Cortex XSOAR Content Release Notes for version 20.11.0 (181764)

Published on 10 November 2020

Breaking Changes

Several packs include breaking changes.

New: Anomali Enterprise Pack v1.0.0

Integrations

Anomali Enterprise

Use Anomali Enterprise to search indicators and enrich domains.

Playbooks

Anomali Enterprise Forensic Search

Initiates a forensic search on IOCs in Anomali Enterprise.


New: Barracuda Pack v1.0.0 (Community Contributed)

Integrations

Barracuda Reputation Block List (BRBL)

Enables reputation checks against IP addresses from the Barracuda Reputation Block List (BRBL).


New: ConcentricAI Pack v1.0.0 (Partner Supported)

Classifiers

ConcentricAi

Classifies incoming incidents in Cortex XSOAR.

ConcentricAi-mapper

Maps incoming Concentric alert fields.

Incident Types

ConcentricAI Security Event

Integrations

ConcentricAI

Concentric’s Semantic Intelligence™ solution discovers and protects business critical, unstructured data. The solution uses deep learning to identify risky sharing, inappropriate third party access, assets in the wrong location, mis-classified documents, or lateral movement of data – all without rules or complex upfront configuration.

Playbooks

ConcentricAI Demo Playbook

This playbook shows how to handle a risk incident and fetch all appropriate file details related to it along with user details for the owner of the file.


New: EmailRepIO Pack v1.0.0

Integrations

EmailRep.io

Provides reputation and reports for email addresses.


New: ExtFilter Pack v1.0.0 (Community Contributed)

Scripts

ExtFilter

Enables you to create filters with complex conditions.


New: FireEyeNX Pack v1.0.0

Classifiers

FireEye NX - Classifier

Classifies FireEye NX incidents.

FireEye NX Incoming Mapper

Maps incoming FireEye NX incident fields.

Incident Fields

  • FireEye NX Alert Action - Action of the alert.
  • FireEye NX Alert ID - ID of the alert.
  • FireEye NX Alert Malware Name - Malware name of the alert.
  • FireEye NX Alert SC Version - SC version of the alert.
  • FireEye NX Alert Target IP - Destination IP address of the alert.
  • FireEye NX Alert Target MAC Address - Destination MAC address of the alert.
  • FireEye NX Alert Target Port - Destination port address of the alert.
  • FireEye NX Alert Type - The type of the alert.
  • FireEye NX Alert URL - URL of the alert.
  • FireEye NX Alert UUID - UUID of the alert.
  • FireEye NX Alert Victim IP - Source IP address of the alert.
  • FireEye NX Alert Victim MAC Address - Source MAC address of the alert.
  • FireEye NX Alert Victim Port - Source port address of the alert.
  • FireEye NX Event Attacker IP - Destination IP address of the event.
  • FireEye NX Event CVE ID - CVE ID of the event.
  • FireEye NX Event Destination MAC Address - Destination MAC address of the event.
  • FireEye NX Event Destination Port - Destination port address of the event.
  • FireEye NX Event ID - ID of the event.
  • FireEye NX Event Rule - Rule of the event.
  • FireEye NX Event Source MAC Address - Source MAC address of the event.
  • FireEye NX Event Victim IP - Source IP address of the event.
  • FireEye NX Event Victim Port - Source port of the event.

Incident Types

  • FireEye NX Alert
  • FireEye NX IPS Event

Integrations

FireEye NX

FireEye Network Security is an effective cyber threat protection solution that helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted, and other evasive attacks hiding in internet traffic.

Layouts

  • FireEye NX Alert - Summary
  • FireEye NX IPS Event - Summary
  • FireEye NX Alert - Mobile
  • FireEye NX IPS Event - Mobile
  • FireEye NX Alert - Quick View
  • FireEye NX IPS Event - Quick View

New: Pulsedive Pack v1.0.0 (Community Contributed)

Integrations

Pulsedive

Enriches and analyzed any domain, URL, or IP address. Pivot to search on data points and linked indicators to investigate risky properties.


