#
Cortex XSOAR Content Release Notes for version 20.9.0 (98126)This content release includes new content packs and updates to existing content packs.
#
Published on 1 September 2020#
New Content Packs#
New: Email Communication Pack v1.2.0Do you have to send multiple emails to end users? This content pack helps you streamline the process and automate updates, notifications and more.
#
IncidentFields- Add CC To Email
#
IncidentTypes- Email Communication
#
Scripts#
PreprocessEmailPreprocessing script for email communication layout. This script checks if the incoming email contains an Incident ID to link the mail to an existing incident, and tags the email as "email-thread".
For more information about the preprocessing rules, refer to: https://demisto.developers.paloaltonetworks.com/docs/incidents/incident-pre-processing
#
SendEmailReplySends email massages with the configured mail sender integration.
#
New: Genians Pack v1.0.0 (Partner Supported)#
Integrations#
GeniansUse the Genians integration to block IP addresses using the assign tag and unassign tag.
#
New: McAfee ESM Pack v1.0.0#
Integrations#
McAfee ESM v2Run queries and receive alarms from McAfee ESM. The integration supports McAfee version 10 and above.
#
New: Microsoft Advanced Threat Analytics Pack v1.0.0#
Classifiers#
Microsoft Advanced Threat Analytics - ClassificationClassifies Microsoft Advanced Threat Analytics suspicious activities.
#
Microsoft Advanced Threat Analytics#
Microsoft Advanced Threat Analytics - Incoming MapperMaps Microsoft Advanced Threat Analytics suspicious activity fields.
#
IncidentFields- Suspicious Activity End Time
- Suspicious Activity ID
- Suspicious Activity Severity
- Suspicious Activity Start Time
- Suspicious Activity Status
#
IncidentTypes- Microsoft ATA Suspicious Activity
#
Integrations#
Microsoft Advanced Threat AnalyticsUse Microsoft Advanced Threat Analytics integration to manage suspicious activities, and monitor alerts and entities.
#
New: NTT Cyber Threat Sensor Pack v1.0.0 (Partner Supported)#
Classifiers#
NTT Cyber Threat Sensor - ClassifierClassifies NTT Cyber Threat Sensor incidents.
#
NTT Cyber Threat Sensor#
NTT Cyber Threat Sensor - Incoming MapperMaps incoming NTT Cyber Threat Sensor fields.
#
IncidentFields- FAERE Description
- Graph Plot
#
IncidentTypes- TD Incident
#
Integrations#
NTT Cyber Threat SensorRetrieves alerts and recommendations from NTT CTS.
#
Playbooks#
Handle TD eventsEnriches TD events
#
New: PiHole Pack v1.0.0 (Community Supported)#
Integrations#
PiHolePi-hole is a network-level advertisement and Internet tracker blocking application that acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network.
#
New: QueryAI Pack v1.0.0 (Partner Supported)#
Integrations#
Query.AIQuery.AI is a decentralized data access and analysis technology that simplifies security investigations across disparate platforms without data duplication.
#
Updated Content Packs#
Access Investigation Pack v1.2.2#
Layouts#
layout-edit-Access.jsonSet the default incident type for the layout
#
layout-details-Access.jsonSet the default incident type for the layout
#
Base Pack v1.1.17#
Scripts#
WordTokenizerNLPUpdated the script Docker image to the latest version.
#
CommonServerPython- Added the following code objects, which simplifies creating widgets.
- TextWidget
- TrendWidget
- NumberWidget
- BarColumnPieWidget
- LineWidget
- TableOrListWidget
- Fixed an issue with the mirroring mapper scheme.
- Fixed an issue in the return_outputs function where the content type was incorrect.
#
SaneDocReportsFixed an issue with the table readable headers.
#
CheckPhish Pack v1.0.1#
Integrations#
CheckPhish- Updated the default API URL.
- Adjusted the error handling to use the new API format.
