Demisto Content Release Notes for version 18.4.1 (8197)

Demisto Content Release Notes for version 18.4.1 (8197)

Published on 03 April 2018

Playbooks

2 New Playbooks

• Close incident if duplicate found
  -- Find and close duplicate incidents for the current incident
• Packetsled
  -- Enumerate the packetsled entities with incidents, and query each entity for artifacts

Integrations

3 New Integrations

• Intezer
  -- Malware detection and analysis based on code reuse
• Packetsled
  -- Packetsled Network Security API commands
• Preempt
  -- Preempt Behavioral Firewall - Detection and enforcement based on user identity

Improved Integrations

• SplunkPy
  -- Support Splunk fetch incident to extract custom fields from _raw of notable events

Reputations

• Support escaped IPs in format x[.]x[.]x[.]x (e.g. 192[.]168[.]0[.]1)

Scripts

2 New Scripts

• FindSimilarIncidents
  -- Find similar incidents by common incident keys, labels, custom fields or context keys
• UnEscapeIPs
  -- Remove escaping chars from IP (e.g. 127[.]0[.]0[.]1 -> 127.0.0.1)

Filters & Operations Example Scripts

The following are examples for scripts that can be use as filters or operations with playbook inputs (see image bellow*)

• InRange (filter)
  -- Checks if left side is in range of right side
• StripChars (operation)
  -- Strip set of characters from prefix and/or suffix
• ReverseList (operation, entire-list)
  -- Reverse a given list. An entire-list transformer - it operates the argument as a list (note the "entirelist" tag)

*Filters & Operations usage