New: Shift Management - Assign to Next Shift Pack v1.0.0 (Community Contributed)

Playbooks

Assign Active Incidents to Next Shift

This playbook reassigns active incidents to the current users on call. It requires shift management to be setup. You can run this as a job a few minutes after the scheduled shift change occurs.

You can update the playbook input with a different search query. It will branch if there are no incidents that match the query and no users on call.

By default, the query returns 100 search result incidents.

Scripts

AssignToNextShift

Randomly assigns the incidents to users on call. (Requires shift management to be set up.)

The input is a comma-separated list of incident IDs.


AWS - ACM Pack v1.0.2

Integrations

AWS - ACM
  • Fixed an issue where moving the integration to STS failed if the access key was previously populated.
  • Updated the Docker image to: demisto/boto3py3:1.0.0.13191.

AWS - AccessAnalyzer (Beta) Pack v1.0.3

Integrations

AWS - AccessAnalyzer (Beta)

Fixed an issue where moving the integration to STS failed if the access key was previously populated.


AWS - Athena (Beta) Pack v1.0.2

Integrations

AWS - Athena (Beta)

Fixed an issue where moving the integration to STS failed if the access key was previously populated.


AWS - CloudTrail Pack v1.0.3

Integrations

AWS - CloudTrail
  • Fixed an issue where datetime objects were mishandled in the aws-cloudtrail-lookup-events command.
  • Fixed an issue where moving the integration to STS failed if the access key was previously populated.
  • Updated the Docker image to: demisto/boto3:2.0.0.13188.

AWS - EC2 Pack v1.1.4

Integrations

AWS - EC2
  • Fixed an issue where moving the integration to STS failed if the access key was previously populated.
  • Updated the Docker image to: demisto/boto3:2.0.0.13188.

AWS - IAM Pack v1.0.1

Integrations

AWS - IAM
  • Fixed an issue where moving the integration to STS failed if the access key was previously populated.
  • Updated the Docker image to: demisto/boto3:2.0.0.13188.

AWS - Lambda Pack v1.0.2

Integrations

AWS - Lambda
  • Fixed an issue where moving the integration to STS failed if the access key was previously populated.
  • Updated the Docker image to: demisto/boto3py3:1.0.0.13191.

AWS - S3 Pack v1.0.3

Integrations

AWS - S3
  • Fixed an issue where the aws-s3-get-bucket-policy command failed if the policy did not have an ID.
  • Fixed an issue where moving the integration to STS failed if the access key was previously populated.
  • Updated the Docker image to: demisto/boto3:2.0.0.13188.

AWS - Security Hub Pack v1.0.3

Integrations

AWS - Security Hub
  • Fixed an issue where moving the integration to STS failed if the access key was previously populated.
  • Updated the Docker image to: demisto/boto3py3:1.0.0.13191.

AWS Feed Pack v1.0.6

Classifiers

AWS Feed - Classifier

Fixed an issue where the classifier's ID was incorrect.

AWS Feed - Incoming Mapper

Fixed an issue where the mapper's ID was incorrect.

Integration

AWS Feed

Updated the Docker image to: demisto/jmespath:1.0.0.12410.


Active Directory Query Pack v1.1.0

Classifiers

New: User Profile - Active Directory (Outgoing)

Maps User Profile data to Active Directory user data.

New: User Profile - Active Directory (Incoming)

Maps Active Directory user data to User Profile data.

Integrations

Active Directory Query v2
  • Added the following CRUD commands, which support use cases for the IAM premium pack.
    • create-user
    • get-user
    • update-user
    • enable-user
    • disable-user
  • Fixed an issue where setting the attributes argument to "*" did not work in the search-computer command.
  • Updated the integration description.

