Demisto Content Release Notes for version 19.8.2 (27827)

Published on 22 August 2019

Integrations

4 New Integrations

  • Have I Been Pwned? v2
    • Replaces the now deprecated Have I Been Pwned? integration. This integration is not backward compatible. You need to delete all existing instances and replace with v2 instances.
    • Added the API Key parameter to instance configuration.
    • Written in Python.
  • Slack v2 (Requires Demisto 5.0) * Use the Slack v2 integration to send messages and notifications to channels and in direct messages, and to mirror investigations between Demisto and Slack.
  • Microsoft Teams (Requires Demisto 5.0) * Use the Microsft Teams integration to send messages and notifications to your team members, and to mirror investigations between Demisto and Teams.
  • C2SEC (Requires Demisto 5.0) * Use the C2SEC integration to add new domains to a portfolio, initiate domain scans, retrieve the stats of a scan, query for domain issues, and retrieve information about leaked credentials, encryption, network and application related vulnerabilities.

16 Improved Integrations

  • IBM QRadar
    Fixed an issue in which users would receive an error message for missing SEC headers.
  • Mail Sender (New)
    Added the additionalHeader argument, which enables you to add custom headers to an email.
  • Cisco AMP
    • Improved integration documentation.
    • Changed the name of the amp_get_computer_trajctory command to amp_get_computer_trajectory.
    • Changed the name of the mp_get_computer_actvity command to mp_get_computer_activity.
  • BlueCat Address Manager
    • Added the bluecat-am-get-range-by-ip command.
    • Improved handling of cases in which an error is returned from querying a non-existing IP address.
  • Anomali ThreatStream
    Improved implementation of the threatstream-email-reputation command, which now returns context, as expected.
  • Palo Alto Networks PAN-OS
    Improved error handling when refreshing an EDL object on a Panorama instance.
  • Windows Defender Advanced Threat Protection
    Improved error messages.
  • IntSights
    Changed the default encoding to UTF-8.
  • dnstwist
    • Added outputs to the dnstwist-domain-variations command.
    • Improved integration documentation.
  • EWS Mail Sender
    • Improved memory resource usage.
    • Improved logging.
  • SentinelOne V2
    Added 5 commands.
    • sentinelone-get-events
    • sentinelone-create-query
    • sentinelone-get-processes
    • sentinelone-shutdown-agent
    • sentinelone-uninstall-agent Fixed the agentIds filter in the get-activities command.
  • Palo Alto Networks AutoFocus V2
    • Added tagGroups output to autofocus-samples-search-results command.
    • Improved handling of cases in which unknown tags are retrieved from the autofocus-tag-details command.
  • VirusTotal
    Added the VirusTotal permanent link to the following commands.
    • url
    • file
    • url-scan
    • file-scan
    • file-rescan
  • ThreatConnect
    Added 8 new commands.
    • tc-get-groups
    • tc-add-group-security-label
    • tc-add-group-tag
    • tc-get-indicator-types
    • tc-group-associate-indicator
    • tc-get-events
    • tc-add-group-attribute
    • tc-create-document-group
  • Atlassian Jira (v2)
    Added support for remote application links.
  • RSA NetWitness v11.1
    Added the fetch_time parameter.

Deprecated Integration

  • Have I Been Pwned?

Scripts

4 New Scripts

  • SumList
    Sums the values of a list. For example, ["25", "10", "25"] => "60".
  • IndicatorRelatedIncientBySeverity Displays a bar chart of the severity of the provided investigation IDs.
  • NumberOfPhishingAttemptPerUser Displays a bar chart of the number of incidents in which the "To" and "From" email addresses appear.
  • PositiveDetectionsVSDetectionEngine Displays a bar chart of the number of positive detections out of the overall detections.

6 Improved Scripts

  • StixParser
    • Added the CVE and Registry Key indicators.
    • Fixed the wrong format ip field.
  • JSONFileToCSV
    • Fixed an issue in error handling.
    • Fixed csv delimiter behavior.
  • EmailDomainSquattingReputation
    Added support for domain arrays as a parameter, including empty domains.
  • ParseCSV
    Fixed an issue in which parsing single-line CSV files returned a No entries message.
  • CommonServerPython
    Added the return_warning command.
  • ParseEmailFiles
    Fixed an issue in which special characters were missing from MSG emails.

Playbooks

New Playbook

  • C2SEC-Domain Scan Initiates a C2SEC scan by domain name, and waits for the scan to finish by polling the scan status in predefined intervals.

Improved Playbook

  • Email Address Enrichment - Generic v2.1
    Fixed an issue in which a filter contained blank domains.

Reputations

  • Added support for non-English languages.
  • Created the new File indicator type. This indicator consolidates all file hashes: MD5, SHA1, SHA256. (Available from Demisto 5.0 *)
  • Added support for asterisk, pipeline, and different dashes in domain and URL indicators.

Layouts

Added layouts for the following indicator types. (Available from Demisto 5.0 *)

  • Account
  • Host
  • CVE
  • Domain
  • Domain2
  • Email
  • ipEscaped
  • IP
  • registryKey
  • unifiedFile
  • URL

* Starred content requires Demisto 5.0, which is available for private beta evaluation. For more information, send a message to beta@demisto.com


Assets