Demisto Content Release Notes for version 19.8.0 (26837)
Published on 06 August 2019
Integrations
3 New Integrations
- Cofense Intelligence
Use the Cofense Intelligence integration to check the reputation of URLs, IP addresses, file hashes, and email addresses. - Uptycs
Use the Uptycs integration to fetch data from the Uptycs database. - AWS - Lambda
Amazon Web Services Serverless Compute service (lambda).
19 Improved Integrations
- IBM QRadar
- Fixed an issue in which the fetch incidents function would fail when there were non-ASCII characters in the data.
- Fixed an issue in which the fetch incidents function would ignore the filter if the maximum number of offenses set in the instance configuration were fetched in a single fetch.
- Improved error messages for fetch-incidents.
- Added the Required Permissions information in the detailed description section.
- Palo Alto Networks Cortex XDR - Investigation and Response
Added instructions in the integration instance Detailed Description section how to generate an API Key, API Key ID, and how to copy the integration URL. - Whois
Added support for Socks and HTTP Connect proxy. - Anomali ThreatStream v2
Fixed an issue with the description argument in the threatstream-create-model command. - EWS v2
- Improved memory resource usage.
- Added the ews-mark-items-as-read command.
- Added the Mark fetched emails as read parameter to the integration instance configuration.
- Improved integration documentation.
- SNDBOX
- Fixed an issue with command mapping in which some commands were were not called correctly.
- Deprecated the detonate-file function.
- VirusTotal
Updated outputs with new indicator fields. - WhatIsMyBrowser
The Trust any certificate parameter now works as expected. - PhishLabs IOC
Fixed an issue with the updatedAt field. - Palo Alto Networks PAN-OS EDL Management
Added the pan-os-edl-get-external-file-metadata command.
When a non-existent list is specified in the pan-os-edl-update-from-external-file command, the list is automatically created and the file data is saved to the list. - Fidelis Elevate Network
Added 5 new commands.- list-metadata
- get-alert-by-uuid
- list-alert-by-ip
- download-malware-file
- download-pcap-file
- Palo Alto Networks AutoFocus V2
- Added to context the status of commands with the following prefixes: autofocus-samples-search, autofocus-sessions-search, and autofocus-top-tags.
- Improved error handling for cases of no report in the autofocus-sample-analysis command.
- Improved error handling for retrieving a pending query in the autofocus-samples-search-results command.
- Imperva Skyfence
Improved descriptions and integration documentation. - Palo Alto Networks PAN-OS
- Improved error handling for URL filtering licensing.
- Improved error handling when trying to edit an uncommitted Custom URL category.
- Added the panorama-list-rules command.
- Added edl as an option for the object_type argument in the panorama-custom-block-rule command.
- Proofpoint TAP v2
Modified the fetch range for the first fetch to 1 hour (the Proofpoint TAP API maximum). - Active Directory Query v2
- The default query now works as expected.
- The dn argument now works as expected.
- Added support for custom SSL certificates, by using the Docker environment variable: SSL_CERT_FILE.
- McAfee ePO
Added the epo-move-system command. - SentinelOne V2
Added 3 commands.- sentinelone-disconnect-agent
- sentinelone-connect-agent
- sentinelone-broadcast-message.
- Awake Security
The Trust any certificate parameter now works as expected. - Cylance Protect v2
- Improved handling of error messages.
- Improved logging functionality.
- Added the Trust any certificate parameter.
Deprecated Integration
- Phishme Intelligence
Deprecated. Use the Cofense Intelligence integration instead.
Scripts
2 Improved Scripts
- StixParser
- Fixed an issue in which an unknown STIX pattern corrupts script presentation.
- Fixed an issue in which duplicate indicators were created.
- ParseEmailFiles
- Added support for EML file attachments with a generic "data" type.
- Added support for smime signed EML file attachments.
Deprecated Script
- CBSearch
Deprecated. Use the cb-binary command and the cb-get-processes command instead.
Playbooks
2 New Playbooks
- Uptycs - Bad IP Incident
Gets information about processes that open connections to known bad IPs. - Uptycs - Outbound Connection to Threat IOC Incident
Get information about connections from IOC incidents.
Improved Playbooks
- Process Email - Generic
Added support for EML file attachments with a generic "data" type.