Script

New: IAMInitADUser

Generates a password, sets an AD user account with this password, and enables the account. It then sends an email to the user with tha account information. This script runs the send-mail command. You must configure a matching integration.

New: Generate_AD_Password

This scripts generates a 12 letter password, that contains letters, numbers, and symbols.


Amazon DynamoDB Pack v1.0.3

Integrations

Amazon DynamoDB
  • Fixed an issue where moving the integration to STS failed if the access key was previously populated.
  • Updated the Docker image to: demisto/boto3py3:1.0.0.13191.

Anomali ThreatStream Pack v1.0.6

Integrations

Anomali ThreatStream v2
  • Fixed an issue where the DBotScore vendor was set to Analyst instead of ThreatStream.
  • Updated the Docker image to: demisto/emoji:1.0.0.12410.
  • Updated the integration image.

AutoFocus Pack v1.1.9

Integrations

Palo Alto Networks AutoFocus v2

Updated the following reputation commands to return a different result for each indicator.

  • ip
  • url
  • domain
  • file

Azure Compute Pack v1.0.2

Integrations

Azure Compute v2

Maintenance and stability enhancements.


Azure Log Analytics Pack v1.0.1

Integrations

Azure Log Analytics (Beta)

Maintenance and stability enhancements.


Azure Security Center Pack v1.1.3

Integrations

Azure Security Center v2

Maintenance and stability enhancements.


AzureSentinel Pack v1.0.3

Integrations

Azure Sentinel (Beta)

Maintenance and stability enhancements.


Base Pack v1.3.33

Scripts

CommonServerPython
  • Deprecated CommandResults.indicators, which is replaced by CommandResults.indicator.
  • Fixed an issue where the tableToMarkdown method mishandled pipe characters (|) in the table headers.
  • Added support for lists of CommandResults objects in the return_results function.
  • Added ACCOUNT to DBotScoreType.
  • Added Account indicator context to Common.
  • Improved sensitive data masking in the logger object.
  • Improved initial logging for debug-mode.
  • Maintenance and stability enhancements.
GetMLModelEvaluation

Fixed a bug related to metrics display.

DBotTrainTextClassifierV2

Converted the script to Python 3.

DBotPredictPhishingWords

Converted the script to Python 3.

SanePdfReports
  • Updated the script to stop all Chromium zombie processes when the script finishes.
  • Updated the Docker image to: demisto/sane-pdf-reports:1.0.0.13239.
SaneDocReportsV2

Updated the Docker image to: demisto/sane-doc-reports:1.0.0.13194.

CommonServerPowerShell
  • Fixed a bug in tableToMarkdown where boolean values of False were not shown.
  • Fixed parsing of nested lists in tableToMarkdown.

Carbon Black Cloud Enterprise EDR Pack v1.1.0

Integrations

VMware Carbon Black Enterprise EDR
  • Added the following commands.
    • cb-eedr-process-search - Creates a process search job.
    • cb-eedr-process-search-results - Retrieves the process search results for a given job ID.
    • cb-eedr-events-by-process-get - Retrieves the events associated with a given process.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.

Playbooks

Added the Carbon Black EDR Search Process generic polling playbook, which enables you to search a process by query or parameters.


Check Point Firewall Pack v2.0.3

Integrations

Check Point Firewall v2

Added the checkpoint-package-list command, which enables you to retrieve a detailed list of Checkpoint packages.


Cisco Email Security (Beta) Pack v1.0.1

Integrations

Cisco Email Security (Beta)
  • Fixed an issue where test-module failed on an incorrect timeout argument.
  • In the cisco-email-security-messages-search command, the timestamp column is now the first column.
  • Made several improvements to the cisco-email-security-report-get command.
    • Updated the descriptions for the start date and end date arguments to state that the minutes and seconds needs to be "00".
    • Added the device group name argument. The argument's initial value is Hosted_Cluster. Also fixed an issue where this command always returned the results as zero.
    • Fixed an issue where some counters returned an error.

