Demisto Content Release Notes for version 19.4.1 (21467)

Published on 16 April 2019

Integrations

3 New Integrations

  • Atlassian Jira (v2) Use the Jira integration to manage issues and create Demisto incidents from the projects.
  • Palo Alto Networks Cortex The Cortex framework manages all Palo Alto Networks cloud-based products.
  • Google Cloud Compute Google Compute Engine delivers virtual machines running in Google's innovative data centers and worldwide fiber network. Compute Engine's tooling and workflow support enable scaling from single instances to global, load-balanced cloud computing.

12 Improved Integrations

  • AD Query v2 Fixed an issue when configuring the port parameter.
  • CrowdStrike Falcon Improved wording and descriptions for the platform_name argument in the cs-falcon-search-device command.
  • Fidelis Elevate Network Improved the fetch incidents function.
  • Snowflake Updated documentation and setting descriptions.
  • CrowdStrike Falcon Sandbox Deprecated the crowdstrike-detonate-file command and the crowdstrike-detonate-url command. Use the Crowdstrike Falcon Sandbox - Detonate playbooks instead.
  • McAfee ESM-v10 Improved the fetch incidents function.
  • HashiCorp Vault Fixed fetching credentials.
  • Phish.AI Replaced the url argument with the scan_id argument in the phish-ai-check-status command. You must replace the url argument with the scan_id argument in automations and playbooks. Backward compatibility is not supported. Added outputs that enable the Detonate URL playbook to initiate as expected.
  • Tanium
    • Fixed an issue with testing the integration.
    • Added log messages.
  • VirusTotal - Private API
    • Added a mechanism that supports multiple URLs, for the _vt-private-get-url-report command.
    • Fixed an issue with the API.
    • Added context to _vt-private-get-domain-report, _vt-private-get-file-report, and vt-private-get-url-report commands.
    • Fixed the DBot score in the ip-report command.
    • Added a mechanism that determines if a file or URL are malicious, based on trusted vendors.
  • VirusTotal Added a mechanism that determines whether a file or URL are malicious, based on trusted vendors.
  • Palo Alto Networks WildFire Improved handling of context for the wildfire-report command in cases that hashes contain network data.
Deprecated Integration
  • Atlassian Jira Use the Atlassian Jira v2 integration instead.

Scripts

New Script

  • WordTokenizerNLP Tokenize the words of input text.

7 Improved Scripts

  • ParseEmailFiles Improved how email file types are detected.
  • CommonServerPython
    • Added logger support for Python3.
    • Common code that will be merged into each server script, when it runs.
  • DemistoUploadFile
    • Added a body argument.
    • Improved the script description.
  • DemistoUploadFileToIncident
    • Added a body argument.
    • Improved the script description.
  • ExtractDomainFromUrlAndEmail Executes the UnEscapeURLs script before extracting the domain.
  • UnEscapeIPs The script input now supports arrays.
  • UnEscapeURLs The script input now supports arrays.

Playbooks

6 Improved Playbooks

  • Detonate File - JoeSecurity Added missing outputs.
  • ATD - Detonate File Added missing outputs.
  • Detonate URL - JoeSecurity Added missing outputs.
  • Detonate URL - McAfee ATD Added missing outputs.
  • Detonate URL - Phish.AI
    • Improved playbook implementation.
    • Added outputs.
  • Process Email - Generic Fixed how indicators are extracted.

Assets