Skip to content

Demisto Content 17.11.0 release
Compare
Choose a tag to compare
@asafshen asafshen released this 12 Nov 19:00
17.11.0
6f8bf1b

Release Notes for version 17.11.0 (4518)

General

  • The form of Demisto content versions has been changed to make them easier to follow. Content version numbers will now be as follows: '<YY>.<MM>.<#>'. For example 17.11.0 is November 2017 first version

Playbooks

2 New Playbooks

  • Arcsight - Get events related to the Case
    -- Get the Case's Arcsight ResourceID from the FetchID field, or the "ID" label. If neither are available, ask user for the ID
  • QRadar - Get offense correlations
    -- Get more information from a Qradar Offence

Integrations

5 New Integrations

  • Carbon Black Defense
    -- Next-generation antivirus + EDR in one cloud-delivered platform that stops commodity malware, advanced malware, non-malware attacks and ransomware
  • IsItPhishing
    -- Collaborative web service that provides validation on whether a URL is a phishing related page (or not) by analyzing the content of the webpage
  • McAfee Threat Intelligence Exchange
    -- Connect to TIE using its DXL client
  • McAfee Web Gateway
    -- Blacklist/Whitelist URLs
  • TCPIPUtils
    -- Use the TCPIPUtils.com API to get enrichment data about an IP address

5 Improved Integrations

  • AlienValut OTX
    -- The 'not found' error is now handled more gracefully
  • ArcSight ESM
    -- Added new commands
    • as-case-delete
    • as-get-all-query-viewers
    • as-get-case-event-ids
      There is no need for ArcSight XML integration anymore, fetch can be done via ArcSight ESM
  • Remedy On-Demand
    -- Port parameter is now optional
  • SplunkPy
    -- Support different timezones on Splunk ES incident fetch
  • Nessus
    -- Fixed list-scans command issue

Scripts

2 New Scripts

  • ContextContains
    -- This script searches for a value in a context path
  • ExposeIncidentOwner
    -- Copy the incident owner into 'IncidentOwner' context key

5 Improved Scripts

  • ATDDetonate
    -- Returns an error on unsupported files
  • DeleteContext
    -- Change function to return an error when no arguments are provided (rather than return a regular message)
  • ExportToCSV
    -- Display string representation of inner object fields
  • QRadarGetCorrelationLogs
    -- Added Context outputs
  • QRadarGetOffenseCorrelations
    -- Updated context outputs

1 Depracated Script

  • QRadarClassifier
    • Use the Demisto "Classification and Mapping" tool instead
Assets 3
Loading