Cisco Threat Grid Pack v1.1.2

Integrations

Cisco Threat Grid

Maintenance and stability enhancements.


Common Scripts Pack v1.2.74

Scripts

SetGridField

Fixed an issue where the script did not display single dictionary outputs correctly.

UnzipFile
  • Fixed an issue where the script failed to extract files with long filenames from zip files.
  • Updated the Docker image to: demisto/unzip:1.0.0.12410.
FeedRelatedIndicatorsWidget
  • You can now use links, strings, and comma-separated lists of links and strings in the Description field.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.
ParseEmailFiles
  • Fixed an issue where the sending address was invalid in case the email's 'From' header contained '\r\n'.
  • Fixed an issue where the script raised an error for emails with an empty file content.
  • Fixed an issue where the script does not decode the content payload with its charset.
AfterRelativeDate

Fixed an issue where the script was not initiated properly.

ExtractDomainAndFQDNFromUrlAndEmail
  • Fixed an issue where the script created an empty domain indicator.
  • Updated the Docker image to: tld:1.0.0.12410.
ExtractIndicatorsFromTextFile

Fixed an issue where .txt files with Portuguese characters were not parsed successfully.


Common Types Pack v2.2.1

Incident Fields

  • Added the following incident fields:
    • Personal Email
    • Title
    • Job Family
    • Job Function
    • Location Region
    • Work Phone
    • Cost Center
    • Job Code
    • Zip Code
    • Event Action
  • Added association to the IAM incident type.
    • State
    • City
    • Username

Indicator Fields

  • Added the following indicator fields:
    • Mobile Phone
    • Manager Name
    • Manager Email Address
    • Location
    • Department
    • Surname
    • Email
    • Street Address
    • Leadership
    • Country Name
    • City
    • Given Name
    • State
    • Cost Center Code
  • Display Name - Added association to the User Profile indicator type.

Layouts

STIX Report

  • Report details section is now divided into two new sections: XSOAR Details and STIX Report Details.
  • The Actions section was removed.

Compliance Pack v1.0.6

Incident Fields

Management Notification - Added association to US Breach Notification.


CrowdStrike Falcon Pack v1.2.6

Integrations

CrowdStrike Falcon
  • Added the Incidents fetch query integration parameter to allow incidents and detections to be filtered separately.
  • Fixed an issue where the same incidents were fetched multiple times.
  • Fixed an issue where the cs-falcon-list-incident-summaries command printed incorrect information.

CrowdStrike Falcon Intel Pack v2.0.7

Integrations

CrowdStrike Falcon Intel v2
  • Updated the following commands to return a different result for each indicator:
    • ip
    • url
    • file
    • domain
    • cs-indicators
  • The following commands now support a comma-separated list of values:
    • url
    • file
    • ip
    • domain
  • Maintenance and stability enhancements.

CrowdStrike Falcon Streaming Pack v1.0.10

Integrations

CrowdStrike Falcon Streaming v2
  • Added handling for cases where the integration cache contained data of an unexpected type by converting it to the proper state.
  • Updated the Docker image to: demisto/aiohttp:1.0.0.12815.

Crowdstrike Falcon Intel Feed Pack v1.0.2

Integrations

Crowdstrike Falcon Intel Feed
  • Documentation and metadata improvements.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.

CyberTotal Pack v1.0.2 (Partner Supported)

Integrations

CyberTotal

Updated the following reputation commands to return a different result for each indicator:

  • ip

  • url

  • domain

  • file


Cylance Protect Pack v1.0.1

Integrations

Cylance Protect v2
  • Fixed an issue where arguments' names in the python code, such as pageNumber and pageSize, did not match the arguments' names in the configuration file.
  • Updated the Docker image to: demisto/pyjwt:1.0.0.12779.

