Demisto Content Release Notes for version 19.7.2 (26095)

Published on 23 July 2019

Integrations

6 New Integrations

  • Cisco ISE Use the Cisco ISE integration to get endpoint data, and to manage and update endpoints and ANC policies.
  • Palo Alto Networks Cortex XDR - Investigation and Response Use the Palo Alto Networks Cortex XDR integration to get a list of incidents and detailed incident data, and to update incident fields.
  • Proofpoint TAP v2 Use the Proofpoint Targeted Attack Protection (TAP) integration to protect against and provide additional visibility into phishing and other malicious email attacks.
  • URLhaus Use the URLhaus integration to get information about URLs and domains, and to download malware samples.
  • Atlassian Confluence Server Use the Atlassian Confluence Server API integration to manage your Confluence spaces and content.
  • VulnDB Use the VulnDB integration to get information about vulnerabilities for various products, including operating systems, applications, and so on.

18 Improved Integrations

  • Cisco AMP
    • Changed the name of the Credential parameter to Client ID.
    • Added information in the Detailed Description section on how to generate a Client ID and API Key.
  • MaxMind GeoIP2 The Trust any certificate parameter now works as expected.
  • Rapid7 Nexpose Fixed an issue in the nexpose-get-asset command in which the command fails to handle dates without milliseconds.
  • SumoLogic Fixed an issue with fetching incidents by adding the timeZone parameter.
  • LogRhythmRest Added 5 new commands.
    • lr-get-hosts
    • lr-get-alarm-data
    • lr-get-alarm-events
    • lr-get-networks
    • lr-get-persons
  • Windows Defender Advanced Threat Protection Improved handling of cases when the isAadJoined key is missing from API responses.
  • Netcraft Fixed an issue in the netcraft-report-attack command.
  • Google Vault
    • Improved error handling.
    • Added support for new integration parameters.
      • Use system proxy settings
      • Trust any certificate
  • Zendesk
    • Attachments are now visible in context when you run the zendesk-ticket-details command.
    • Added a test playbook.
  • CVE Search Fixed an issue in which UserAgent was not present in the request.
  • Cisco Umbrella Investigate The Trust any certificate parameter now works as expected.
  • Atlassian Jira (v2) Fixed an issue when fetching incidents in which multiple incidents with the same ticket ID were fetched.
  • EWS Mail Sender Added support for embedding inline images in emails.
  • MISP V2 Added 4 new commands.
    • misp-add-events-from-feed
    • misp-add-ip-object commands
    • misp-add-domain-object commands
    • misp-add-email-object commands
    • misp-add-generic-object commands
  • Vertica Improved connection failure logging.
  • urlscan.io
    • Screenshots are now fetched when the Trust any certificate parameter is selected.
    • The Trust any certificate parameter now works as expected.
  • CrowdStrike Falcon Sandbox
    • Fixed DBot score mapping.
    • Fixed an issue in which an indicator was undefined in DBot context.
  • Okta Fixed an issue in which filters were double encoded, and results are now returned according to the specified filter, as expected.

Scripts

New Script

  • XDRSyncScript This script compares between Demisto incidents and incidents in Palo Alto Networks Cortex XDR, and updates both incidents mutually. This script always uses the xdr-get-incident-extra-data command, and outputs to the entire incident JSON to context. If the incident was updated in Cortex XDR, the Demisto incident will be updated accordingly, and the playbook will rerun. If the incident is updated in Demisto, then the script will execute the xdr-update-incident command and update the incident in Cortex XDR.

Improved Script

  • FindSimilarIncidents Improved wording in the script.

Playbooks

Improved Playbook

  • Process Email - Generic Fixed an issue in which the script rendered an image when there is no HTML in the email.

Assets