Demisto Content Release Notes for version 19.3.1 (19965)

Published on 19 March 2019

Integrations

New Integrations

  • DUO Admin Manage administrative functionality of DUO Security's two-factor authentication platform.

11 Improved Integrations

  • Active Directory Query v2
    • Added the context-output argument to the ad-search command. If the argument is set to no, the command will not output results.
    • Improved functionality of the size-limit argument in the ad-search command.
  • ArcSight ESM v2
    • Added the newparameter parameter, which defines the maximum number of unique case IDs to fetch.
    • Improved representation of ArcSight fields in the context.
    • For the as-get-case-event-ids command, added a flag that gets correlated events .
  • Cybereason Added the machinename argument to the cybereason-malop-processes command.
  • Gmail Improved fetched incidents functionality.
  • Luminate Added severity to fetched incidents.
  • Phish.AI Added the phish-ai-dispute-url command.
  • ProtectWise Fixed a context output issue, which caused inaccessible items to be available in context.
  • Symantec Advanced Threat Protection Fixed output for the satp-files command in cases when the file was not previously seen in ATP.
  • Whois The integration is now disabled by default.
  • Palo Alto Networks WildFire Improved error handling for the wildfire-report command.
  • Zscaler Added the Use system proxy settings checkbox to the integration configuration. By default, the checkbox is selected. If you do not want to use system proxy settings, make sure you clear this checkbox.

Scripts

New Script

  • CheckDockerImageAvailable Checks if a Docker image is available for performing Docker pull. The script simulates the Docker pull flow, but doesn't actually pull the image.

6 Improved Scripts

  • ParseEmailFiles
    • EML files nested within EML files, and MSG files nested within MSG files are now extracted and parsed.
    • Use the HeadersMap (key-value structure) for output instead of Headers.
    • Added the parse_only_headers argument (set to true) to parse only headers.
  • ExtractDomainFromUrlAndEmail Fixed domain extraction functionality when working with subdomains in an email.
  • ExtractIndicatorsFromWordFile
    • Fixed an encoding issue.
    • Added support for encoding to UTF-8 when displaying the data.
  • FindSimilarIncidents Future incidents are now ignored.
  • ParseCSV Added support for non-UTF-8 codec.
  • RegPathReputationBasicLists Fixed score output.

Deprecated Script

  • ParseEmailHeaders Use the ParseEmailFiles script instead. You need to specify parse_only_headers=true.

Playbooks

2 Improved Playbooks

  • Detonate File - HybridAnalysis The playbook now checks for an active integration instance enabled.
  • Process Email - Generic
    Improved detection of EML and MSG files as attachments.

Widgets

8 New Widgets

  • Active Incidents Assigned by User
  • Active Incidents by Role
  • Active Incidents - Line chart
  • Active Incidents - Pie chart
  • Closed Incidents by Role
  • Unassigned Active Incidents
  • Unassigned Closed Incidents
  • Unassigned Pending Incidents

8 Improved Widgets

  • Average Incident Duration by Role (Avg) Improved the query and updated the widget name.
  • Incidents By Close Reason Improved the query and updated the widget name.
  • Incidents Occurred Per Day Improved the query and updated the widget name.
  • Incidents by Role Improved the query and updated the widget name.
  • Incidents Top Close Analysts Improved the query and updated the widget name.
  • MTTR by Type Improved the query and updated the widget name.
  • MTTR Occurred by Type Improved the query and updated the widget name.
  • Top Active Playbooks Improved the query and updated the widget name.
4 Removed Widgets
  • ActiveIncidentByType
  • ActiveIncidentsBySeverity
  • IncidentsAssignedByUser
  • Mttr

Assets