Demisto Content Release Notes for version 20.2.3 (41510)

Published on 18 February 2020

Integrations

2 New Integrations

  • Lastline v2
    Use the Lastline v2 integration to provide the threat analysts and incident response teams with the advanced malware isolation and inspection environment needed to safely execute advanced malware samples, and understand their behavior.
  • Akamai WAF
    Use the Akamai WAF integration to manage common sets of lists used by various Akamai security products and features.

10 Improved Integrations

  • SplunkPy
    Added the app argument to the following commands.
    • splunk-job-create
    • splunk-search
  • SumoLogic
    • Added the waitForSearchComplete parameter, which causes the search to wait for the query to iterate over all messages before returning results.
    • Bugfix: wait for the query to complete when fetching incidents as aggregate records.
  • ZeroFox
    Fixed an issue where the same incident was repeatedly fetched.
  • McAfee Web Gateway
    Fixed an issue where the integration parameters were exposed in the log.
  • Mail Sender (New)
    Fixed an issue where in some cases attachments displayed as being empty.
  • Elasticsearch v2
    You can now fetch incidents without specifying the Date Format parameter.
  • ArcSight ESM v2
    Fixed an issue where the output for the as-get-entries command was not in the correct format for results with a large number of objects.
  • Rasterize
    • Updated Chromium to version 80.
    • Added support for specifying a maximum page load time. The default value is 180 seconds.
    • Changed the default user agent to match the Chrome user agent.
  • RSA NetWitness v11.1
    • Fixed an issue with fetch-incidents where setting a Fetch Limit would drop older incidents if the number of the fetched incidents was greater than the limit.
    • Added the pageNumber argument to the netwitness-get-incidents command. The argument allows the user to get incidents from a specific page and is intended to be used with the limit argument.
  • Palo Alto Networks PAN-OS
    • The name argument is now mandatory in the panorama-get-service command.
    • Added 7 commands.
      • panorama-download-latest-content-update
      • panorama-content-update-download-status
      • panorama-install-latest-content-update
      • panorama-content-update-install-status
      • panorama-check-latest-panos-software
      • panorama-download-panos-version
      • panorama-download-panos-status

Scripts

New Script

  • YaraScan
    Performs a Yara scan on the specified files.

2 Improved Scripts

  • ReadPDFFileV2
    • Fixed a bug where emails were labeled as URLs.
    • Added Email standard output.
  • DockerHardeningCheck
    Updated the error entry with a detailed explanation of the failure.

Playbooks

5 New Playbooks

  • NetOps - Upgrade PAN-OS Firewall Device
    Network operation playbook that upgrades the firewall. The superuser is required in order to update the PAN-OS version.
  • NetOps - Firewall Version and Content Upgrade
    Network operation playbook that updates the version and the content of the firewall. The superuser is required in order to update the PAN-OS version.
  • Detonate URL - Lastline v2
    Detonates a URL using the Lastline sandbox integration.
  • Akamai WAF - Activate Network Lists
    Activates network lists in Staging or Production on Akamai WAF. The playbook finishes running when the network list is active on the requested environment.
  • Detonate File - Lastline v2
    Detonates a file using the Lastline sandbox.

2 Improved Playbooks

  • Detonate URL - Generic
    Replaced the Detonate URL - Lastline sub-playbook with Detonate URL - Lastline v2.
  • Detonate File - Generic
    Replaced the Detonate File - Lastline sub-playbook with Detonate File - Lastline v2.

Incident Fields

New Incident Field

  • Target Firewall Version
    Version to install on the firewall for PAN-OS, for example: 9.0.5.
    - ***panorama-install-panos-version***
    - ***panorama-install-panos-status***
    - ***panorama-device-reboot***

Assets