Release Notes for version 3.0.1 (3674)
Playbooks
New Playbooks
- McAfeeESMTest
Modified Playbooks
- Phishing Playbook - Automated
-- Fix default display name in email message
Integrations
New Integrations
- AlienValut OTX
-- Query IOCs in AlienVault - RSA Archer
-- The RSA Archer GRC Platform provides a common foundation for managing policies, controls, risks, assessments and deficiencies across lines of business. - Cisco Spark
-- Send messages, create rooms and more, via the Cisco Spark API. - Cybereason
-- Gets processes/connections using the Cybereason API. - DomainTools
-- Domain name, DNS and Internet OSINT-based cyber threat intelligence and cybercrime forensics products and data - Endgame
-- Endpoint protection built to stop advanced attacks before damage and loss occurs - Service Manager
-- Service Manager By Micro Focus (Formerly HPE Software). - MISP
-- Malware Information Sharing Platform and Threat Sharing - malwr
-- Analyze files using the malwr sandbox - PacketMail
-- Intel look up for IPS - Panorama
-- Manage Palo Alto Networks firewalls via the Panorama management interface - Phishme Intelligence
-- Human-vetted, Phishing-specific Threat Intelligence from Phishme. - SumoLogic
-- Cloud-based service for logs & metrics management - Symantec Advanced Threat Protection
-- Advanced protection capabilities from Symantec - urlscan.io
-- Urlscan.io reputation - Verodin
-- Verodin simulations and topology - fireeye
-- Perform malware dynamic analysis - jamf
-- Jamf device management
Modified Integrations
- Cisco Umbrella Investigate
-- Fix response in non-existing domains/ip - Cisco CloudLock
-- Added Demisto side filtering of results - Cylance Protect
-- Better error notifications - McAfee ESM-v10
-- Added Support for case management and fetch incidents of cases - Incapsula
-- Added proxy setting support - LightCyber Magna
-- Added the commands lcm-host-autoruns, lcm-host-processes-internet-connections, lcm-host-loaded-modules, lcm-host-processes, lcm-host-processes, lcm-host-suspicious-artifacts, lcm-host-opened-ports - LogRhythm
-- Support exporting incident full JSON - EWS
-- Support get attachment of an item(mail) - ProtectWise
-- Consolidated command names. Upgraded with outputs. Can fetch incidents from Protectwise events with filtering on event names. Timestamps presented in human readble format. - QRadar
-- Support exporting incident full JSON - RSA NetWitness Packets and Logs
-- Add last minutes functionality - RSA NetWitness Security Analytics
-- Upgrade to new format. Added human readable format and some command fixes - SplunkPy
-- First fetch to bring last 10 minutes notable events - ThreatConnect
-- Fix proxy condition in TC, add threshold, and fix various issues, support Dbot score and context update, change no results outputs - Threat Grid
-- Fixed file return bug - Vectra
-- Support exporting incident full JSON - Venafi
-- Context creation by Venafi search and new serach arguments - jira
-- Merging Ticket entity by Id - McAfeeDAM
-- Support exporting incident full JSON - Rasterize
-- Added proxy settings - Trend Micro
-- Support exporting incident full JSON
Reports
Scripts
New Scripts
- DataDomainReputation
-- Evaluate reputation of a URL and Domain and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned. - EmailAskUserResponse
-- Extract user's response from EmailAskUser reply. Returns the first textual response line of the provided entry that contains the reply body. Use ${lastCompletedTaskEntries} to analyze the previous playbook task containing the user's reply. - ExtractDomain
-- Extract Domains from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON. - ExtractDomainFromURL
-- Extract Domain from a URL. Domain will include sub-domain as well - ExtractDomain
-- Extract Domains from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON. - HTTPListRedirects
-- List the redirects for a given URL - IsValueInArray
-- Look for value in an array - MatchRegex
-- Extract regex data from given text - supports groups as well - PanoramaDynamicAddressGroup
- ResolveShortenedURL
-- Resolve the original URL from the given shortened URL and place it in both as output and in the context of a playbook. (https://unshorten.me/api) - ToTable
-- Convert an array to a nice table display. Usually, from the context. - URLNumberOfAds
- isError
-- Check whether given entry/entries returned an error. Use ${lastCompletedTaskEntries} to check the previous task entries. If array is provided, will return yes if one of the entries returned an error. - misp_download_sample
-- Download malicious file sample from MISP - misp_upload_sample
-- Upload malicious file sample to MISP
Modified Scripts
- ADGetAllUsersEmail
-- Deprecated - ADGetComputer
-- Split Groups in context into array - ADGetGroupMembers
-- Split Groups in context into array - ADGetUser
-- Added limit param and set default size limit - AreValuesEqual
-- Arguments are not mandatory anymore. If either of the arguments are missing, no is returned. - CommonServer
-- Added createdEntry function and dqQueryBuilder - CommonServerPython
-- added html to formats - DataHashReputation
-- Manually set value of indicator reputation will now superceed threat intel sites - DataIPReputation
-- Manually set value of indicator reputation will now superceed threat intel sites - DataURLReputation
-- Manually set value of indicator reputation will now superceed threat intel sites - EmailAskUser
-- Options in HTML email are clickable links that open a new email with the selected option - ExposeList
-- Deprecated - ExposeUsers
-- Deprecated - 'getUsers' builtin command should be used - ExtractURL
-- The ability to extract urls from query string - FileCreateAndUpload
-- Converted to JS. Added the ability to take entry ID for storing its content to file. - IsMaliciousIndicatorFound
-- Added the ability to check suspicious indicators as well - LoadJSON
-- Add outputs and save in context - NessusCreateScan
-- deprecated. Use integration command - NessusGetReport
-- deprecated. Use integration command - NessusHostDetails
-- deprecated. Use integration command - NessusLaunchScan
-- deprecated. Use integration command - NessusListScans
-- deprecated. Use integration command - NessusScanDetails
-- deprecated. Use integration command - NessusScanStatus
-- deprecated. Use integration command - NessusShowEditorTemplates
-- deprecated. Use integration command - NotInContextVerification
-- removed spaces from cmdArgs - ParseEmailFiles
-- Adding support for mixed CR/LF in fileType. Support utf-8 chars. - StringContains
-- Support looking for one substring out of a list - VerifyContext
-- removed spaces from field names
Removed Scripts
- SendURLDetailsByEmail