Skip to content

Demisto Content Release Notes for version 18.3.0 (7763)
Compare
Choose a tag to compare
@asafshen asafshen released this 06 Mar 20:55
18.3.0
150ada2

Demisto Content Release Notes for version 18.3.0 (7763)

Published on 06 March 2018

Playbooks

15 New Playbooks

  • Malware Investigation - Generic
    -- Investigate a malware using one or more integrations
  • Malware Investigation - Generic - Setup
    -- Verify file sample and hostname information for the "Malware Investigation - Generic" playbook
  • Default Playbook
    -- Enrich indicators in incident using one or more integrations
  • Phishing Playbook - Automated
    -- An automated playbook to investigate suspected Phishing attempts
  • Phishing Investigation - Generic
    -- Investigate a phishing incident using one or more integrations
  • Email Address Enrichment - Generic
    -- Get email address reputation using one or more integrations
  • Process Email - Generic
    -- Add email details into the relevant context entities and handle the case where you have attached original emails
  • Extract Indicators - Generic
    -- Extract indicators from input data
  • DBot Indicator Enrichment - Generic
    -- Get indicators internal Dbot score
  • Calculate Severity - Generic
    -- Calculate incident severity by indicators' reputation and user/endpoint membership in critical groups
  • Entity Enrichment - Generic
    -- Enrich entities using one or more integrations
  • File Enrichment - Generic
    -- Get file reputation using one or more integrations
  • Search Endpoints By Hash - CrowdStrike
    -- Hunt for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host
  • Search Endpoints By Hash - TIE
    -- Hunt for sightings of MD5, SHA1 and/or SHA256 hashes on endpoints, using McAfee TIE
  • Search Endpoints By Hash - Carbon Black Response
    -- Hunt for malicious indicators using Carbon Black

Improved Playbooks

  • URL Enrichment - Generic
    -- Add URL SSL verification

Scripts

2 New Scripts

  • URLSSLVerification
    -- Verify URL SSL certificate
  • getMlFeatures
    -- Calculate features for machine learning

2 Improved Scripts

  • GetIndicatorDBotScore
    -- Support for custom indicator types
  • IsMaliciousIndicatorFound
    -- Handle 'includeSuspicious' argument properly

Integrations

2 New Integrations

  • Remedy AR
    -- Professional development environment that leverages the recommendations of the IT Infrastructure Library (ITIL) and provides a foundation for Business Service Management (BSM) solutions
  • pyEWS
    -- Exchange Web Services and Office 365

6 Improved Integrations

  • McAfee ESM-v10
    -- Support changing organization when editing a case
  • Okta
    -- Fix issue with unlock action
  • Remedy On-Demand
    -- Added fetch-incidents support
  • ServiceNow
    -- Fetch incidents now supports customised tables
  • SplunkPy
    -- Add command splunk-parse-raw that parse Splunk '_raw' result. Protect Splunk notable events fetch from nil pointer
  • Rasterize
    -- Forcing white background on emails for better visibility in the dark theme

Reputation

  • Change IP regex to capture valid IP addresses only
Assets 4
Loading