Releases: demisto/content
Releases · demisto/content
Demisto Content 18.2.4 release
Demisto Content Release Notes for version 18.2.4 (7342)
Published on 20 February 2018
Playbooks
2 Improved Playbooks
- Domain Enrichment - Generic
-- Run enrichment only if available modules exists and are enabled - URL Enrichment - Generic
-- Added input flag for screenshots
Integrations
8 Improved Integrations
- RSA Archer
-- Login method now communicates using SOAP protocol - McAfee ESM-v10
-- Remove unneeded log line that caused an issue with Fetch incidents - OpenPhish
-- Added DBotScore 0 when there is no score from OpenPhish - Symantec Endpoint Protection
-- Added option to filter endpoints info by computer-name, os, last-updated and page-size - VirusTotal
-- Added DBotScore 0 to file when there is no score from VirusTotal - WildFire
-- Added WildFire report details to the context output - McAfee ePO
-- Better handling of string-type outputs - McAfeeDAM
-- Improved war-room result appearance - General
-- Grouped Data enrichment & Threat intelligence categories together
-- Rearranged integration categories
Scripts
2 Improved Scripts
- AddEvidence
-- Handle case where 'occurred' or 'tags' arguments are not supplied - IncidentSet
-- Can now set unknown incident severity set
Deprecated Scripts
- BinaryReputationPy
-- Please use ExtractHash to extract data, and use 'file' command to get reputation
Demisto Content 18.2.3 release
Demisto Content Release Notes for version 18.2.3 (7120)
Published at 10 February 2018
Playbooks
-
Phishing Playbook - Automated
-- Supported in 3.1.0 -
Detonate file
-- Supported in 3.1.0
Demisto Content 18.2.2 release
Demisto Content Release Notes for version 18.2.2 (7041)
Published at 06 February 2018
Integrations
New Integrations
- VxStream
-- Fully automated malware analysis with unique Hybrid Analysis. (formerly Payload Security VxStream)
1 Improved Integrations
- Zscaler
-- Rename command "zcaler-blacklist-url" to "zscaler-blacklist-url"
Demisto Content 18.2.0 release
Demisto Content Release Notes for version 18.2.0 (7001)
Published 05 February 2018
Playbooks
Improved Playbook
- WildFire - Detonate file
-- Detonating files using the 'detonate-file' command
Integrations
New Integration
- Zscaler
-- Zscaler is a cloud security solution built for performance and flexible scalability
2 Improved Integrations
- GRR
-- Handles CSRF retrieval functionality - WildFire
-- Added file and remote-file detonation commands
Scripts
New Script
- emailFieldTriggered
-- Sends an email to the incident owner when selected field is triggered
5 Improved Scripts
- AddEvidence
-- Adds evidence with occurred time and tags - AssignAnalystToIncident
-- Assigns current user as the incident owner - CheckWhitelist
-- Indicator white list is now the default white list - ExtractDomain
-- Ignore www. in domains extract and take into account emails for domain extraction - IsMaliciousIndicatorFound
-- Take into account indicators (from indicators DB) for IsMalicious
Files Reputation
-- Using ParseEmailFiles enhancement script on files
Demisto Content 18.1.2 release
Demisto Content Release Notes for version 18.1.2 (6255)
Published at 23 January 2018
Integrations
New Integration
- VMware
-- Manage virtual machines and ESXi hosts centrally
3 Improved Integrations
- McAfee ESM-v10
-- added support to version 10.2 - MISP
-- Added internal-misp-create-event and internal-misp-add-attribute commands - SplunkPy
-- Added hostname indicator to splunk search results
Scripts
2 New Scripts
- GeneratePassword
-- Generates a password and allows various parameters to customize the properties of the password - SendEmailToManager
-- Send an approval email to the manager of the employee with the given email allowing the manager to reply directly into the incident
5 Improved Scripts
- AssignAnalystToIncident
-- Return proper error entry message if script fails - EmailAskUser
-- Added option to use persistent entitlement to support adding artifacts to the war room by multiple external users - ExtractDomain
-- Ignore "www." in domains extraction - SendEmailToManager
-- Added the option to use persistent entitlement to support adding artifacts to the war room by multiple external users - SlackAskUser
-- Add the option to use persistent entitlement to support adding artifacts to the war room by multiple external users
Demisto Content 18.1.1 release
Demisto Content Release Notes for version 18.1.1 (5676)
Published at 09 January 2018
Playbooks
4 New Playbooks
- Calculate Severity - Generic
-- Calculate incident severity by indicator reputation and user/endpoint membership in critical groups - Get File Sample From Hash - Generic
-- Returns to the war-room a file sample that corresponds to the hash, using one or more products/services - Get File Sample From Hash - Carbon Black Enterprise Response
