Demisto Content Release Notes for version 18.9.0 (12477)

Published on 04 September 2018


3 New Integrations

20 Improved Integrations

  • RSA Archer Passwords now support special characters.
  • Carbon Black Defense Improved outputs in the cbd-get-alerts-details command. For more information, see the Carbon Black Defense documentation.
  • CrowdStrike Falcon Host Improved outputs for the cs-device-search command. For more information, see the CrowdStrike Falcon Host documentation.
  • Cybereason For more information, see the Cybereason documentation.
    - Added the following commands.
    - ___cybereason-add-comment___
    - ___cybereason-query-malops___
    - ___cybereason-update-malop-status___
    - ___cybereason-malop-processes___
    - Added malops fetch.
    - Added client-certificate authentication.
  • McAfee ESM v10 Added the following commands.
    - ___esm-get-alarm-event-details___
    - ___esm-list-alarm-events___
  • GRR Rapid Response Improved property identifier to username. For more information, see the GRR Rapid Response documentation.
  • MISP Fix proxy parameter issue.
  • McAfee Advanced Threat Defense Deprecated several commands. You should use the relevant detonate playbook. For more information, see the McAfee Advanced Threat Defense documentation.
    - ___deprecate detonate-file___
    - ___detonate-url commands___
  • McAfee NSM Added proxy support.
  • Okta Added the following commands. For more information, see the Okta documentation.
    - ___okta-suspend-user___
    - ___okta-unsuspend-user___
  • RSA NetWitness v11.1 There are separate checkboxes to fetch incident data and to fetch alert data. If you want to fetch alert data, you need to select both checkboxes. For more information, see the NetWitness v11 documentation.
  • Rapid7 Nexpose Added the nexpose-create-site command. For more information, see the Rapid7 Nexpose documentation.
  • Salesforce Added the salesforce-delete-case command. For more information, see the Salesforce documentation.
  • SplunkPy Fixed an encoding issue in the splunk-submit-event command.
  • Cisco Threat Grid Added the playbook parameter.
  • Tanium
    • Added the following commands.
      • tn-ask-manual-question
      • tn-get-sensor
      • tn-get-action
    • Modified the tn-deploy-package command.
      • Added sensor variables as an argument.
      • Added action details to the outputs.
      • Improved raw response.
    • Modified the tn-get-package command.
      • Added sensor variable to outputs.
  • Fixed the display for empty ASN.
  • VirusTotal ScanID will appear now in the context data instead of in the command war-room output.
  • CyberArk AIM Added the cyber-ark-aim-query command.
  • Atlassian Jira Improved the jira-edit-issue command. For more information, see the Jira documentation.


1 New Script

  • EncodeToAscii Input text data to encode as ASCII. (Ignores any chars that are not interpreted as ASCII).

13 Improved Scripts

  • D2O365ComplianceSearch Fixed the file argument not found error.
  • D2O365SearchAndDelete Fixed the file argument not found error.
  • DeleteContext
    • Changed user from limited user to DBot.
    • Added support to keep keys from nested objects and auto-trim for context path.
  • DomainReputation Domain argument marked as default, so script can be executed as ehnancement on Domain indicators.
  • IsEmailAddressInternal Handled context to prevent duplicates.
  • IsValueInArray Improved support for manual execution (parse string array).
  • MatchRegex Added the option to return all matches.
  • PagerDutyAlertOnIncident Updated to match PagerDuty API v2.
  • PagerDutyAssignOnCallUser Updated to match PagerDuty API v2.
  • PanoramaBlockIP Fixed the output types.
  • ParseEmailFiles Fixed header parsing.
  • ParseCSV
    • Added the entryID argument to get the file entry by ID.
    • The file argument is deprecated.
  • IsIPInRanges Improved handling of spaces and new lines in provided IP ranges string.

Incident Fields

Added the In-Reply-To field to the incident details.

Classification & Mapping

New Classification & Mapping

  • Aella Starlight

2 Improved Classification & Mapping

  • EWS v2 Removed default mapping of html-body to prevent the rendering of malicious links.
  • Gmail Gmail classifier.

Demisto v4.0

This content will be available with the official release of Demisto v4.0.


1 Improved Integration

  • Palo Alto WildFire
    • Deprecated the detonate-file-remote and detonate-file commands. Use the WildFire Detonate playbook instead.
    • Added the wildfire-upload-file-remote command.
    • Improved outputs.
    • Added support for multiple inputs for the wildfire-report command.


1 New Script

  • FailedInstances Executes a test for all available integration instances, and returns a detailed table that displays information about failed integration instances.


2 Improved Playbooks

  • Nexpose Scan Assets Fixed playbook inputs.
  • Nexpose Scan Site Added validations.