Demisto Content Release Notes for version 18.10.3 (14022)
Published on 30 October 2018
3 New Integrations
- AWS - CloudWatchLogs Amazon Web Services CloudWatch Logs (logs). For more information, see the Amazon Web Services CloudWatch documentation.
- BitDam BitDam secure email gateway protects against advanced content-borne threats with the most accurate prevention of known and unknown threats, at their source. For more information, see the BitDam documentation.
- Red Canary Red Canary collects endpoint data using Carbon Black Response and CrowdStrike Falcon.
15 Improved Integrations
- AWS - S3 Added the aws-s3-upload-file command. For more information, see the AWS S3 documentation.
- Carbon Black Enterprise Live Response Improved the integration test.
- IntSights Improved integration implementation and execution. For more information, see the IntSights documentation.
- Devo Added a default results limit of 30.
- EWS v2 Added support for Public Folders and compliance search in Office 365.
- FireEye HX Added enforcement of passing either the defaultSystemScript argument or both the script and scriptName arguments when running the fireeye-hx-data-acquisition command.
For more information, see the Lastline documentation.- Improved outputs, error messages, and code readability.- Added support to insert multiple inputs for the ___lastline-get___ command.
- PagerDuty v2 Added support to send ServiceKey with the PagerDuty-submit-event command.
- Dell Secureworks Added support for getting ticket attachments.
- Added support for the catalog task ticket type.
- Improved error messages.
- SumoLogic Added support to use the equal sign in the query and headers arguments for the search command.
- ThreatConnect Fixed a filter issue when the ratingThreshold argument is specified.
- FireEye iSIGHT Added DBot score output for indicators that do not contain data.
- McAfee ePO
Added 2 commands: - ___epo-get-tables___- ___epo-query-table___
- Cisco Umbrella Investigate
Added 13 commands:- ___domain___- ___umbrella-get-related-domains___- ___umbrella-get-domain-classifiers___- ___umbrella-get-domain-queryvolume___- ___umbrella-get-domain-details___- ___umbrella-get-domains-for-email-registrar___- ___umbrella-get-domains-for-nameserver___- ___umbrella-get-whois-for-domain___- ___umbrella-get-malicious-domains-for-ip___- ___umbrella-get-domains-using-regex___- ___umbrella-get-domain-timeline___- ___umbrella-get-ip-timeline___- ___umbrella-get-url-timeline___
2 New Scripts
- IsListExist Checks if a list exists in Demisto lists.
- RegexGroups Extracts elements that are contained in all the subgroups that match the pattern.
5 Improved Scripts
- EPOFindSystem Improved error handling.
- FireEyeDetonateFile Added arguments to enable setting analysis type and pre-fetch when running the script.
- PagerDutyAlertOnIncident PagerDuty API v2 is now supported.
- UnzipFile Enabled decompression of AES encrypted files.
- TextFromHTML Added support for multiple languages.
- CloseInvestigation Use the closeInvestigation command.
13 New Playbooks
- Add Indicator to Miner - Palo Alto MineMeld Add indicators to the relevant Miner using MineMeld.
- Detonate File - BitDam Detonates one or more files using BitDam integration.
- Block Account - Generic This playbook blocks malicious usernames using all integrations that you have enabled.
- Block File - Carbon Black Response This playbook receives an MD5 hash and adds it to the blacklist in Carbon Black Enterprise Response..
- Block File - Generic A generic playbook for blocking files from running on endpoints.
- Block IP - Generic This playbook blocks malicious IPs using all integrations that you have enabled.
- Block Indicators - Generic This playbook blocks malicious Indicators using all integrations that you have enabled.
- Block URL - Generic This playbook blocks malicious URLs using all integrations that you have enabled.
- Demisto Self-Defense - Account policy monitoring playbook Get list of Demisto users through the REST API, and alert if any non-SAML user accounts are found.
- Detonate File - Lastline Detonates a File using the Lastline sandbox.
- Detonate URL - Lastline Detonates a URL using the Lastline sandbox integration.
- Office 365 Search and Delete Run a ComplianceSearch on Office 365 and delete the results.
- Phishing Investigation - Generic Use this playbook to investigate and remediate a potential phishing incident. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself.
3 Improved Playbooks
- Detonate File - Generic Added the Lastline Detonate File playbook.
- Detonate URL - Generic Added the Lastline Detonate URL playbook.
- Phishing Investigation - Generic Added support for blocking malicious indicators in relevant integrations.