-- Returns to the war-room a file sample that corresponds to an MD5 hash, using Carbon Black Enterprise Response integration - Get File Sample From Hash - Cylance Protect
-- Returns to the war-room a file sample that corresponds to a SHA256 hash, using Cylance Protect integration
Integrations
3 New Integrations
- Kenna
-- Kenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and re-mediate vulnerabilities - Joe Security
-- Cloud-based sandbox service - Check Point Sandblast Appliance
-- Query, upload and download data using Check Point Sandblast
4 Improved Integrations
- Remedy On-Demand
-- Added option to add custom fields to incident creation and perform insecure login - ArcSight Logger
-- ArcSight events logger - IntSights
-- Integration can now fetch incidents - Zendesk
-- Added zendesk-add-user for adding end users. Added zendesk-get-article to get help center article
Scripts
7 New Scripts
- ActiveUsersD2
-- Get active users from a D2 agent and parse them into context - CrowdStrikeStreamingPreProcessing
-- Pre processing script for CrowdStrike Streaming - D2ActiveUsers
-- Show local accounts - D2ExecuteCommand
-- Run a D2 built-in command on a D2 agent - FetchFileD2
-- Get a file from endpoint using a D2 agent - ParseWordDoc
-- Takes docx file (entryID) as an input and saves a text file (file entry) with the original file's contents - UserEnrichAD
-- Enhancement automation for user type indicator, to enrich the user name from Active Directory data
5 Improved Scripts
- ADGetComputer
-- Automation will now create hostname indicator. default argument is now 'name' - ADGetUser
-- Automation will now create user indicator - ParseCSV
-- ParseCSV by default will parse the whole csv - ParseEmailHeaders
-- Support multi values headers (e.g. Received header) - Set (Set context)
-- If object passed as string, Set will parse the value to JSON then set to context
Reputations
-- Add new user type reputation to use for manual indicator and in automations
Demisto Content 18.1.0 release
Demisto Content Release Notes for version 18.1.0 (5638)
Published at 07 January 2018
Playbooks
4 New Playbooks
- Calculate Severity - Generic
-- Calculate incident severity by indicator reputation and user/endpoint membership in critical groups - Get File Sample From Hash - Generic
-- Returns to the war-room a file sample that corresponds to the hash, using one or more products/services - Get File Sample From Hash - Carbon Black Enterprise Response
-- Returns to the war-room a file sample that corresponds to an MD5 hash, using Carbon Black Enterprise Response integration - Get File Sample From Hash - Cylance Protect
-- Returns to the war-room a file sample that corresponds to a SHA256 hash, using Cylance Protect integration
Integrations
3 New Integrations
- Kenna
-- Kenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and re-mediate vulnerabilities - Joe Security
-- Cloud-based sandbox service - Check Point Sandblast Appliance
-- Query, upload and download data using Check Point Sandblast
4 Improved Integrations
- Remedy On-Demand
-- Added option to add custom fields to incident creation and perform insecure login - ArcSight Logger
-- ArcSight events logger - IntSights
-- Integration can now fetch incidents - Zendesk
-- Added zendesk-add-user for adding end users. Added zendesk-get-article to get help center article
Scripts
7 New Scripts
- ActiveUsersD2
-- Get active users from a D2 agent and parse them into context - CrowdStrikeStreamingPreProcessing
-- Pre processing script for CrowdStrike Streaming - D2ActiveUsers
-- Show local accounts - D2ExecuteCommand
-- Run a D2 built-in command on a D2 agent - FetchFileD2
-- Get a file from endpoint using a D2 agent - ParseWordDoc
-- Takes docx file (entryID) as an input and saves a text file (file entry) with the original file's contents - UserEnrichAD
-- Enhancement automation for user type indicator, to enrich the user name from Active Directory data
5 Improved Scripts
- ADGetComputer
-- Automation will now create hostname indicator. default argument is now 'name' - ADGetUser
-- Automation will now create user indicator - ParseCSV
-- ParseCSV by default will parse the whole csv - ParseEmailHeaders
-- Support multi values headers (e.g. Received header) - Set (Set context)
-- If object passed as string, Set will parse the value to JSON then set to context
Reputations
- Add new user type reputation to use for manual indicator and in automations
Demisto Content 17.12.3 release
Demisto Content Release Notes for version 17 ❅ 12 ❅ 3 (5348)
❅❅❅ Published at 24 December 2017 ❅❅❅
Playbooks
4 New Playbooks
- Calculate Severity - Generic
-- Calculate incident severity by indicators reputation and user/endpoint membership in critical groups - Get File Sample From Hash - Carbon Black Enterprise Response
