Cortex XSOAR Content Release Notes for version 20.9.0 (98126)
This content release includes new content packs and updates to existing content packs.
Published on 1 September 2020
New Content Packs
New: Email Communication Pack v1.2.0
Do you have to send multiple emails to end users? This content pack helps you streamline the process and automate updates, notifications and more.
IncidentFields
- Add CC To Email
IncidentTypes
- Email Communication
Scripts
PreprocessEmail
Preprocessing script for email communication layout. This script checks if the incoming email contains an Incident ID to link the mail to an existing incident, and tags the email as "email-thread".
For more information about the preprocessing rules, refer to: https://demisto.developers.paloaltonetworks.com/docs/incidents/incident-pre-processing
SendEmailReply
Sends email massages with the configured mail sender integration.
New: Genians Pack v1.0.0 (Partner Supported)
Integrations
Genians
Use the Genians integration to block IP addresses using the assign tag and unassign tag.
New: McAfee ESM Pack v1.0.0
Integrations
McAfee ESM v2
Run queries and receive alarms from McAfee ESM. The integration supports McAfee version 10 and above.
New: Microsoft Advanced Threat Analytics Pack v1.0.0
Classifiers
Microsoft Advanced Threat Analytics - Classification
Classifies Microsoft Advanced Threat Analytics suspicious activities.
Microsoft Advanced Threat Analytics
Microsoft Advanced Threat Analytics - Incoming Mapper
Maps Microsoft Advanced Threat Analytics suspicious activity fields.
IncidentFields
- Suspicious Activity End Time
- Suspicious Activity ID
- Suspicious Activity Severity
- Suspicious Activity Start Time
- Suspicious Activity Status
IncidentTypes
- Microsoft ATA Suspicious Activity
Integrations
Microsoft Advanced Threat Analytics
Use Microsoft Advanced Threat Analytics integration to manage suspicious activities, and monitor alerts and entities.
New: NTT Cyber Threat Sensor Pack v1.0.0 (Partner Supported)
Classifiers
NTT Cyber Threat Sensor - Classifier
Classifies NTT Cyber Threat Sensor incidents.
NTT Cyber Threat Sensor
NTT Cyber Threat Sensor - Incoming Mapper
Maps incoming NTT Cyber Threat Sensor fields.
IncidentFields
- FAERE Description
- Graph Plot
IncidentTypes
- TD Incident
Integrations
NTT Cyber Threat Sensor
Retrieves alerts and recommendations from NTT CTS.
Playbooks
Handle TD events
Enriches TD events
New: PiHole Pack v1.0.0 (Community Supported)
Integrations
PiHole
Pi-hole is a network-level advertisement and Internet tracker blocking application that acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network.
New: QueryAI Pack v1.0.0 (Partner Supported)
Integrations
Query.AI
Query.AI is a decentralized data access and analysis technology that simplifies security investigations across disparate platforms without data duplication.
Updated Content Packs
Access Investigation Pack v1.2.2
Layouts
layout-edit-Access.json
Set the default incident type for the layout
layout-details-Access.json
Set the default incident type for the layout
Base Pack v1.1.17
Scripts
WordTokenizerNLP
Updated the script Docker image to the latest version.
CommonServerPython
- Added the following code objects, which simplifies creating widgets.
- TextWidget
- TrendWidget
- NumberWidget
- BarColumnPieWidget
- LineWidget
- TableOrListWidget
- Fixed an issue with the mirroring mapper scheme.
- Fixed an issue in the return_outputs function where the content type was incorrect.
SaneDocReports
Fixed an issue with the table readable headers.
CheckPhish Pack v1.0.1
Integrations
CheckPhish
- Updated the default API URL.
- Adjusted the error handling to use the new API format.
Cisco AMP Pack v1.0.1
Integrations
Cisco AMP
Fixed an issue that caused the amp_move_computer to fail.
Cisco Umbrella Investigate Pack v1.0.1
Integrations
Cisco Umbrella Investigate
Fixed an issue where the umbrella-ip-dns-history command failed when no IP results were found.
Code42 Pack v2.0.3 (Partner Supported)
Integrations
Code42
Fixed a bug where File Category would not map correctly when creating incidents from Code42 alerts.
Cofense Triage Pack v1.1.4 (Partner Supported)
Integrations
Cofense Triage v2
Fixed an issue in the cofense-get-attachment command.
Common Playbooks Pack v1.7.1
Playbooks
Extract Indicators From File - Generic v2
Added support for UTF-8 Unicode text files.
Common Scripts Pack v1.2.34
Scripts
WhereFieldEquals
Fixed an issue where WhereFieldEquals returned a string instead of a list.
FeedRelatedIndicatorsWidget
Fixed an issue where the indicator link value was incorrect.
Common Types Pack v1.8.8
Layouts
- File Indicator
- layout-edit-Vulnerability.json
- layout-details-Vulnerability.json
CrowdStrike Falcon Streaming Pack v1.0.7
Integrations
CrowdStrike Falcon Streaming v2
- Improved error handling of unsupported media types.
- Improved handling when the stream response client is not completed.
- Maintenance and stability enhancements.
