Demisto Content Release Notes for version 18.11.2 (15082)

Published on 28 November 2018


3 New Integrations

  • Server Message Block (SMB) Retrieve files from an SMB server. For more information, see the SMB documentation.
  • FortiGate Manage firewall settings and groups. For more information, see the FortiGate documentation.
  • Tenable Security Center Get a real-time, continuous assessment of your security posture so you can find and fix vulnerabilities faster. For more information, see the documentation.

12 Improved Integrations

  • ServiceNow

    • Added support to retrieve records from any table generically in addition to tickets.
    • Deprecated the servicenow-get command. Use the servicenow-get-ticket and servicenow-get-record commands instead.
    • Deprecated the servicenow-create command. Use the servicenow-create-ticket and servicenow-create-record commands instead.
    • Deprecated the servicenow-update command. Use the servicenow-update-ticket and servicenow-update-record commands instead.
    • Deprecated the servicenow-query command. Use the servicenow-query-tickets and servicenow-query-table commands instead.
    • Added the servicenow-list-table-fields command.
  • Cylance Protect v2 Improved fetch incidents implementation.

  • Lastline In the lastline-get-report command, we added the isArray option to the uuid argument.

  • Mimecast

    • Added 3 authentication commands:
      - ___mimecast-login___
      - ___mimecast-discover___
      - ___mimecast-refresh-token___
    • Improved outputs for the mimecast-query command command.
    • Added a process for automatic token refresh.
  • PagerDuty v2 Added fetch incidents functionality.

  • Phish.AI Added generic polling functionality for URLs.

  • IBM QRadar Added 5 commands:

    - ___qradar-create-reference-set___
    - ___qradar-delete-reference-set___
    - ___qradar-create-reference-set-value___
    - ___qradar-update-reference-set-value___
    - ___qradar-delete-reference-set-value___
  • Recorded Future Improved the error message when an IOC does not exist in Recorded Future.

  • Venafi

    • Added the venafi-get-certificate-details command.
    • Improved outputs for the venafi-get-certificates command.
  • RSA NetWitness Endpoint Fixed a bug when querying machines by hostname.

  • FireEye HX Fixed a fireeye-hx-host-containment command name error.

  • RSA NetWitness v11.1 Fixed an error for bad responses when retrieving a token.


6 New Scripts

  • JSONFileToCSV Converts a JSON file War Room output to a CSV file.
  • JSONtoCSV Converts a JSON War Room output via EntryID to a CSV file.
  • SetByIncidentId Sets a value to the context with the specified context key of a given incident.
  • URLDecode Decodes a URL from a URL query to human-readable URL.
  • WordTokenize Tokenize the words of an input text.
  • ParseJSON Parse a given JSON string "value" to a representative object.

4 Improved Scripts

  • GetTime
    • Added time functions: UTC, year, month, day in week, hours, and UTC hours.
    • Fixed GMT time to use UTC, and to not be case-sensitive.
  • LoadJSON Parses complicated JSON structures.
  • CreateEmailHtmlBody
    • Added the ability to have custom fields in the template in both .incident.CustomFields. and _incident.__ formats.
    • Added the option to replace non-found placeholder values with empty string.
  • ActiveUsersD2 Discarded uniqBy use.


New Playbooks

  • Detonate File - Cuckoo Detonates files using the Cuckoo integration.
  • Detonate URL - Cuckoo Detonates URLs using the Cuckoo integration.
  • Detonate URL - Phish.AI Detonates a URL using the Phish.AI integration.
  • Launch Scan - Launches an existing scan by scan ID, and waits for the scan to finish by polling the scan status according to predefined intervals.

2 Improved Playbooks

  • Detonate File - Generic Added support for Cuckoo Sandbox.
  • Detonate URL - Generic Added support for Cuckoo Sandbox.