EWS Pack v1.4.0

Integrations

EWS v2
  • Improved the implementation of the Trust any certificate (not secure) parameter to start immediately and not on container restart when clearing the parameter checkbox.
  • Fixed an issue where the fetch-incidents command failed due to protected emails.
EWS O365

Maintenance and stability enhancements.


ExtFilter Pack v1.0.1

Playbooks

Test - ExtFilter Main

Removed the DeleteContext task from the playbook.


ExtraHop Reveal(x) Pack v1.0.5 (Partner Supported)

Layouts

ExtraHop Detection

  • Updated the incident information layout to content pack format.
  • Removed the legacy summary.

Playbooks

ExtraHop - Default

Reference the new Ticket Tracking v2 playbook.


Farsight DNSDB Pack v2.1.0 (Partner Supported)

Integrations

Farsight DNSDB v2
  • Add raw to the following commands:
    • dnsdb-rdata
    • dnsdb-summarize-rdata
  • Updated DNSDB API version 2 with Flexible Search.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.

FireEye Feed Pack v2.0.0

Integrations

FireEye Feed

FireEye Feed is now used as an incremental feed.


Genians Pack v1.0.2 (Partner Supported)

Integrations

Genians
  • Description and content modification.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.

Get License ID Pack v1.0.1

Scripts

GetLicenseID
  • Fixed the context output to match the output definition of License.ID.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.

Gmail Pack v1.1.1

Integrations

Gmail
  • Added the following commands:
    • gmail-send-as-add - Creates a custom "from" send-as alias.
    • gmail-forwarding-address-add - Creates a forwarding address.
  • Added new arguments in the gmail-set-autoreply command.
  • Updated the Docker image to: demisto/google-api:1.0.0.12690.
  • Fixed an issue where the test-module didn't run properly with fetch incidents.

HelloWorld Pack v1.1.12

Integrations

HelloWorld

The following commands were changed to return multiple entries (entry per indicator) instead of a single entry:

  • ip
  • domain
  • helloworld-scan-results

IBM QRadar Pack v1.1.7

Integrations

IBM QRadar v2
  • Reverted the integration cache handling changes made in version 1.1.4.
  • Added the LinkToOffense field to fetched incidents. It links to the offense in the QRadar console.
  • Fixed an issue where the source argument did not work when passing more than one value to the qradar-update-reference-set-value command.
IBM QRadar

Fixed an issue where the source argument did not work when passing more than one value to the qradar-update-reference-set-value command.


Integrations & Incidents Health Check Pack v1.1.5

Playbooks

JOB - Integrations and Playbooks Health Check

Fixed the report name.

Scripts

GetFailedTasks
  • Updated the Docker image to the latest version.
  • Maintenance and stability enhancements.

MITRE ATT&CK Pack v1.1.6

Integrations

MITRE ATT&CK Feed
  • Fixed an issue where the mitrecreated and mitremodified fields were not populated correctly.
  • Updated the Docker image to: demisto/taxii2:1.0.0.12410.

Machine Learning Pack v1.2.1

Scripts

HashIncidentsFields

Fixed an issue where custom fields were returned by default as part of the incident object.


Manage Engine Service Desk Plus Pack v1.2.1

Integrations

Service Desk Plus
  • Updated the assign and close API endpoints because the previous ones are scheduled to be deprecated on November 15th, 2020.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.

Micro Focus Service Manager Pack v1.0.2

Integrations

Micro Focus Service Manager

Added the customFields argument to the hpsm-create-incident command.


Microsoft Cloud App Security Pack v1.0.9

Integrations

Microsoft Cloud App Security
  • Breaking Change: The microsoft-cas-activities-list command now returns multiple entries (entry per indicator) instead of a single entry.
  • Fixed an issue where fetch-incident ignored the First fetch time integration parameter and fetched the same incident multiple times.
  • Documentation and metadata improvements.
Microsoft Cloud App Security_test
  • Fixed an issue where fetch-incident would fetch the same incident multiple times.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.

