Demisto Content Release Notes for version 18.12.1 (15710)

Published on 11 December 2018


9 New Integrations

  • AWS - Security Hub Amazon Web Services Security Hub Service.
  • AWS SageMaker AWS SageMaker - Demisto Phishing Email Classifier.
  • Cymon Analyzes suspicious domains and IP addresses. For more information, see the Cymon documentation.
  • SNDBOX SNDBOX as a service. For more information, see the SNDBOX documentation.
  • Cisco Stealthwatch Cloud Protect your cloud assets and private network. For more information, see the Stealthwatch Cloud documentation.
  • Whois Provides data enrichment for domains and IP addresses. For more information, see the Whois documentation.
  • dnstwist Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. For more information, see the dnstwist documentation.
  • InfoArmor VigilanteATI VigilanteATI redefines Advanced Threat Intelligence. InfoArmor's VigilanteATI platform and cyber threat services act as an extension of your IT security team. For more information, see the InfoArmore VigilanteATI documentation.
  • Awake Security Network Traffic Analysis. For more information, see the Awake Security documentation.

20 Improved Integrations

  • AWS - EC2
    • Added two commands:
      - ___aws-ec2-modify-instance-attribute___.
      - ___aws-ec2-modify-network-interface-attribute___.
    • Upgraded Boto3 version to v1.9.55.
  • AWS - IAM Added nine commands:
    - ___aws-iam-create-policy___
    - ___aws-iam-delete-policy___
    - ___aws-iam-create-policy-version___
    - ___aws-iam-delete-policy-version___
    - ___aws-iam-list-policy-versions___
    - ___aws-iam-get-policy-version___
    - ___aws-iam-set-default-policy-version___
    - ___aws-iam-create-account-alias___
    - ___aws-iam-delete-account-alias___
  • AWS - S3 You can now create a bucket in any region.
  • ArcSight ESM Added logout handling.
  • Box Added two command:
    - ___box_files_get___
    - ___box_files_get_info___
  • Lastline Improved quota error handling.
  • McAfee Advanced Threat Defense
    • Improved outputs for malicious files.
    • Added support to get reports of various types.
    • Fixed rounding long numbers of IDs.
  • McAfee NSM Added the sensor_id argument to the get-alert-details command.
  • Mimecast Added two commands:
    • mimecast-get-message.
    • mimecast-download-attachments.
  • okta Added three commands:
    - ___okta-get-user-factors___
    - ___okta-verify-push-factor___
    - ___okta-reset-factor___
  • OpenPhish Added support to trust any certificate in HTTP requests.
  • PagerDuty v2 Added two commands:
    - ___PagerDuty-acknowledge-event___
    - ___PagerDuty-resolve-event commands___
  • ServiceNow Added the servicenow-get-table-name command.
  • Improved integration outputs.
  • Improved implementation of the tenable-sc-get-device command.
  • Improved integration outputs.
  • Venafi Improved integration implementation.
  • Zscaler URL validation for the zscaler-blacklist-url command matches the Zscaler GUI.
  • Cisco Meraki Updated the API login URL.
  • Atlassian Jira Improved authentication process.

Deprecated Integration

  • Mimecast Authentication Deprecated Use the Mimecast integration.


4 New Scripts

  • DemistoUploadFileToIncident Upload a file to a specified incident using the EntryID.
  • JiraCreateIssue-example Use this script simplify the process of creating a new issue in Jira.
  • ServiceNowCreateIncident Use this script to wrap the generic create-record command in ServiceNow.
  • ServiceNowQueryIncident Use this script to wrap the generic query-table command in ServiceNow.
  • ServiceNowUpdateIncident Use this script to wrap the generic update-record command in ServiceNow.

6 Improved Scripts

  • ADGetUser Return multiple results when running the script with a custom query.
  • Base64ListToFile Support for compressed data (zipped).
  • CBFindHash Fixed an issue in which the script does not return results.
  • FindSimilarIncidents
    • Added support for the OR condition.
    • Added a custom query argument.
  • QRadarGetCorrelationLogs The start_time field can now be either epoch time or a date string.
  • QRadarGetOffenseCorrelations The start_time field can now be either epoch time or a date string.


New Playbook

  • Detonate File - SNDBOX Detonates a file using the SNDBOX integration.

4 Improved Playbooks

  • Detonate File - Generic Added support for the SNDBOX integration.
  • ATD - Detonate File Improved playbook outputs.
  • Detonate URL - McAfee ATD Improved playbook outputs.
  • CrowdStrike Endpoint Enrichment Improved playbook outputs.