demisto/content 19.8.2

Demisto Content Release Notes for version 19.8.2 (27827)

on GitHub

Demisto Content Release Notes for version 19.8.2 (27827)

Published on 22 August 2019

Integrations

4 New Integrations

• Have I Been Pwned? v2
  • Replaces the now deprecated Have I Been Pwned? integration. This integration is not backward compatible. You need to delete all existing instances and replace with v2 instances.
  • Added the API Key parameter to instance configuration.
  • Written in Python.
• Slack v2 (Requires Demisto 5.0) *
  Use the Slack v2 integration to send messages and notifications to channels and in direct messages, and to mirror investigations between Demisto and Slack.
• Microsoft Teams (Requires Demisto 5.0) *
  Use the Microsft Teams integration to send messages and notifications to your team members, and to mirror investigations between Demisto and Teams.
• C2SEC (Requires Demisto 5.0) *
  Use the C2SEC integration to add new domains to a portfolio, initiate domain scans, retrieve the stats of a scan, query for domain issues, and retrieve information about leaked credentials, encryption, network and application related vulnerabilities.

16 Improved Integrations

• IBM QRadar
  Fixed an issue in which users would receive an error message for missing SEC headers.
• Mail Sender (New)
  Added the additionalHeader argument, which enables you to add custom headers to an email.
• Cisco AMP
  • Improved integration documentation.
  • Changed the name of the amp_get_computer_trajctory command to amp_get_computer_trajectory.
  • Changed the name of the mp_get_computer_actvity command to mp_get_computer_activity.
• BlueCat Address Manager
  • Added the bluecat-am-get-range-by-ip command.
  • Improved handling of cases in which an error is returned from querying a non-existing IP address.
• Anomali ThreatStream
  Improved implementation of the threatstream-email-reputation command, which now returns context, as expected.
• Palo Alto Networks PAN-OS
  Improved error handling when refreshing an EDL object on a Panorama instance.
• Windows Defender Advanced Threat Protection
  Improved error messages.
• IntSights
  Changed the default encoding to UTF-8.
• dnstwist
  • Added outputs to the dnstwist-domain-variations command.
  • Improved integration documentation.
• EWS Mail Sender
  • Improved memory resource usage.
  • Improved logging.
• SentinelOne V2
  Added 5 commands.
  • sentinelone-get-events
  • sentinelone-create-query
  • sentinelone-get-processes
  • sentinelone-shutdown-agent
  • sentinelone-uninstall-agent
    Fixed the agentIds filter in the get-activities command.
• Palo Alto Networks AutoFocus V2
  • Added tagGroups output to autofocus-samples-search-results command.
  • Improved handling of cases in which unknown tags are retrieved from the autofocus-tag-details command.
• VirusTotal
  Added the VirusTotal permanent link to the following commands.
  • url
  • file
  • url-scan
  • file-scan
  • file-rescan
• ThreatConnect
  Added 8 new commands.
  • tc-get-groups
  • tc-add-group-security-label
  • tc-add-group-tag
  • tc-get-indicator-types
  • tc-group-associate-indicator
  • tc-get-events
  • tc-add-group-attribute
  • tc-create-document-group
• Atlassian Jira (v2)
  Added support for remote application links.
• RSA NetWitness v11.1
  Added the fetch_time parameter.

Deprecated Integration

• Have I Been Pwned?

Scripts

4 New Scripts

• SumList
  Sums the values of a list. For example, ["25", "10", "25"] => "60".
• IndicatorRelatedIncientBySeverity
  Displays a bar chart of the severity of the provided investigation IDs.
• NumberOfPhishingAttemptPerUser
  Displays a bar chart of the number of incidents in which the "To" and "From" email addresses appear.
• PositiveDetectionsVSDetectionEngine
  Displays a bar chart of the number of positive detections out of the overall detections.

6 Improved Scripts

• StixParser
  • Added the CVE and Registry Key indicators.
  • Fixed the wrong format ip field.
• JSONFileToCSV
  • Fixed an issue in error handling.
  • Fixed csv delimiter behavior.
• EmailDomainSquattingReputation
  Added support for domain arrays as a parameter, including empty domains.
• ParseCSV
  Fixed an issue in which parsing single-line CSV files returned a No entries message.
• CommonServerPython
  Added the return_warning command.
• ParseEmailFiles
  Fixed an issue in which special characters were missing from MSG emails.

Playbooks

New Playbook

• C2SEC-Domain Scan
  Initiates a C2SEC scan by domain name, and waits for the scan to finish by polling the scan status in predefined intervals.

Improved Playbook

• Email Address Enrichment - Generic v2.1
  Fixed an issue in which a filter contained blank domains.

Reputations

• Added support for non-English languages.
• Created the new File indicator type. This indicator consolidates all file hashes: MD5, SHA1, SHA256. (Available from Demisto 5.0 *)
• Added support for asterisk, pipeline, and different dashes in domain and URL indicators.

Layouts

Added layouts for the following indicator types. (Available from Demisto 5.0 *)

• Account
• Host
• CVE
• Domain
• Domain2
• Email
• ipEscaped
• IP
• registryKey
• unifiedFile
• URL

* Starred content requires Demisto 5.0, which is available for private beta evaluation. For more information, send a message to beta@demisto.com