Demisto Content Release Notes for version 19.5.1 (23606)

Published on 28 May 2019

Integrations

5 New Integrations

  • AlienVault USM Anywhere Search and monitor alarms and events from AlienVault USM Anywhere.
  • Forescout Unified device visibility and control platform for IT and OT security.
  • PhishLabs IOC Get live feeds of IOC data from PhishLabs.
  • Minerva Labs Anti-Evasion Platform Minerva eliminates the endpoint security gap while empowering companies to embrace technology fearlessly.
  • LogRhythmRest LogRhythm security intelligence.

11 Improved Integrations

  • Image OCR Updated argument descriptions.
  • FireEye HX Fixed an issue that caused an error when running the fireeye-hx-fetch-incidents and fireeye-hx-get-alert commands.
  • FortiGate
    • Fixed an issue with SRC and DST addresses in human readable output.
    • Policy creation now supports multiple sources and destinations.
    • Fixed an issue with the fortigate-update-policy command.
  • IntSights Added the severity_level parameter, which fetches incidents based on the incident severity level.
  • Mail Sender (New) Improved an error message when testing the integration instance.
  • Palo Alto Networks Minemeld Added handling for the addition and removal of multiple indicators on miners.
  • Palo Alto Networks PAN-OS Added the log_forwarding argument to the panorama-create-rule and panorama-custom-block-rule commands. The argument is only available for Panorama instances.
  • Rasterize Added the with_errors parameter, which enables the integration to return warnings instead of errors.
  • EWS Mail Sender Improved error messages.
  • VMRay Deprecated all previous commands, and added new commands.
  • Whois Added a package that enables improved parsing of Whois entries.

3 Deprecated Integrations

  • Secdo - Deprecated Deprecated, use the Palo Alto Networks Cortex integration instead.
  • Palo Alto Networks Magnifier - Deprecated Deprecated, use the Palo Alto Networks Cortex integration instead.
  • Amazon Web Services - Deprecated Changed the integration name to reflect deprecated status.

Scripts

2 New Scripts

  • PhishLabsPopulateIndicators Populate indicators by the PhishLabs IOC global feed.
  • ReadPDFFileV2 Load the content and metadata of a PDF file into context.

3 Improved Scripts

  • ParseEmailFiles Fixed an issue with ParseEmailFiles when there is EML file inside an EML file.
  • FilterByList Added ability to ignore case.
  • StixCreator
    • Added support for registry indicators, CVE CVSS vulnerability and doesn't throw exception on total failure.
    • Added support for the stix2-validator package.

3 Deprecated Scripts

  • VMRay Deprecated, use the Detonate File - VMRay playbook instead.
  • vmray_getResults Deprecated, use the Detonate File - VMRay playbook instead.
  • ReadPDFFile Deprecated, use the ReadPDFFileV2 script instead.

Playbooks

4 New Playbooks

  • Detonate File - FireEye AX Detonate one or more files using the FireEye AX integration. This playbook returns relevant reports to the War Room and file reputations to the context data.
  • PhishLabs - Populate Indicators Populate indicators from PhishLabs, according to a defined period of time.
  • PhishLabs - Whitelist false positives This playbook can be used in a job to whitelist indicators from PhishLabs, which were classified as false positives, according to a defined period of time.
  • Detonate File - VMRay Detonate a file using the VMRay integration.

Improved Playbook

  • Detonate File - Generic Added support for the VMRay and FireEye AX integrations.

Assets