Demisto Content Release Notes for version 19.3.0 (19237)

Published on 05 March 2019

Integrations

6 New Integrations

  • Active Directory Query v2 Active Directory Query integration enables you to access and manage Active Directory objects (users, contacts, and computers).
  • Azure Compute Create and manage Azure Virtual Machines.
  • Azure Security Center Unified security management and advanced threat protection across hybrid cloud workloads.
  • ArcSight ESM v2 ArcSight ESM SIEM by Micro Focus (formerly HPE Software).
  • Thinkst Canary By presenting itself as an apparently benign and legitimate service, the Canary draws the attention of unwanted activity. When someone trips one of the Canary's triggers, an alert is sent to notify the responsible parties so that action can be taken before valuable systems in your network are compromised.
  • Exchange 2016 Compliance Search Exchange Server 2016 Compliance Search enables you to search for and delete an email message from all mailboxes in your organization.

32 Improved Integrations

  • Anomali ThreatStream Added Push Indicators functionality.
  • RSA Archer Added the archer-reset-cache command, which resets the integration cache.
  • Check Point Firewall Improved entries and outputs.
  • CounterTack Updated output descriptions.
  • CVE Search The integration is now disabled by default.
  • Gmail Fixed the from argument in the gmail-add-filter command.
  • Hybrid Analysis The integration is now disabled by default.
  • ipinfo The integration is now disabled by default.
  • LogRhythm You can now add the server URL as an integration instance parameter.
  • MISP V2 Improved handling of warning messages from PyMISP.
  • McAfee Active Response Added several new commands.
  • Mimecast Fixed potential bug in mimecast-list-managed-url.
  • okta Implemented aesthetic improvements.
  • OpenPhish The integration is now disabled by default.
  • Palo Alto Minemeld Improved error handling.
  • PhishTank The integration is now disabled by default.
  • RSA NetWitness v11.1 Fixed an issue with the netwitness-update-incident command in which the assignee argument was ignored.
  • RTIR Fixed a certification verification error.
  • Check Point Sandblast Cloud Services Fixed test button, so that it will fail if the user is out of quota.
  • ServiceNow
    • Custom fields work as expected.
    • Improved indication of errors when fetching incidents.
    • Improved handling of the No Record Found error.
  • SplunkPy Fixed an issue with the command splunk-search, when the result contained unicode values.
  • Symantec Endpoint Protection V2 Added lastScanTime to output in the sep-endpoints-info.
  • Symantec Advanced Threat Protection Fixed output for the satp-files command in cases when ATP has not seen the file.
  • Threat Crowd The integration is now disabled by default.
  • Cisco Threat Grid The threat-grid-upload-sample now works as expected with file names that contain new line characters.
  • urlscan.io The integration is now disabled by default.
  • urlscan.io Added the wait and retries rate limit arguments to the url command.
  • VirusTotal Improved error handling and parameters checks.
  • Whois The integration is now disabled by default.
  • IBM X-Force Exchange 401 error handling.
  • dnstwist Added an option to specify the whois argument for the dnstwist-domain-variations command.
  • FireEye (AX Series) Fixed a client token parameter issue.
Deprecated Integration
  • ArcSight ESM Use the ArcSight ESM v2 integration instead.

Scripts

3 Improved Scripts

  • FindSimilarIncidents Fixed escaping of special characters.
  • FindSimilarIncidentsByText Improved algorithm with short texts.
  • ShowScheduledEntries The script does not return tasks that have completed schedules.

8 Deprecated Scripts

  • ADGetComputer Use the ad-get-computer command instead.
  • ADGetGroupMembers Use the ad-get-group-members command instead.
  • ExtractDomain Use the extractIndicators command instead.
  • ExtractEmail Use the extractIndicators command instead.
  • ExtractHash Use the extractIndicators command instead.
  • ExtractIP Use the extractIndicators command instead.
  • ExtractURL Use the extractIndicators command instead.
  • InviteUser Use the DemistoSendInvite script instead.

Playbooks

New Playbook

  • Exchange 2016 Search and Delete Run a compliance search in Exchange Server 2016 and delete the results.

5 Improved Playbooks

  • ArcsSight - Get events related to the Case The playbook now supports ArcSight ESM v2.
  • Malware Investigation - Generic - Setup Updated the tests comment.
  • SentinelOne - Endpoint data collection Added a task that checks if SentinelOne is enabled.
  • DeDup incidents The condition that checks if there is a context key is now set to true.
  • Detonate File - ThreatGrid
    • Fixed handling of file types.
    • The playbook only detonates files larger than 0 KB.

7 Deprecated Playbooks

  • Account Enrichment Use the Account Enrichment - Generic playbook instead.
  • Detonate files Use the Detonate File - Generic playbook instead.
  • Enrichment Playbook Use the Entity Enrichment - Generic playbook instead.
  • Extract Indicators - Generic Use the extractIndicators command instead.
  • Incident Enrichment Use the Default playbook instead.
  • Phishing Playbook - Automated Use the Phishing investigation - Generic playbook instead.
  • Process Email Use the Process Email - Generic playbook instead.

Assets