Demisto Content Release Notes for version 18.11.0 (14606)

Published on 13 November 2018

Integrations

5 New Integrations

  • BigFix IBM BigFix Patch provides an automated, simplified patching process that is administered from a single console. For more information, see the IBM BigFix documentation.
  • Google Vault Archiving and eDiscovery for G Suite. For more information, see the Google Vault documentation.
  • Luminate Enrich reports and respond to incidents. For more information, see the Luminate documentation.
  • Tenable.io A comprehensive asset centric solution to accurately track resources while accommodating dynamic assets such as cloud, mobile devices, containers and web applications. For more information, see the Tenable.io documentation.
  • Windows Defender Advanced Threat Protection Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. For more information, see the Windows Defender ATP documentation.

18 Improved Integrations

  • Carbon Black Enterprise Live Response
    • Improved error messages for the session-create-and-wait command.
    • Improved results for the cb-session-close command to reflect the actual session status for a CB Response case.
  • Carbon Black Enterprise Response
    • Improved outputs for the command cb-binary command to display full results for the Hostname field.
    • Improved implementation of the cb-process-events command to prevent failure in case the information returned is partial.
  • CrowdStrike Falcon Intel Improved output for DBotScore when an indicator is not found.
  • EWS v2 Fixed a typo in compliance search methods.
  • Gmail Added two commands to implement an email blockage use case. For more information, see the Gmail documentation.
    - ___gmail-add-delete-filter___
    - ___gmail-add-filter___
  • Cylance Protect v2 Added 5 commands:
    - ___cylance-protect-download-threat___
    - ___cylance-protect-add-hash-to-list___
    - ___cylance-protect-delete-hash-from-lists___
    - ___cylance-protect-get-policy-details___
    - ___cylance-protect-delete-devices___
  • Mimecast v2
    • Refactored the Mimecast integration. Mimecast v1 is now deprecated.
    • Implemented incident fetching.
      • Fetch URL logs: Fetches email logs containing malicious URLs
      • Fetch attachment logs: Fetches email logs containing malicious attachments
      • Fetch impersonation logs: Fetches email logs containing impersonation incidents
    • Added 12 commands:
      • mimecast-list-blocked-sender-policies
      • mimecast-create-policy
      • mimecast-delete-policy
      • mimecast-get-policy
      • mimecast-query
      • mimecast-url-decode
      • mimecast-manage-sender
      • mimecast-list-managed-url
      • mimecast-create-managed-url
      • mimecast-list-messages
      • mimecast-get-url-logs
      • mimecast-get-impersonation-logs
      • mimecast-get-attachment-logs
  • Palo Alto MineMeld Improved implementation of whitelist/blacklist initialization.
  • Rapid7 Nexpose Added support to view, stop, pause and resume scans. For more information, see the Rapid7 Nexpose documentation.
  • SCADAfence CNM Added two commands. For more information, see the SCADAfence CNM documentation.
    - ___scadafence-getAllConnections___
    - ___scadafence-createAlert___
  • SplunkPy Added support to fetch notable events using Splunk Time instead of the Demisto server time.
  • VirusTotal - Private API Improved the error message when the quota is exceeded.
  • Palo Alto WildFire The wildfire-upload command now supports multiple uploads.
  • McAfee ePO
    • Added two commands.
      • epo-find-system
      • epo-get-version
    • Improved outputs for the epo-query-table command.
  • Rasterize Added rasterize-image command to securely display images in war room.
  • IBM QRadar
    • Added the qradar-get-reference-by-name command.
    • Reimplemented the integration in Python.
  • Cisco Threat Grid
    • Updated the integration to align with changes in Threat Grid API.
    • Enhanced outputs for the threat-grid-get-analysis-by-id command.
    • Added two commands:
      - ___threat-grid-search-urls___
      - ___threat-grid-search-samples___
  • urlscan.io
    • The ip and file commands are no longer supported.
    • Reformatted context outputs.
    • Added the command urlscan-search

Scripts

2 New Scripts

  • ExifRead Read image files' metadata and provide Exif tags.
  • ParseExcel The automation takes an Excel file (entryID) as an input and parses its content to the War Room and context.

6 Improved Scripts

  • ADGetUser Improved display formatting of UserAccountControl flags.
  • BlockIP The rulename and ipname arguments are now optional, and include improved defaults.
  • CPBlockIP The rulename and ipname arguments are now optional, and include improved defaults.
  • PanoramaBlockIP The rulename argument is now optional, and includes improved defaults.
  • ProofpointDecodeURL Improved handling of error scenarios.
  • ReadPDFFile Improved handling PSEOF error.

Playbooks

2 New Playbooks

  • QRadarFullSearch This playbook runs a QRadar query and returns the query results to the context.
  • Tenable.io Scan Run a Tenable.io scan.

Assets