Demisto Content Release Notes for version 19.8.0 (26837)

Published on 06 August 2019


3 New Integrations

  • Cofense Intelligence Use the Cofense Intelligence integration to check the reputation of URLs, IP addresses, file hashes, and email addresses.
  • Uptycs Use the Uptycs integration to fetch data from the Uptycs database.
  • AWS - Lambda Amazon Web Services Serverless Compute service (lambda).

19 Improved Integrations

  • IBM QRadar
    • Fixed an issue in which the fetch incidents function would fail when there were non-ASCII characters in the data.
    • Fixed an issue in which the fetch incidents function would ignore the filter if the maximum number of offenses set in the instance configuration were fetched in a single fetch.
    • Improved error messages for fetch-incidents.
    • Added the Required Permissions information in the detailed description section.
  • Palo Alto Networks Cortex XDR - Investigation and Response Added instructions in the integration instance Detailed Description section how to generate an API Key, API Key ID, and how to copy the integration URL.
  • Whois
    Added support for Socks and HTTP Connect proxy.
  • Anomali ThreatStream v2
    Fixed an issue with the description argument in the threatstream-create-model command.
  • EWS v2
    • Improved memory resource usage.
    • Added the ews-mark-items-as-read command.
    • Added the Mark fetched emails as read parameter to the integration instance configuration.
    • Improved integration documentation.
    • Fixed an issue with command mapping in which some commands were were not called correctly.
    • Deprecated the detonate-file function.
  • VirusTotal
    Updated outputs with new indicator fields.
  • WhatIsMyBrowser
    The Trust any certificate parameter now works as expected.
  • PhishLabs IOC
    Fixed an issue with the updatedAt field.
  • Palo Alto Networks PAN-OS EDL Management
    Added the pan-os-edl-get-external-file-metadata command. When a non-existent list is specified in the pan-os-edl-update-from-external-file command, the list is automatically created and the file data is saved to the list.
  • Fidelis Elevate Network
    Added 5 new commands.
    • list-metadata
    • get-alert-by-uuid
    • list-alert-by-ip
    • download-malware-file
    • download-pcap-file
  • Palo Alto Networks AutoFocus V2
    • Added to context the status of commands with the following prefixes: autofocus-samples-search, autofocus-sessions-search, and autofocus-top-tags.
    • Improved error handling for cases of no report in the autofocus-sample-analysis command.
    • Improved error handling for retrieving a pending query in the autofocus-samples-search-results command.
  • Imperva Skyfence
    Improved descriptions and integration documentation.
  • Palo Alto Networks PAN-OS
    • Improved error handling for URL filtering licensing.
    • Improved error handling when trying to edit an uncommitted Custom URL category.
    • Added the panorama-list-rules command.
    • Added edl as an option for the object_type argument in the panorama-custom-block-rule command.
  • Proofpoint TAP v2
    Modified the fetch range for the first fetch to 1 hour (the Proofpoint TAP API maximum).
  • Active Directory Query v2
    • The default query now works as expected.
    • The dn argument now works as expected.
    • Added support for custom SSL certificates, by using the Docker environment variable: SSL_CERT_FILE.
  • McAfee ePO
    Added the epo-move-system command.
  • SentinelOne V2
    Added 3 commands.
    • sentinelone-disconnect-agent
    • sentinelone-connect-agent
    • sentinelone-broadcast-message.
  • Awake Security
    The Trust any certificate parameter now works as expected.
  • Cylance Protect v2
    • Improved handling of error messages.
    • Improved logging functionality.
    • Added the Trust any certificate parameter.

Deprecated Integration

  • Phishme Intelligence
    Deprecated. Use the Cofense Intelligence integration instead.


2 Improved Scripts

  • StixParser
    • Fixed an issue in which an unknown STIX pattern corrupts script presentation.
    • Fixed an issue in which duplicate indicators were created.
  • ParseEmailFiles
    • Added support for EML file attachments with a generic "data" type.
    • Added support for smime signed EML file attachments.

Deprecated Script

  • CBSearch
    Deprecated. Use the cb-binary command and the cb-get-processes command instead.


2 New Playbooks

  • Uptycs - Bad IP Incident
    Gets information about processes that open connections to known bad IPs.
  • Uptycs - Outbound Connection to Threat IOC Incident
    Get information about connections from IOC incidents.

Improved Playbooks

  • Process Email - Generic
    Added support for EML file attachments with a generic "data" type.