Demisto Content Release Notes for version 19.2.1 (18725)

Published on 19 February 2019

Integrations

5 New Integrations

  • CounterTack CounterTack empowers endpoint security teams to assure endpoint protection for identifying cyber threats.
  • EclecticIQ Platform A threat intelligence platform that connects and interprets intelligence data from open sources, commercial suppliers, and industry partnerships.
  • Fidelis Elevate Network Automate detection and response to network threats and data leakage in your organization.
  • Symantec Endpoint Protection V2 Query the Symantec Endpoint Protection Manager using the official REST API.
  • WhatsMyBrowser Parse user agents and determine if they are malicious as well as enrich information about the agent.

13 Improved Integrations

  • Anomali ThreatStream Fixed an issue with the DBot score.
  • ArcSight ESM
    • Fixed an issue in which fetch incidents creates duplicate incidents.
    • You can now update the severity field when running the as-update-case command.
    • Updated all time outputs to be date field, in Date format, not Epoch.
  • RSA Archer Added the archer-get-valuelist command, which gets a field's value-list.
  • EWS v2 Added the option to search by message-id when running the ews-search-mailbox command.
  • IntSights
    • Added the Sub account ID parameter (for MSSP accounts) to the instance configuration.
    • Added the intsights-mssp-get-sub-accounts command.
  • MISP V2
    • Added the misp-add-sighting command.
    • Added test connection functionality.
  • McAfee Advanced Threat Defense Fixed URL parsing.
  • McAfee Threat Intelligence Exchange Indicators with a DBot reputation score of less than 30 are now set to bad.
  • Microsoft Graph Improved partial content handling.
  • PhishMe Intelligence
    • Reimplemented the way DBot score is calculated.
    • Added 4 threshold parameters to the instance configuration.
    • Added new output paths.
  • urlscan.io Fixed an issue where the insecure setting was ignored during polling.
  • Palo Alto WildFire Improved command outputs.
  • Windows Defender Advanced Threat Protection Added support for OAUTH2 authentication.
Deprecated Integration
  • Symantec Endpoint Protection 14 (Deprecated) Use Symantec Endpoint Protection V2 instead.

Scripts

New Script

  • PcapHTTPExtractor Parses and extracts HTTP flows (requests/responses) from a pcap/pcapng file.

7 Improved Scripts

  • CommonServerPython Added the return_outputs() function, which wraps the demisto.results() function.
  • CopyFileD2 Added overwrite support.
  • D2Drop Added overwrite support.
  • FilterByList The FilterByList script now supports regex items.
  • ReadPDFFile Improved script outputs.
  • RegPathReputationBasicLists
    • Fixed the score given to a RegistryPath.
    • Added outputs.
  • UnEscapeURLs Added handling of Microsoft ATP protected URLs.

Deprecated Script

  • SEPScan Use the sep-scan-endpoint command instead.

Reputations

  • Added reputation value and context paths for IPs, escaped IPs, domains, MD5s, SHA-1s, URLs, and escaped URLs.
  • Removed unnecessary scripts.

Assets