demisto/content 3.0.4 on GitHub

Release Notes for version 3.0.4 (4329)

D2 - Endpoint data collection
-- Uses Demisto's d2 agent to collect data from an endpoint for IR purposes
Endpoint data collection
-- Generic playbook to collect data from endpoints for IR purposes. Will use whichever integrations are configured and available
Enrich DXL with ATD verdict
-- Example of using McAfee ATD and pushing any malicious verdicts over DXL Detonates a file in ATD and if malicious - push its MD5, SHA1 and SHA256 hashes to McAfee DXL.
Enrich McAfee DXL using 3rd party sandbox
-- Example of bridging DXL to a third party sandbox Detonate a file in Wildfire and if malicious - push its MD5, SHA1 and SHA256 hashes to McAfee DXL
MAR - Endpoint data collection
-- Use McAfee Active Response to collect data from an endpoint for IR purposes (requires ePO as well)
TIE - IOC Hunt
WildFire - Detonate file
-- File detonation with WildFire

Digital Shadows
-- Digital Shadows monitors and manages an organization's digital risk across the widest range of data sources within the open, deep, and dark web
Cisco Email Security Appliance (IronPort)
-- Cisco Email Security protects against ransomware, business email compromise, spoofing, and phishing
McAfee NSM
-- McAfee Network Security Manager
OpsGenie
-- Get current on-call assignments and users info
PhishTank
-- PhishTank is a free community site where anyone can submit, verify, track and share phishing data
iDefense
-- Accenture Security
Sample Incident Generator
-- Generate random incidents per given parameters

AMP
-- fixing Test button
FalconHost
-- Fixed upload IOC command
FalconIntel
-- Added cs-report-pdf to retrieve report pdf
ipinfo
-- Added outputs to 'ip' command in order to allow using them in a playbook and proxy support
McAfee Active Response
-- Added mar-search-multiple command
OpenPhish
-- Fixed reload mechanism
QRadar
-- Fixed update offense to use url encoded data
ThreatExchange
-- Will now add DBotScore 0 when no results are returned
VirusTotal
-- Fixed wrong indicator when no response
WildFire
-- Ignoring SHA1 hashes
Zendesk
-- Added zendesk-add-comment command. Improved incident fetching mechanism. Improved zendesk-list-tickets output.
Censys
-- Set docker dependency to default docker image
CyberArkAIM
-- added reset credentials and account details commands
jira
-- Changed issueJson argument to accept any object

ContextSearchForString
-- Searches for string in a path in context. If path is null, string will be searched in full context
ConvertXmlFileToJson
-- Converts XML file entry to JSON format
EPOFindSystem
-- Return system info
UnPackFile
-- UnPack a file using fileName or entryID to specify a file. Files unpacked will be pushed to the war room and names will be pushed to the context

ADGetUser
-- Support query from multiple ad instances
CommonIntegrationPython
-- Added missing entry types
CommonServer
-- Updated flattenFields to support the case in which path is not given as argument, Added mergeForeignObjects function
CommonServerPython
-- Added function to create file result from existing file Add missing entry types
ContainsCreditCardInfo
-- Fix regex
ConvertXmlToJson
-- Changed verbose to be True by default
CreateEmailHtmlBody
-- Added the ability to provide values in object as argument. Returning the HTML body as an object for non-incident usage (i.e. pre-processing scripts)
PCAPMiner
-- Do not read / copy extracted files
PDFUnlocker
-- Do not re-read pdf file
UnzipFile
-- Do not read / copy unzipped files

Reputation score calculation changed to better use caches for indicators. By default, scores are calculated by assigning the max score received from vendors. To change the behavior, you can specify your own score calculation script under reputationScriptName