github demisto/content 20.2.4
Demisto Content Release Notes for version 20.2.4 (42218)
on GitHub

latest releases: 22.2.0, 22.1.0, 21.12.1...
4 years ago

Demisto Content Release Notes for version 20.2.4 (42218)

Published on 24 February 2020

5.5 Beta Release Notes

Feeds

25 New Feeds in 5.5.0 Beta

We added several inbound and outbound feeds for threat intelligence management.

22 Inbound Feeds
  • abuse.ch SSL Blacklist Feed
  • DShield Feed
  • Cofense Feed
  • Azure Feed
  • Office 365 Feed
  • Blocklist_de Feed
  • Recorded Future RiskList Feed
  • BruteForceBlocker Feed
  • AutoFocus Feed
  • Cloudflare Feed
  • Proofpoint Feed
  • Bambenek Consulting Feed
  • Tor Exit Addresses Feed
  • AlienVault Reputation Feed
  • Feodo Tracker IP Blocklist Feed
  • Feodo Tracker Hashes Feed
  • Spamhaus Feed
  • AWS Feed
  • Office365 Feed
  • CSV Feed
  • Malware Domain List Active IPs Feed
  • Fastly Feed
3 Outbound Feeds
  • Export Indicators Service
  • Palo Alto Networks PAN-OS EDL Service
  • TAXII Feed

Integrations

New Integration in 5.5 Beta

  • Elasticsearch v2
    • Searches for and analyzes data in real-time.
    • Supports version 6 and up.

Scripts

New Script in 5.5.0 Beta

  • FetchIndicatorsFromFile
    Fetches indicators from a file.

Playbooks

11 New Playbooks in 5.5 Beta

  • Process Domain Indicators
  • Process Hash Indicators
  • Process IP Indicators
  • Process Url Indicators
  • ArcSight Add Domain Indicators
  • ArcSight Add IP Indicators
  • ArcSight Add Hash Indicators
  • QRadar Add Domain Indicators
  • QRadar Add IP Indicators
  • QRadar Add Hash Indicators
  • QRadar Add Url Indicators

Dashboard

New Dashboard in 5.5.0 Beta
  • Threat Intelligence Management

Widgets

4 New Widgets

  • Elastic Disk Current Usage
    Elastic Disk Current Usage %.
  • Elastic JVM Memory Current Usage
    Elastic JVM Memory Current Usage %.
  • Elastic Memory Current Usage
    Elastic Memory Current Usage %.
  • Elastic CPU Current Usage
    Elasticsearch CPU Current Usage %.

Incident Layouts

10 New Incident Layouts in 5.5.0 Beta

  • emailRep - Indicator Details
    Updated the layout for the Email indicator type.
  • Indicator Feed - New/Edit
    Added the ability to edit the layout for the Indicator Feed incident type.
  • unifiedFileRep - Indicator Details
    Updated the layout for the File indicator type.
  • urlRep - Indicator Details
    Updated the layout for the URL indicator type.
  • domainRep - Indicator Details
    Updated the layout for the Domain indicator type.
  • hostRep - Indicator Details
    Updated the layout for the Host indicator type.
  • cveRep - Indicator Details
    Updated the layout for the CVE indicator type.
  • registryKey - Indicator Details
    Updated the layout for the Registry Key indicator type.
  • ipRep - Indicator Details
    Updated the layout for the IP indicator type.
  • accountRep - Indicator Details
    Updated the layout for the Account indicator type.

