Demisto Content Release Notes for version 19.2.2 (18802)

Published on 21 February 2019

Integrations

5 New Integrations

  • CounterTack CounterTack empowers endpoint security teams to assure endpoint protection for identifying cyber threats.
  • EclecticIQ Platform A threat intelligence platform that connects and interprets intelligence data from open sources, commercial suppliers, and industry partnerships.
  • Fidelis Elevate Network Automate detection and response to network threats and data leakage in your organization.
  • Symantec Endpoint Protection V2 Query the Symantec Endpoint Protection Manager using the official REST API.
  • WhatsMyBrowser Parse user agents and determine if they are malicious as well as enrich information about the agent.

13 Improved Integrations

  • Anomali ThreatStream Fixed an issue with the DBot score.
  • ArcSight ESM
    • Fixed an issue in which fetch incidents creates duplicate incidents.
    • You can now update the severity field when running the as-update-case command.
    • Updated all time outputs to be date field, in Date format, not Epoch.
  • RSA Archer Added the archer-get-valuelist command, which gets a field's value-list.
  • EWS v2 Added the option to search by message-id when running the ews-search-mailbox command.
  • IntSights
    • Added the Sub account ID parameter (for MSSP accounts) to the instance configuration.
    • Added the intsights-mssp-get-sub-accounts command.
  • MISP V2
    • Added the misp-add-sighting command.
    • Added test connection functionality.
  • McAfee Advanced Threat Defense Fixed URL parsing.
  • McAfee Threat Intelligence Exchange Indicators with a DBot reputation score of less than 30 are now set to bad.
  • Microsoft Graph Improved partial content handling.
  • PhishMe Intelligence
    • Reimplemented the way DBot score is calculated.
    • Added 4 threshold parameters to the instance configuration.
    • Added new output paths.
  • urlscan.io Fixed an issue where the insecure setting was ignored during polling.
  • Palo Alto WildFire Improved command outputs.
  • Windows Defender Advanced Threat Protection Added support for OAUTH2 authentication.
Deprecated Integration
  • Symantec Endpoint Protection 14 (Deprecated) Use Symantec Endpoint Protection V2 instead.

Scripts

New Script

  • PcapHTTPExtractor Parses and extracts HTTP flows (requests/responses) from a pcap/pcapng file.

7 Improved Scripts

  • CommonServerPython Added the return_outputs() function, which wraps the demisto.results() function.
  • CopyFileD2 Added overwrite support.
  • D2Drop Added overwrite support.
  • FilterByList The FilterByList script now supports regex items.
  • ReadPDFFile Improved script outputs.
  • RegPathReputationBasicLists
    • Fixed the score given to a RegistryPath.
    • Added outputs.
  • UnEscapeURLs Added handling of Microsoft ATP protected URLs.

Deprecated Script

  • SEPScan Use the sep-scan-endpoint command instead.

Reputations

  • Added reputation value and context paths for IPs, escaped IPs, domains, MD5s, SHA-1s, URLs, and escaped URLs.
  • Removed unnecessary scripts.

Breaking Changes

ArcSight ESM instance configuration settings deleted If you installed Content Release v19.2.1 (18725), certain ArcSight ESM instance parameters might have been deleted in the instances configured before installing this content version.


Assets