Demisto Content Release Notes for version 19.1.2 (17432)

Published on 22 January 2019


4 New Integrations

  • Alexa Rank Indicator Alexa provides website ranking information that can be useful in determining if the domain in question has a strong web presence.
  • MaxMind GeoIP2 Enriches IP addresses.
  • ThreatMiner Discover additional information on IOCs.
  • Google Resource Manager Google Cloud Platform Resource Manager

20 Improved Integrations

  • AWS - CloudTrail Fixed a bug in aws-cloudtrail-lookup-events command.
  • AWS - CloudWatchLogs Improved argument implementation for the region command.
  • AWS - S3 Fixed a bug in the aws-s3-upload-file command.
  • Carbon Black Enterprise Live Response Improved outputs for the cb-directory-listing command.
  • Cybereason
    • Enhanced outputs for the cybereason-query-malops command.
    • Improved implementation of the command cybereason-isolate-machine to match all Cybereason versions.
  • Cylance Protect Enhanced outputs for the cp-download-threat and cylance-protect-download-threat commands.
  • EWS v2 Improved EWS instance configuration.
  • Gmail Improved text conversion for HTML only emails.
  • Hybrid Analysis Added the hybrid-analysis-get-report-status command.
  • Microsoft Graph Implemented OAUTH2 authentication, please see integration documentation for further details.
  • Palo Alto Firewall and Panorama
    • Improved error handling for port configuration.
    • improved implementation of the panorama-custom-block command.
    • Fixed generic rulename given to Security Rules when not supplying a rule name, for several commands.
  • RSA NetWitness v11.1 Fixed a bug in the netwitness-update-incident command.
  • Shodan Added the page argument to the search command.
  • SplunkPy
    • Added the unsecure parameter.
    • Fixed a bug in the command splunk-notable-event-edit.
  • ThreatConnect For the tc-update-indicator command, we added support for the following arguments:
    • falsePositive
    • observations
    • securityLabel
    • threatAssessConfidence
    • threatAssessRating
  • Cisco Threat Grid Added data to raw response for the feeds commands.
  • Windows Defender Advanced Threat Protection Added the microsoft-atp-update-alert command.
  • Rasterize Added the size argument to the rasterize-image command.
  • FireEye HX Added the fireeye-hx-create-indicator command.
  • JASK
  • Improved implementation of fetched incidents
  • Added a parameter which enables you to define the result limit.


5 New Scripts

  • ConvertKeysToTableFieldFormat Converts object keys to match table keys. Use this script when mapping object/collection to a grid (table) field.
  • ExtractIndicatorsFromTextFile Extracts indicators from a text-based file.
  • ExtractIndicatorsFromWordFile Extracts indicators from Word files (DOC, DOCX).
  • ReadPDFFile Loads a PDF file's contents and metadata into context.
  • StringContainsArray Checks whether a substring or an array of substrings is within a string array (each item will be checked).

5 Improved Scripts

  • ExtractIndicatorsFromTextFile Updated the script to use the enhanced extractIndicators command.
  • IsMaliciousIndicatorFound Added support for Email and Domain indicators.
  • ParseCSV Improved handling of null byte character.
  • Ping Updated the script to use native ping utility.
  • ReadPDFFile Updated the script to use the enhanced extractIndicators command.


New Playbook

  • Detonate File - HybridAnalysis Detonates one or more files using the Hybrid Analysis integration.

5 Improved Playbooks

  • Calculate Severity - Critical assets Replaced use of the StringContains script with a new filter.
  • Detonate File - Generic Added the Hybrid Analysis detonate file playbook.
  • Extract Indicators From File - Generic The playbook now utilizes the new feature of extracting indicators from Word documents.
  • Get File Sample By Hash - Cylance Protect Added support fo Cylance Protect v2 and Cylance Protect v1 integrations.
  • Get File Sample From Hash - Generic Added MD5 and SHA-256 inputs to the playbook.