Microsoft Defender Advanced Threat Protection Pack v1.2.4

Integrations

Microsoft Defender Advanced Threat Protection

Maintenance and stability enhancements.


Microsoft Graph Calendar Pack v1.0.3

Integrations

Microsoft Graph Calendar

Maintenance and stability enhancements.


Microsoft Graph Device Management Pack v1.0.3

Integrations

Microsoft Graph Device Management (Microsoft Intune)

Maintenance and stability enhancements.


Microsoft Graph Files Pack v1.0.2

Integrations

Microsoft Graph Files

Maintenance and stability enhancements.


Microsoft Graph Groups Pack v1.0.2

Integrations

Microsoft Graph Groups

Maintenance and stability enhancements.


Microsoft Graph Mail Pack v1.0.13

Integrations

Microsoft Graph Mail
  • Added the Message ID field to the msgraph-mail-list-emails command output.
  • Fixed an issue where the fetch-incidents command failed on emails with reference attachments.
  • Fixed an issue where the received email headers were empty.
  • Improved the last fetch timestamp calculation in the fetch incidents flow.
  • Updated the Docker image to: demisto/crypto:1.0.0.12979.
  • Maintenance and stability enhancements.

Microsoft Graph Mail Single User Pack v1.0.9

Integrations

Microsoft Graph Mail Single User
  • Added support for the self deployed option.
  • Improved the last fetch timestamp calculation in the fetch incidents flow.
  • Updated the Docker image to: demisto/crypto:1.0.0.12979.

Microsoft Graph Security Pack v2.0.4

Integrations

Microsoft Graph Security

Maintenance and stability enhancements.


Microsoft Graph User Pack v1.3.4

Integrations

Microsoft Graph User

Maintenance and stability enhancements.


Microsoft Management Activity API (O365/Azure Events) Pack v1.1.2

Integrations

Microsoft Management Activity API (O365 Azure Events)

Maintenance and stability enhancements.


OTRS Service Management XSOAR Pack Pack v1.0.2

Integrations

OTRS
  • Fixed an issue where the integration created a new session each time a command was executed.
  • Updated the Docker image to: demisto/pyotrs:1.0.0.12421.

OpenLDAP (Beta) Pack v1.0.2

Integrations

OpenLDAP (Beta)

Added the User Defined Attributes parameter, which enables you to specify attributes in the user query filter.


OpenPhish Pack v2.0.1

Integrations

New: OpenPhish v2

Breaking Change: The url command now returns multiple entries (entry per indicator) instead of a single entry.


PAN-OS Pack v1.6.4

Integrations

Palo Alto Networks PAN-OS
  • Fixed an issue where the panorama-get-url-category-from-host command failed when querying a URL.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.
  • Documentation and metadata improvements.

Palo Alto Networks Cortex XDR - Investigation and Response Pack v2.4.8

Integrations

Palo Alto Networks Cortex XDR - Investigation and Response
  • Maintenance and stability enhancements.
Palo Alto Networks Cortex XDR - Investigation and Response rate limit
  • Improved handling the API rate limit error during the fetch incidents process. The integration will not fail, but will create the remaining incidents in the next fetch.
  • Improved handling of the API rate limit error in the incoming mirroring process. The sync loop will be stopped and will resume from the last incident.

Palo Alto Networks PAN-OS EDL Service Pack v1.0.4

Integrations

Palo Alto Networks PAN-OS EDL Service
  • Fixed an issue where an error was raised if there were no results for the indicators query.
  • Updated the Docker image to: demisto/teams:1.0.0.13080.

Phishing Pack v1.10.7

Scripts

PhishingDedupPreprocessingRule
  • Added support to recognize emails as duplicate when there is a single word difference.
  • Added arguments that enable setting the threshold to close as duplicate and de-duplication.
  • Changed the default value of incidentTypes to 30 days.