-- Returns to the war-room a file sample correlating to MD5 hashes in the context using Carbon Black Enterprise Response integration - Get File Sample From Hash - Cylance Protect
-- Returns to the war-room a file sample correlating to SHA256 hashes in the context using Cylance Protect integration - Get File Sample From Hash - Generic
-- Returns to the war-room a file sample correlating from a hash using one or more products
Integrations
2 New Integrations
- Symantec MSS
-- Symantec Managed Security Services - OPSWAT-Metadefender
-- Metadefender multi-scanning engine that uses 30+ anti-malware engines to scan files for threats
7 Improved Integrations
- GRR
-- Fixed parsing of paths for grr_get_files - EWS
-- Added move-item command. Ability to fetch incidents with folder ID - Okta
-- Added okta-unlock-user command - Phishme Intelligence
-- Added Threat IDs and last published date to output - QRadar
-- Added support for offense notes - Vmray
-- Can now use upload_sample command with war-room file - VirusTotal
-- Handling missing ASN scenario
Scripts
2 New Scripts
- LanguageDetect
-- Language detection based on Google's language-detection - SendMessageToOnlineUsers
-- Send message to Demisto online users over Email, Slack or both
Improved Scripts
- EmailAskUserResponse
-- Ignore multi-line scripts and style sections in email body
❅ ❅ ❅ ❅ ❅
❅ ❅ ❅ ❅
❅ ❅ ❅ ❅ ❅ ❅
❅ ❅ ❅ Demisto Wishes You Happy Holidays ❅ ❅ ❅
Demisto Content 17.11.2 release
Demisto Content Release Notes for version 17.12.2 (5067)
Integrations
New Integrations
- Secdo
-- Secdo's automated incident response platform hunts threats in real time and delivers an endpoint detection and response solution
8 Improved Integrations
- McAfee Advanced Threat Defense
-- Complex fields are now formatted for better readability - EWS
-- Supports searching more than 20000 mailboxes - OpsGenie
-- Added ability to get all schedules, and to get on-call for future time - Check Point Sandblast
-- Added an option to use the integration without API key (for example, when using on premises) - ServiceNow
-- Added type ticket (normal, standard, emergency) argument to the create and update commands
-- Added ticket state argument to the create and update commands
-- Added Get group details command (servicenow-get-groups) - SplunkPy
-- Supports queries that start with | on splunk-search - Tanium
-- Added option to specify Action Group for tn-deploy-action - VirusTotal
-- Handling missing ASN scenario - VxStream
-- Added file detonation
Scripts
4 New Scripts
- ContextGetEmails
-- Gets all email addresses in context - ContextGetHashes
-- Gets hashes (MD5,SHA1,SHA256) from context - ContextGetIps
-- Gets all IP addresses in context - listExecutedCommands
-- Lists executed commands in War Room
2 Improved Scripts
- ADGetGroupMembers
-- Fixed script failure when user/computer has no groups - IsIPInRanges
-- Fixed subnet calculation
Depracated Scripts
- IsIPInSubnet
-- Use IsIPInRanges instead
Common Utilities Functions
Javascript New Utilities
- formatTableValuesAdded
-- format Demisto table cells as strings
Demisto Content 17.12.1 release
Demisto Content Release Notes for version 17.12.1 (5041)
Integrations
New Integrations
- Secdo
-- Secdo's automated incident response platform hunts threats in real time and delivers an endpoint detection and response solution
8 Improved Integrations
- McAfee Advanced Threat Defense
-- Complex fields are now formatted for better readability - EWS
-- Supports searching more than 20000 mailboxes - OpsGenie
-- Added ability to get all schedules, and to get on-call for future time - Check Point Sandblast
-- Added an option to use the integration without API key (for example, when using on premises) - ServiceNow
-- Added type ticket (normal, standard, emergency) argument to the create and update commands. Added ticket state argument to the create and update commands. Added Get group details command - SplunkPy
-- Supports queries that start with | on splunk-search - Tanium
-- Added option to specify Action Group for tn-deploy-action - VxStream
-- Added file detonation
Scripts
5 New Scripts
- ContextGetEmails
-- Gets all email addresses in context - ContextGetHashes
-- Gets hashes (MD5,SHA1,SHA256) from context - ContextGetIps
-- Gets all IP addresses in context - DedupIncidentsByML
-- Scans given incident (or the the incident currently being investigated), for similar incidents in the Demisto platform, if found , will duplicate and close current incident - listExecutedCommands
-- Lists executed commands in War Room
2 Improved Scripts
- ADGetGroupMembers
-- Fixed script failure when user/computer has no groups - IsIPInRanges
-- Fixed subnet calculation
Depracated Scripts
- IsIPInSubnet
-- Use IsIPInRanges instead
Common Utilities Functions
Javascript New Utilities
- formatTableValuesAdded
-- format Demisto table cells as strings