Skip to content

Demisto Content 3.0.1 Release
Compare
Choose a tag to compare
@asafshen asafshen released this 10 Sep 06:14
3.0.1
d9bb6c1

Release Notes for version 3.0.1 (3674)

Playbooks

New Playbooks

  • McAfeeESMTest

Modified Playbooks

  • Phishing Playbook - Automated
    -- Fix default display name in email message

Integrations

New Integrations

  • AlienValut OTX
    -- Query IOCs in AlienVault
  • RSA Archer
    -- The RSA Archer GRC Platform provides a common foundation for managing policies, controls, risks, assessments and deficiencies across lines of business.
  • Cisco Spark
    -- Send messages, create rooms and more, via the Cisco Spark API.
  • Cybereason
    -- Gets processes/connections using the Cybereason API.
  • DomainTools
    -- Domain name, DNS and Internet OSINT-based cyber threat intelligence and cybercrime forensics products and data
  • Endgame
    -- Endpoint protection built to stop advanced attacks before damage and loss occurs
  • Service Manager
    -- Service Manager By Micro Focus (Formerly HPE Software).
  • MISP
    -- Malware Information Sharing Platform and Threat Sharing
  • malwr
    -- Analyze files using the malwr sandbox
  • PacketMail
    -- Intel look up for IPS
  • Panorama
    -- Manage Palo Alto Networks firewalls via the Panorama management interface
  • Phishme Intelligence
    -- Human-vetted, Phishing-specific Threat Intelligence from Phishme.
  • SumoLogic
    -- Cloud-based service for logs & metrics management
  • Symantec Advanced Threat Protection
    -- Advanced protection capabilities from Symantec
  • urlscan.io
    -- Urlscan.io reputation
  • Verodin
    -- Verodin simulations and topology
  • fireeye
    -- Perform malware dynamic analysis
  • jamf
    -- Jamf device management

Modified Integrations

  • Cisco Umbrella Investigate
    -- Fix response in non-existing domains/ip
  • Cisco CloudLock
    -- Added Demisto side filtering of results
  • Cylance Protect
    -- Better error notifications
  • McAfee ESM-v10
    -- Added Support for case management and fetch incidents of cases
  • Incapsula
    -- Added proxy setting support
  • LightCyber Magna
    -- Added the commands lcm-host-autoruns, lcm-host-processes-internet-connections, lcm-host-loaded-modules, lcm-host-processes, lcm-host-processes, lcm-host-suspicious-artifacts, lcm-host-opened-ports
  • LogRhythm
    -- Support exporting incident full JSON
  • EWS
    -- Support get attachment of an item(mail)
  • ProtectWise
    -- Consolidated command names. Upgraded with outputs. Can fetch incidents from Protectwise events with filtering on event names. Timestamps presented in human readble format.
  • QRadar
    -- Support exporting incident full JSON
  • RSA NetWitness Packets and Logs
    -- Add last minutes functionality
  • RSA NetWitness Security Analytics
    -- Upgrade to new format. Added human readable format and some command fixes
  • SplunkPy
    -- First fetch to bring last 10 minutes notable events
  • ThreatConnect
    -- Fix proxy condition in TC, add threshold, and fix various issues, support Dbot score and context update, change no results outputs
  • Threat Grid
    -- Fixed file return bug
  • Vectra
    -- Support exporting incident full JSON
  • Venafi
    -- Context creation by Venafi search and new serach arguments
  • jira
    -- Merging Ticket entity by Id
  • McAfeeDAM
    -- Support exporting incident full JSON
  • Rasterize
    -- Added proxy settings
  • Trend Micro
    -- Support exporting incident full JSON

Reports

Scripts

New Scripts

  • DataDomainReputation
    -- Evaluate reputation of a URL and Domain and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned.
  • EmailAskUserResponse
    -- Extract user's response from EmailAskUser reply. Returns the first textual response line of the provided entry that contains the reply body. Use ${lastCompletedTaskEntries} to analyze the previous playbook task containing the user's reply.
  • ExtractDomain
    -- Extract Domains from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON.
  • ExtractDomainFromURL
    -- Extract Domain from a URL. Domain will include sub-domain as well
  • ExtractDomain
    -- Extract Domains from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON.
  • HTTPListRedirects
    -- List the redirects for a given URL
  • IsValueInArray
    -- Look for value in an array
  • MatchRegex
    -- Extract regex data from given text - supports groups as well
  • PanoramaDynamicAddressGroup
  • ResolveShortenedURL
    -- Resolve the original URL from the given shortened URL and place it in both as output and in the context of a playbook. (https://unshorten.me/api)
  • ToTable
    -- Convert an array to a nice table display. Usually, from the context.
  • URLNumberOfAds
  • isError
    -- Check whether given entry/entries returned an error. Use ${lastCompletedTaskEntries} to check the previous task entries. If array is provided, will return yes if one of the entries returned an error.
  • misp_download_sample
    -- Download malicious file sample from MISP
  • misp_upload_sample
    -- Upload malicious file sample to MISP

Modified Scripts

  • ADGetAllUsersEmail
    -- Deprecated
  • ADGetComputer
    -- Split Groups in context into array
  • ADGetGroupMembers
    -- Split Groups in context into array
  • ADGetUser
    -- Added limit param and set default size limit
  • AreValuesEqual
    -- Arguments are not mandatory anymore. If either of the arguments are missing, no is returned.
  • CommonServer
    -- Added createdEntry function and dqQueryBuilder
  • CommonServerPython
    -- added html to formats
  • DataHashReputation
    -- Manually set value of indicator reputation will now superceed threat intel sites
  • DataIPReputation
    -- Manually set value of indicator reputation will now superceed threat intel sites
  • DataURLReputation
    -- Manually set value of indicator reputation will now superceed threat intel sites
  • EmailAskUser
    -- Options in HTML email are clickable links that open a new email with the selected option
  • ExposeList
    -- Deprecated
  • ExposeUsers
    -- Deprecated - 'getUsers' builtin command should be used
  • ExtractURL
    -- The ability to extract urls from query string
  • FileCreateAndUpload
    -- Converted to JS. Added the ability to take entry ID for storing its content to file.
  • IsMaliciousIndicatorFound
    -- Added the ability to check suspicious indicators as well
  • LoadJSON
    -- Add outputs and save in context
  • NessusCreateScan
    -- deprecated. Use integration command
  • NessusGetReport
    -- deprecated. Use integration command
  • NessusHostDetails
    -- deprecated. Use integration command
  • NessusLaunchScan
    -- deprecated. Use integration command
  • NessusListScans
    -- deprecated. Use integration command
  • NessusScanDetails
    -- deprecated. Use integration command
  • NessusScanStatus
    -- deprecated. Use integration command
  • NessusShowEditorTemplates
    -- deprecated. Use integration command
  • NotInContextVerification
    -- removed spaces from cmdArgs
  • ParseEmailFiles
    -- Adding support for mixed CR/LF in fileType. Support utf-8 chars.
  • StringContains
    -- Support looking for one substring out of a list
  • VerifyContext
    -- removed spaces from field names

Removed Scripts

  • SendURLDetailsByEmail
Assets 3
Loading