Release Notes for version 2.0.0
Integrations
- Trend Micro DSM
- RSA Security Analytics
- RSA Netwitness Packets and Logs (Decoder, Concentrator and Broker)
- Koodous
- OSQuery
Playbooks
- Phishing playbook enhancements
- Added steps to find emails in all mailboxes that contain them, and use Mimecast if available
- Separate tasks for finding emails and deleting them, allowing for human review and approval.
- Separate tasks for extracting entities from html and text parts of the email.
- TrendMicro Alert Example playbook
Scripts
- Autoruns script now saves MD5s of startup modules in context
- IsIpInRanges - Script to check whether an IP address belongs to a range, e.g. to check internal vs. external in playbooks
- RunSqlQuery (For MSSQL and MySQL)
- OSQuery - foundation scripts for querying processes, users, sockets, etc.
- ExchangeSearch script improved and delete action moved to separate script to enable human approval if desired and more modular usability in playbooks.
- ADGetEmailForAllUsers - Get a full list of mailboxes for all AD users
- SendEmail - Now able to send textual entry in email body by giving a noteEntryID
- CheckWhitelist - see whether an item is in the named whitelist
- ADGetUser and ADGetComputer - display chosen attributes of a computer/user from AD
- BinaryReputationPy - ability to do X retries if hit rate limit for free virustotal key
- Cuckoo scripts enhanced with better output formatting, parameters for detonation, and more
- CuckooGetScreenshot - retrieve screenshots from Cuckoo execution into war room
- SendEmail - ability to send a text entry as an email by entryid