Demisto Content Release Notes for version 19.2.1 (18725)
Published on 19 February 2019
5 New Integrations
CounterTack empowers endpoint security teams to assure endpoint protection
for identifying cyber threats.
- EclecticIQ Platform
A threat intelligence platform that connects and interprets intelligence data from open sources, commercial suppliers, and industry partnerships.
- Fidelis Elevate Network
Automate detection and response to network threats and data leakage in your organization.
- Symantec Endpoint Protection V2
Query the Symantec Endpoint Protection Manager using the official REST API.
Parse user agents and determine if they are malicious as well as enrich information about the agent.
13 Improved Integrations
- Anomali ThreatStream
Fixed an issue with the DBot score.
- ArcSight ESM
- Fixed an issue in which fetch incidents creates duplicate incidents.
- You can now update the severity field when running the as-update-case command.
- Updated all time outputs to be date field, in Date format, not Epoch.
- RSA Archer
Added the archer-get-valuelist command, which gets a field's value-list.
- EWS v2
Added the option to search by message-id when running the ews-search-mailbox command.
- Added the Sub account ID parameter (for MSSP accounts) to the instance configuration.
- Added the intsights-mssp-get-sub-accounts command.
- MISP V2
- Added the misp-add-sighting command.
- Added test connection functionality.
- McAfee Advanced Threat Defense
Fixed URL parsing.
- McAfee Threat Intelligence Exchange
Indicators with a DBot reputation score of less than 30 are now set to bad.
- Microsoft Graph
Improved partial content handling.
- PhishMe Intelligence
- Reimplemented the way DBot score is calculated.
- Added 4 threshold parameters to the instance configuration.
- Added new output paths.
Fixed an issue where the insecure setting was ignored during polling.
- Palo Alto WildFire
Improved command outputs.
- Windows Defender Advanced Threat Protection
Added support for OAUTH2 authentication.
- Symantec Endpoint Protection 14 (Deprecated)
Use Symantec Endpoint Protection V2 instead.
Parses and extracts HTTP flows (requests/responses) from a pcap/pcapng file.
7 Improved Scripts
Added the return_outputs() function, which wraps the demisto.results() function.
Added overwrite support.
Added overwrite support.
The FilterByList script now supports regex items.
Improved script outputs.
- Fixed the score given to a RegistryPath.
- Added outputs.
Added handling of Microsoft ATP protected URLs.
Use the sep-scan-endpoint command instead.
- Added reputation value and context paths for IPs, escaped IPs, domains, MD5s, SHA-1s, URLs, and escaped URLs.
- Removed unnecessary scripts.