CyberArk Pack v1.0.2
Integrations
CyberArk PAS
- Added documentation for the integration.
- Updated the the cyberark-pas-credentials-verify command to use the new API.
- Added the cyberark-pas-account-get-details command.
DUO Admin Pack v2.0.1
Integrations
DUO Admin
Updated the integration Docker image to the latest version.
Endace Pack v1.1.0 (Partner Supported)
Integrations
Endace
- Added support for directionless IP and port search.
- Improved error handling messages.
- The hostname parameter is now mandatory.
Playbooks
Endace Search Archive and Download
This playbook is deprecated. Use the Endace Search Archive Download PCAP v2 playbook instead.
Deprecated: Endace Search Archive Download PCAP
This playbook is deprecated. Use the Endace Search Archive Download PCAP v2 instead.
Endace Search Archive Download PCAP v2
- Added support for directionless IP and port search, user friendly timeframe values.
- Updated the playbook input and output variables and their definitions.
Expanse Pack v1.1.1 (Partner Supported)
Integrations
Expanse
Updated the version number in the user-agent header.
GDPR Pack v1.0.5
Layouts
- layout-edit-GDPR_Data_Breach.json
- layout-details-GDPR_Data_Breach.json
GitHub Pack v1.1.1
Integrations
GitHub
Improved error handling of parameter errors.
Gmail Pack v1.0.5
Integrations
Gmail
Removed the event argument from the gmail-list-users command. If you currently use this argument it will be ignored when executing the command. If you do not install this upgrade, the following integration components will fail:
- Test button
- gmail-list-users command
- gmail-search-all-mailboxes command
IBM QRadar Pack v1.0.8
Integrations
IBM QRadar
Added a parameter that enables you to specify the number of addresses to enrich per API call.
IronDefense Pack v1.1.1 (Partner Supported)
Classifiers
IronDefense
Added a new classifier.
IronDefense - Incoming Mapper
Added a new incoming mapper.
IronDefense - Classifier
Added a new classifier.
Integrations
IronDefense
- Added the ability to retrieve IronDefense alerts and events.
- Improved integration descriptions.
Layouts
- layout-details-IronDefense_IronDome_Notification.json
- layout-details-IronDefense_Event_Notification.json
- layout-details-IronDefense_Alert_Notification.json
Malware Pack v1.2.3
Layouts
- layout-edit-Malware.json
- layout-details-Malware.json
Malwarebytes Pack v1.0.2 (Partner Supported)
Integrations
Malwarebytes
Added Code for Usage Analytics.
McAfee ESM v10 and v11 Pack v1.0.3
Integrations
Deprecated: McAfee ESM v10 and v11
Use the McAfee ESM v2 integration instead.
Microsoft Graph User Pack v1.2.0
Integrations
Microsoft Graph User
Fixed an issue where the next_page argument in the msgraph-user-list command did not work as expected.
Palo Alto Networks Cortex XDR - Investigation and Response Pack v2.3.3
Integrations
Palo Alto Networks Cortex XDR - Investigation and Response
Added a default classifier and mapper.
PassiveTotal Pack v1.0.1
Integrations
PassiveTotal
Limited the number of related domains that display in the War Room for enrichment commands.
Phishing Pack v1.10.2
Layouts
layout-quickView-Phishing
Set the default incident type for the layout.
layout-mobile-Phishing
Set the default incident type for the layout.
Phishing Incident
Set the default incident type for the layout.
layout-edit-Phishing
Set the default incident type for the layout.
Proofpoint TAP Pack v1.1.0
Integrations
Proofpoint TAP v2
Fixed an issue in the proofpoint-get-forensics command where the command failed when getting a threat by campaignId.
ServiceNow Pack v1.2.1
Classifiers
New: ServiceNow Classifier
Classifies ServiceNow tickets.
New: ServiceNow - Outgoing Mapper
Maps outgoing ServiceNow incident fields.
New: ServiceNow - Incoming Mapper
Maps incoming ServiceNow incident fields.
Integrations
ServiceNow v2
- Added the ability to mirror tickets between ServiceNow and Cortex XSOAR.
- Removed unnecessary import.
Layouts
ServiceNow Ticket
SplunkPy Pack v1.1.3
Integrations
SplunkPy
- Fixed an issue where the splunk-parse-raw command failed when the raw argument received input in JSON format.
- Fixed an issue in which some incidents were not fetched.
Symantec Endpoint Protection Pack v1.0.2
Integrations
Symantec Endpoint Protection v2
Fixed an issue in which the domain parameter was not parsed correctly.
Tanium Pack v1.0.2
Integrations
Tanium v2
Added the completion-percantage argument to the following commands.
- tn-get-saved-question-result
- tn-get-question-result
ThreatConnect Pack v2.0.5
Integrations
ThreatConnect v2
Fixed an issue where the DBotScore calculation did not work as expected.
Assets
- Download Content Zip (Cortex XSOAR 5.5 and earlier): content_new.zip
- Download Marketplace Packs (Cortex XSOAR 6.0 and later): content_marketplace_packs.zip
- Browse the Source Code: Content Repo @ 20.9.0