Demisto Content Release Notes for version 20.2.3 (41510)
Published on 18 February 2020
Integrations
2 New Integrations
- Lastline v2
Use the Lastline v2 integration to provide the threat analysts and incident response teams with the advanced malware isolation and inspection environment needed to safely execute advanced malware samples, and understand their behavior. - Akamai WAF
Use the Akamai WAF integration to manage common sets of lists used by various Akamai security products and features.
10 Improved Integrations
- SplunkPy
Added the app argument to the following commands.- splunk-job-create
- splunk-search
- SumoLogic
- Added the waitForSearchComplete parameter, which causes the search to wait for the query to iterate over all messages before returning results.
- Bugfix: wait for the query to complete when fetching incidents as aggregate records.
- ZeroFox
Fixed an issue where the same incident was repeatedly fetched. - McAfee Web Gateway
Fixed an issue where the integration parameters were exposed in the log. - Mail Sender (New)
Fixed an issue where in some cases attachments displayed as being empty. - Elasticsearch v2
You can now fetch incidents without specifying the Date Format parameter. - ArcSight ESM v2
Fixed an issue where the output for the as-get-entries command was not in the correct format for results with a large number of objects. - Rasterize
- Updated Chromium to version 80.
- Added support for specifying a maximum page load time. The default value is 180 seconds.
- Changed the default user agent to match the Chrome user agent.
- RSA NetWitness v11.1
- Fixed an issue with fetch-incidents where setting a Fetch Limit would drop older incidents if the number of the fetched incidents was greater than the limit.
- Added the pageNumber argument to the netwitness-get-incidents command. The argument allows the user to get incidents from a specific page and is intended to be used with the limit argument.
- Palo Alto Networks PAN-OS
- The name argument is now mandatory in the panorama-get-service command.
- Added 7 commands.
- panorama-download-latest-content-update
- panorama-content-update-download-status
- panorama-install-latest-content-update
- panorama-content-update-install-status
- panorama-check-latest-panos-software
- panorama-download-panos-version
- panorama-download-panos-status
Scripts
New Script
- YaraScan
Performs a Yara scan on the specified files.
2 Improved Scripts
- ReadPDFFileV2
- Fixed a bug where emails were labeled as URLs.
- Added Email standard output.
- DockerHardeningCheck
Updated the error entry with a detailed explanation of the failure.
Playbooks
5 New Playbooks
- NetOps - Upgrade PAN-OS Firewall Device
Network operation playbook that upgrades the firewall. The superuser is required in order to update the PAN-OS version. - NetOps - Firewall Version and Content Upgrade
Network operation playbook that updates the version and the content of the firewall. The superuser is required in order to update the PAN-OS version. - Detonate URL - Lastline v2
Detonates a URL using the Lastline sandbox integration. - Akamai WAF - Activate Network Lists
Activates network lists in Staging or Production on Akamai WAF. The playbook finishes running when the network list is active on the requested environment. - Detonate File - Lastline v2
Detonates a file using the Lastline sandbox.
2 Improved Playbooks
- Detonate URL - Generic
Replaced the Detonate URL - Lastline sub-playbook with Detonate URL - Lastline v2. - Detonate File - Generic
Replaced the Detonate File - Lastline sub-playbook with Detonate File - Lastline v2.
Incident Fields
New Incident Field
- Target Firewall Version
Version to install on the firewall for PAN-OS, for example: 9.0.5.- panorama-install-panos-version
- panorama-install-panos-status
- panorama-device-reboot