified filter, as expected.
Scripts
New Script
- XDRSyncScript
This script compares between Demisto incidents and incidents in Palo Alto Networks Cortex XDR, and updates both incidents mutually. This script always uses the xdr-get-incident-extra-data command, and outputs to the entire incident JSON to context. If the incident was updated in Cortex XDR, the Demisto incident will be updated accordingly, and the playbook will rerun. If the incident is updated in Demisto, then the script will execute the xdr-update-incident command and update the incident in Cortex XDR.
Improved Script
- FindSimilarIncidents
Improved wording in the script.
Playbooks
Improved Playbook
- Process Email - Generic
Fixed an issue in which the script rendered an image when there is no HTML in the email.