Integrations

8 New Integrations

  • Google Chronicle Backstory
    Use the Google Chronicle Backstory integration to retrieve Asset alerts or IOC Domain matches as Incidents. Use it to fetch a list of infected assets based on the indicator accessed.
  • Pentera
    An Integration with Pentera by Pcysys.
  • Claroty
    Use the Claroty CTD integration to manage assets and alerts.
  • Expanse
    The Expanse App for Demisto leverages the Expander API to retrieve network exposures and create incidents in Demisto. This application also enables IP and Domain enrichment, retrieving assets and exposures information drawn from Expanse.
  • IBM X-Force Exchange (v2)
    Use the IBM X-Force Exchange integration to receive threat intelligence about applications, IP addresses, URLs, and hashes.
  • CounterCraft Deception Director
    Use the CounterCraft Deception Solution integration to detect advanced adversaries and to automate counterintelligence campaigns to discover targeted attacks with real-time active response.
  • Indeni
    Indeni is turn-key automated monitoring providing visibility for security infrastructure. Indeni's production-ready Knowledge is curated from vetted, community-sourced experience, to deliver automation of tedious tasks with integration with your existing processes.
  • illuminate
    This integration utilizes AnalystPlatform's Illuminate system to enrich Demisto indicators.

9 Improved Integrations

  • MISP V2
    Fixed the default value for the PREDEFINED argument in the misp-search command.
  • DomainTools Iris
    Improved the integration description.
  • Micro Focus Service Manager
    Improved the descriptions for several parameters and commands.
  • SplunkPy
    Added support for comma-separated values in the splunk-parse-raw command.
  • Palo Alto Networks PAN-OS
    • Added 2 commands.
      • panorama-register-user-tag
      • panorama-unregister-user-tag
  • Zscaler
    • Fixed an issue where the url command in Zscaler did not create an indicator in Demisto.
    • Fixed the url and ip commands the in Zscaler output descriptions.
    • Fixed an issue where the zscaler-category-add-url command failed when passing multiple URLs separated with spaces.
    • Fixed an issue where the zscaler-undo-blacklist-url command always failed with the error "Given URL is not blacklisted".
    • Fixed an issue where the zscaler-undo-blacklist-ip command always failed with the error "Given IP is not blacklisted".
    • Fixed an issue where the zscaler-undo-whitelist-url command always failed with the error "Given host address is not whitelisted.".
    • Fixed an issue where the zscaler-undo-whitelist-ip command always failed with the error "Given IP address is not whitelisted.".
    • Updated command executions to always activate changes after API calls and close session. This fixes issues related to the session not being authenticated or timing out.
  • McAfee DXL
    Added certificate validation.
  • McAfee Threat Intelligence Exchange
    Added certificate validation.
  • Qualys
    Fixed an argument name in the qualys-schedule-scan-list command.

Scripts

New Script

  • ExpanseParseRawIncident
    Parses an Expanse incident from raw JSON to readable output.

2 Improved Scripts

  • FilterByList
    Added the name of the compared list to the context.
  • XDRSyncScript
    Fixed an issue where an incident was modified in XDR but not updated in Demisto.

Playbooks

6 New Playbooks

  • Claroty Manage Asset CVEs
  • Claroty Incident
  • Indeni Demo
  • Pentera Run Scan
  • Expanse Incident Playbook
    Parses incident from Expanse in raw JSON to readable output.
  • NetSec - Palo Alto Networks DUG - Tag User
    Block a user by tagging them in the Palo Alto Networks NGFW. Requires PAN-OS 9.1 or later.

3 Improved Playbooks

  • NetOps - Firewall Version and Content Upgrade
    Updated playbook descriptions and task names.
  • NetOps - Upgrade PAN-OS Firewall Device
    Updated playbook descriptions and task names.
  • Block Account - Generic
    Added the PAN-OS Dynamic User Groups commands to the playbook.

Incident Layouts

12 New Incident Layouts

  • accountRep - Indicator Details
  • hostRep - Indicator Details
  • Expanse Appearance - Summary
  • domainRep - Indicator Details
  • Claroty Integrity Incident - Summary
  • cveRep - Indicator Details
  • unifiedFileRep - Indicator Details
  • registryKey - Indicator Details
  • Claroty Security Incident - Summary
  • ipRep - Indicator Details
  • emailRep - Indicator Details
  • urlRep - Indicator Details
Check out latest releases or
releases around demisto/content 20.2.4

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications