Releases: demisto/content
Releases · demisto/content
Demisto Content Release Notes for version 18.5.2 (8950)
Demisto Content Release Notes for version 18.5.2 (8950)
Published on 03 May 2018
Integrations
2 New Integrations
- FireEye HX
An integrated solution that detects what others miss and protects endpoint against known and unknown threats. - Phish.AI
Next-Generation Anti-Phishing Platform Powered by AI & Computer Vision.
Demisto Content Release Notes for version 18.5.1 (8902)
Demisto Content Release Notes for version 18.5.1 (8902)
Published on 2 May 2018
Integrations
2 New Integrations
- Centreon
Centreon is a network, system, applicative supervision, and monitoring tool. The integration provides monitoring enrichment context for hosts and applications. - EasyVista
EasyVista enables you to manage the entire process of designing, managing, and delivering IT services. With the integration, you can obtain a list of incidents and requests, such as service, change, investment, and more.
6 Improved Integrations
- RSA NetWitness Packets and Logs
Improved parameter descriptions. - Threat Grid
The threat-grid-get-html-report-by-id () command displays a report file as a file in the War Room. - McAfee ePO
Enhanced War Room result formatting for epo-commands (Fixed epo-commands issue from version 18.5.0). - FireEye iSIGHT
Fixed the timestamp in request headers, which in some cases resulted in failed authentication. - Okta
Added system log commands. - Preempt
Rephrasing error messages and editing context outputs.
Scripts
4 New Scripts
- AquatoneDiscover
Locates a target's nameservers and shuffle DNS lookups between them. - IndicatorMaliciousRatioCalculation
Returned indicators appears in resolved incidents and resolved incident IDs. - TimeStampToDate (Transformer)
Converts the UNIX Epoch timestamp to a simplified extended ISO format string. Use it to convert timestamp to the Demisto date field. - WhereFieldEquals (Transformer)
Return all items from the list where the items' 'field' attribute is equal to the 'equalTo' argument.
2 Improved Scripts
- Urlscan.io
Encoded the URL parameters for the submit-url command. - Ping
Added Ping results as output and removed verbose argument (this change breaks backward compatibility, best practice is to use outputs over context and raw-response=true for verbose results).
New Incident Layouts
- Incident type 'Access'
Default Incident Summary and Create/Edit Incident layouts.
New Classification & Mapping
SplunkPy classification and mapping for 'Access' incident type. Using the layout and mappings, users can handle Access incident type notables from Splunk ES.
Demisto Content Release Notes for version 8.5.0 (8862)
Demisto Content Release Notes for version 18.5.0 (8862)
Published on 1 May 2018
Integrations
3 New Integrations
- Centreon
Centreon is a network, system, applicative supervision, and monitoring tool. The integration provides monitoring enrichment context for hosts and applications. - EasyVista
EasyVista enables you to manage the entire process of designing, managing, and delivering IT services. With the integration, you can obtain a list of incidents and requests, such as service, change, investment, and more. - Phish.AI
Next-Generation Anti-Phishing Platform Powered by AI & Computer VIsion.
6 Improved Integrations
- RSA NetWitness Packets and Logs
Improved parameter descriptions. - Threat Grid
The threat-grid-get-html-report-by-id () command displays a report file as a file in the War Room. - McAfee ePO
Enhanced War Room result formatting for epo-commands. - FireEye iSIGHT
Fixed the timestamp in request headers, which in some cases resulted in failed authentication. - Okta
Added system log commands. - Preempt
Rephrasing error messages and editing context outputs.
Scripts
4 New Scripts
- AquatoneDiscover
Locates a target's nameservers and shuffle DNS lookups between them. - IndicatorMaliciousRatioCalculation
Returned indicators appears in resolved incidents and resolved incident IDs. - TimeStampToDate (Transformer)
Converts the UNIX Epoch timestamp to a simplified extended ISO format string. Use it to convert timestamp to the Demisto date field. - WhereFieldEquals (Transformer)
Return all items from the list where the items' 'field' attribute is equal to the 'equalTo' argument.
2 Improved Scripts
- Urlscan.io
Encoded the URL parameters for the submit-url command. - Ping
Added Ping results as output and removed verbose argument (this change breaks backward compatibility, best practice is to use outputs over context and raw-response=true for verbose results).
New Incident Layouts
- Incident type 'Access'
Default Incident Summary and Create/Edit Incident layouts.
New Classification & Mapping
SplunkPy classification and mapping for 'Access' incident type. Using the layout and mappings, users can handle Access incident type notables from Splunk ES.
Demisto Content Release Notes for version 18.4.3 (8539)
Demisto Content Release Notes for version 18.4.3 (8539)
Published on 16 April 2018
Integrations
New Integrations
- Skyformation
-- Provides cloud application security for business organizations, forwards security events to the organization security tools and enables covering their cloud activity
Improved Integrations
- RSA NetWitness Packets and Logs
-- Outputs were added
Scripts
2 Improved Scripts
- ADGetUser
-- Added escaping for brackets in filter's parameters - ExtractURL
-- Support extraction of escaped urls
Widgets
Improved Widgets
- My Tasks
-- Widget now do not display skipped tasks
Dashboards
2 New Dashboards
- My Dashboard
- System Health
Reputations
- Support for unescaped URLs extraction
Demisto Content Release Notes for version 18.4.2 (8476)
Demisto Content Release Notes for version 18.4.2 (8476)
Published on 12 April 2018
Integrations
4 New Integrations
- Carbon Black Enterprise Live Response
-- Collect information and take action on remote endpoints in real time - RSA NetWitness v11.1
-- Systems logs, network and endpoint visibility for real-time collection, detection and automated response - Symantec Messaging Gateway
-- Protect against spam, malware, targeted attacks and provide advanced content filtering, data loss prevention and email encryption - TruSTAR
-- Threat intelligence platform that enriches every stage of security operations workflows from the trusted and relevant data sources
6 Improved Integrations
- SplunkPy
-- Fetch notable events by index time (instead of event time) - Cybereason
-- Added isolate and un-isolate machines commands - Cylance Protect v2
-- Added fetch incidents support and fixed Cylance score translation - EWS v2
-- Fixed ews-search-mailboxes command - Salesforce
-- Added outputs and improved war-room results for all commands - Zscaler
-- Added commands - lookup, whitelist, undo-whitelist, undo-blacklist for URLs and IP addresses
Scripts
New Scripts
- JoinIfSingleElementOnly
-- A transformer that returns a single element in case the array has only one element in it, otherwise return the whole array
Improved Scripts
- ParseEmailFiles
-- Better handling of non-UTF characters
Reports
2 Improved Reports
- Daily incidents
-- Removed open duration as it is not set for open incident - Investigation Summary
-- Added linked incidents section
Utilities
- JavaScript
-- Added 'fixUrl', 'endsWith' and 'startsWith' functions to string type - Python
-- escaped special characters used in 'tableToMarkdown'
Demisto Content Release Notes for version 18.4.1 (8197)
Demisto Content Release Notes for version 18.4.1 (8197)
Published on 03 April 2018
Playbooks
2 New Playbooks
- Close incident if duplicate found
-- Find and close duplicate incidents for the current incident - Packetsled
-- Enumerate the packetsled entities with incidents, and query each entity for artifacts
Integrations
3 New Integrations
- Intezer
-- Malware detection and analysis based on code reuse - Packetsled
-- Packetsled Network Security API commands - Preempt
-- Preempt Behavioral Firewall - Detection and enforcement based on user identity
Improved Integrations
- SplunkPy
-- Support Splunk fetch incident to extract custom fields from _raw of notable events
Reputations
- Support escaped IPs in format x[.]x[.]x[.]x (e.g. 192[.]168[.]0[.]1)
Scripts
2 New Scripts
- FindSimilarIncidents
-- Find similar incidents by common incident keys, labels, custom fields or context keys - UnEscapeIPs
-- Remove escaping chars from IP (e.g. 127[.]0[.]0[.]1 -> 127.0.0.1)
Filters & Operations Example Scripts
The following are examples for scripts that can be use as filters or operations with playbook inputs (see image bellow*)
- InRange (filter)
-- Checks if left side is in range of right side - StripChars (operation)
-- Strip set of characters from prefix and/or suffix - ReverseList (operation, entire-list)
-- Reverse a given list. An entire-list transformer - it operates the argument as a list (note the "entirelist" tag)
*Filters & Operations usage
Demisto Content Release Notes for version 18.4.0 (8183)
Demisto Content Release Notes for version 18.4.0 (8183)
Published on 01 April 2018
Integrations
New Integration
- Coffee Maker
-- Make your perfect coffee with Demisto. Check out our blog post for additional details
Demisto Content Release Notes for version 18.3.3 (7971)
Demisto Content Release Notes for version 18.3.3 (7971)
Published on 20 March 2018
Playbooks
Improved Playbooks
- QRadar - Get offense correlations
-- Converted playbook to new conventions (playbook inputs, argument-filters, etc.)
Scripts
3 New Scripts
- CloseInvestigationAsDuplicate
-- Close the current investigation as duplicate to other investigation - ExtractHTMLTables
-- Find tables inside HTML and extract the contents into list - MarkAsNoteByTag
-- Mark entries as notes if they are tagged with given tag
Improved Scripts
- CheckWhitelist
-- Added check whitelist result to outputs
Integrations
2 New Integrations
- Cylance Protect v2
-- Manage Endpoints using Cylance protect - AWS - S3
-- AWS - amazon public cloud , S3 service
2 Improved Integrations
- Cybereason
-- Changed string comparison in is-probe-connected command to case insensitive - EWS - V2
-- Two new commands - 'ews-create-folder' and 'ews-mark-item-as-junk'. Also added informative debug logs when error raised
Demisto Content Release Notes for version 18.3.2 (7777)
Demisto Content Release Notes for version 18.3.2 (7777)
Published on 07 March 2018
Playbooks
15 New Playbooks
- Malware Investigation - Generic
-- Investigate a malware using one or more integrations - Malware Investigation - Generic - Setup
-- Verify file sample and hostname information for the "Malware Investigation - Generic" playbook - Default Playbook
-- Enrich indicators in incident using one or more integrations - Phishing Playbook - Automated
-- An automated playbook to investigate suspected Phishing attempts - Phishing Investigation - Generic
-- Investigate a phishing incident using one or more integrations - Email Address Enrichment - Generic
-- Get email address reputation using one or more integrations - Process Email - Generic
-- Add email details into the relevant context entities and handle the case where you have attached original emails - Extract Indicators - Generic
-- Extract indicators from input data - DBot Indicator Enrichment - Generic
-- Get indicators internal Dbot score - Calculate Severity - Generic
-- Calculate incident severity by indicators' reputation and user/endpoint membership in critical groups - Entity Enrichment - Generic
-- Enrich entities using one or more integrations - File Enrichment - Generic
-- Get file reputation using one or more integrations - Search Endpoints By Hash - CrowdStrike
-- Hunt for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host - Search Endpoints By Hash - TIE
-- Hunt for sightings of MD5, SHA1 and/or SHA256 hashes on endpoints, using McAfee TIE - Search Endpoints By Hash - Carbon Black Response
-- Hunt for malicious indicators using Carbon Black
Improved Playbooks
- URL Enrichment - Generic
-- Add URL SSL verification
Scripts
2 New Scripts
- URLSSLVerification
-- Verify URL SSL certificate - getMlFeatures
-- Calculate features for machine learning
2 Improved Scripts
- GetIndicatorDBotScore
-- Support for custom indicator types - IsMaliciousIndicatorFound
-- Handle 'includeSuspicious' argument properly
Integrations
2 New Integrations
- Remedy AR
-- Professional development environment that leverages the recommendations of the IT Infrastructure Library (ITIL) and provides a foundation for Business Service Management (BSM) solutions - EWS v2
-- Exchange Web Services and Office 365 - More commands, better outputs structure and more reliable
6 Improved Integrations
- McAfee ESM-v10
-- Support changing organization when editing a case - Okta
-- Fix issue with unlock action - Remedy On-Demand
-- Added fetch-incidents support - ServiceNow
-- Fetch incidents now supports customised tables - SplunkPy
-- Add command splunk-parse-raw that parse Splunk '_raw' result. Protect Splunk notable events fetch from nil pointer - Rasterize
-- Forcing white background on emails for better visibility in the dark theme
Depracated
- EWS - use EWS v2 instead
Reputation
- Change IP regex to capture valid IP addresses only
Demisto Content Release Notes for version 18.3.1 (7763)
Demisto Content Release Notes for version 18.3.1 (7728)
Published on 06 March 2018
Playbooks
15 New Playbooks
- Malware Investigation - Generic
-- Investigate a malware using one or more integrations - Malware Investigation - Generic - Setup
-- Verify file sample and hostname information for the "Malware Investigation - Generic" playbook - Default Playbook
-- Enrich indicators in incident using one or more integrations - Phishing Playbook - Automated
-- An automated playbook to investigate suspected Phishing attempts - Phishing Investigation - Generic
-- Investigate a phishing incident using one or more integrations - Email Address Enrichment - Generic
-- Get email address reputation using one or more integrations - Process Email - Generic
-- Add email details into the relevant context entities and handle the case where you have attached original emails - Extract Indicators - Generic
-- Extract indicators from input data - DBot Indicator Enrichment - Generic
-- Get indicators internal Dbot score - Calculate Severity - Generic
-- Calculate incident severity by indicators' reputation and user/endpoint membership in critical groups - Entity Enrichment - Generic
-- Enrich entities using one or more integrations - File Enrichment - Generic
-- Get file reputation using one or more integrations - Search Endpoints By Hash - CrowdStrike
-- Hunt for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host - Search Endpoints By Hash - TIE
-- Hunt for sightings of MD5, SHA1 and/or SHA256 hashes on endpoints, using McAfee TIE - Search Endpoints By Hash - Carbon Black Response
-- Hunt for malicious indicators using Carbon Black
Improved Playbooks
- URL Enrichment - Generic
-- Add URL SSL verification
Scripts
2 New Scripts
- URLSSLVerification
-- Verify URL SSL certificate - getMlFeatures
-- Calculate features for machine learning
2 Improved Scripts
- GetIndicatorDBotScore
-- Support for custom indicator types - IsMaliciousIndicatorFound
-- Handle 'includeSuspicious' argument properly
Integrations
2 New Integrations
- Remedy AR
-- Professional development environment that leverages the recommendations of the IT Infrastructure Library (ITIL) and provides a foundation for Business Service Management (BSM) solutions - EWS v2
-- Exchange Web Services and Office 365 - More commands, better outputs structure and more reliable
6 Improved Integrations
- McAfee ESM-v10
-- Support changing organization when editing a case - Okta
-- Fix issue with unlock action - Remedy On-Demand
-- Added fetch-incidents support - ServiceNow
-- Fetch incidents now supports customised tables - SplunkPy
-- Add command splunk-parse-raw that parse Splunk '_raw' result. Protect Splunk notable events fetch from nil pointer - Rasterize
-- Forcing white background on emails for better visibility in the dark theme
Depracated
- EWS - use EWS v2 instead
Reputation
- Change IP regex to capture valid IP addresses only