Prisma Cloud Compute Pack v1.0.4

Integrations

Palo Alto Networks - Prisma Cloud Compute

Updated the endpoint that the integration calls.


Qualys Pack v1.0.2

Integrations

Qualys

Added outputs for the qualys-vm-scan-fetch command.


RSA Archer Pack v1.1.3

Integrations

RSA Archer v2
  • Improved error handling in the login process.
  • You can now pass list fields to the fieldsToValues argument without [] in the archer-create-record and archer-update-record commands. For example: use fieldsToValues={"Priority":"High"} instead of " fieldsToValues={"Priority":"[High]"}.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.

RecordedFuture v2 Pack v1.0.2 (Partner Supported)

Integrations

Recorded Future v2

Breaking Change: The following reputation commands now return multiple entries (entry per indicator) instead of a single entry.

  • ip
  • domain
  • hash
  • url

Remedy On-Demand Pack v1.0.2

Integrations

Remedy On-Demand

Fixed an issue where the integration test would fail on a timeout.


SentinelOne Pack v1.0.3

Integrations

SentinelOne v2

Deprecated the sentinelone-expire-site command.


ServiceNow Pack v1.3.9

Integrations

ServiceNow v2
  • Fixed an issue where closing incidents or tickets did not work for the sc_task ticket type when using mirroring.
  • Fixed an issue where tickets were not assigned to the “Standard” type in the following commands:
    • servicenow-create-ticket
    • servicenow-update-ticket

Shift Management Pack v1.1.3

Scripts

GetOnCallHoursPerUser

Fixed an issue where the output format was incorrect.


Sixgill Darkfeed - Annual Subscription Pack v1.2.2 (Partner Supported)

Integrations

Sixgill_Darkfeed

Metadata improvements.


ThreatConnect Pack v2.0.9

Integrations

ThreatConnect v2
  • Fixed an issue in the reputation commands where fetching indicators from multiple owners did not work.
  • Updated the Docker image to: demisto/threatconnect-py3-sdk:1.0.0.12410.

Unit42 Feed Pack v1.1.0

Integrations

Unit42 Feed
  • STIX Report indicators are now fetched from the feed.
  • The feed now uses multiprocessing.

VirusTotal Pack v1.0.2

Integrations

VirusTotal

Breaking Change: The file command now returns multiple entries (entry per indicator) instead of a single entry.


VirusTotal - Private API Pack v1.0.5

Integrations

VirusTotal - Private API

Added the ResponseContentSHA256 and ResponseHeaders outputs to the vt-private-get-url-report command. These outputs are returned when the allInfo argument is set.


Workday Pack v1.0.4

Classifiers

New: Workday Classifier

Added a classifier for Workday incidents.

New: IAM Sync User - Workday

Maps a User Profile data to a Workday user data.

Integrations

New: Workday IAM
  • Use the Workday IAM integration as part of the Identity Lifecycle Management premium pack.
  • Updated the Docker image to: demisto/python3:3.8.6.12176.

Zimperium Pack v1.0.5

Integrations

Zimperium

Breaking Change: The file command now returns multiple entries (entry per indicator) instead of a single entry.


iDefense Pack v2.0.0

Integrations

New: iDefense v2

Added a new version for the iDefense integration that provides intelligence regarding security threats and vulnerabilities.

iDefense (Deprecated)

Deprecated. Use the iDefense v2 integration instead.


okta Pack v2.0.0

Classifiers

New: User Profile - Okta (Incoming)

Maps an Okta user data to a User Profile data.

New: User Profile - Okta (Outgoing)

Maps a User Profile data to an Okta user data.

Integrations

New: Okta IAM
  • Integrate with Okta's Identity Access Management service to streamline users' lifecycle processes.
  • Updated the Docker image to: demisto/python3:3.8.5.10845.

urlscan.io Pack v1.0.5

Integrations

urlscan.io

Added support for IPv6 addresses in the urlscan-search command.


Assets