#
Cisco AMP Pack v1.0.1#
Integrations#
Cisco AMPFixed an issue that caused the amp_move_computer to fail.
#
Cisco Umbrella Investigate Pack v1.0.1#
Integrations#
Cisco Umbrella InvestigateFixed an issue where the umbrella-ip-dns-history command failed when no IP results were found.
#
Code42 Pack v2.0.3 (Partner Supported)#
Integrations#
Code42Fixed a bug where File Category would not map correctly when creating incidents from Code42 alerts.
#
Cofense Triage Pack v1.1.4 (Partner Supported)#
Integrations#
Cofense Triage v2Fixed an issue in the cofense-get-attachment command.
#
Common Playbooks Pack v1.7.1#
Playbooks#
Extract Indicators From File - Generic v2Added support for UTF-8 Unicode text files.
#
Common Scripts Pack v1.2.34#
Scripts#
WhereFieldEqualsFixed an issue where WhereFieldEquals returned a string instead of a list.
#
FeedRelatedIndicatorsWidgetFixed an issue where the indicator link value was incorrect.
#
Common Types Pack v1.8.8#
Layouts- File Indicator
- layout-edit-Vulnerability.json
- layout-details-Vulnerability.json
#
CrowdStrike Falcon Streaming Pack v1.0.7#
Integrations#
CrowdStrike Falcon Streaming v2- Improved error handling of unsupported media types.
- Improved handling when the stream response client is not completed.
- Maintenance and stability enhancements.
#
CyberArk Pack v1.0.2#
Integrations#
CyberArk PAS- Added documentation for the integration.
- Updated the the cyberark-pas-credentials-verify command to use the new API.
- Added the cyberark-pas-account-get-details command.
#
DUO Admin Pack v2.0.1#
Integrations#
DUO AdminUpdated the integration Docker image to the latest version.
#
Endace Pack v1.1.0 (Partner Supported)#
Integrations#
Endace- Added support for directionless IP and port search.
- Improved error handling messages.
- The hostname parameter is now mandatory.
#
Playbooks#
Endace Search Archive and DownloadThis playbook is deprecated. Use the Endace Search Archive Download PCAP v2 playbook instead.
#
Deprecated: Endace Search Archive Download PCAPThis playbook is deprecated. Use the Endace Search Archive Download PCAP v2 instead.
#
Endace Search Archive Download PCAP v2- Added support for directionless IP and port search, user friendly timeframe values.
- Updated the playbook input and output variables and their definitions.
#
Expanse Pack v1.1.1 (Partner Supported)#
Integrations#
ExpanseUpdated the version number in the user-agent header.
#
GDPR Pack v1.0.5#
Layouts- layout-edit-GDPR_Data_Breach.json
- layout-details-GDPR_Data_Breach.json
#
GitHub Pack v1.1.1#
Integrations#
GitHubImproved error handling of parameter errors.
#
Gmail Pack v1.0.5#
Integrations#
GmailRemoved the event argument from the gmail-list-users command. If you currently use this argument it will be ignored when executing the command. If you do not install this upgrade, the following integration components will fail:
- Test button
- gmail-list-users command
- gmail-search-all-mailboxes command
#
IBM QRadar Pack v1.0.8#
Integrations#
IBM QRadarAdded a parameter that enables you to specify the number of addresses to enrich per API call.
#
IronDefense Pack v1.1.1 (Partner Supported)#
Classifiers#
IronDefenseAdded a new classifier.
#
IronDefense - Incoming MapperAdded a new incoming mapper.
#
IronDefense - ClassifierAdded a new classifier.
#
Integrations#
IronDefense- Added the ability to retrieve IronDefense alerts and events.
- Improved integration descriptions.
#
Layouts- layout-details-IronDefense_IronDome_Notification.json
- layout-details-IronDefense_Event_Notification.json
- layout-details-IronDefense_Alert_Notification.json
#
Malware Pack v1.2.3#
Layouts- layout-edit-Malware.json
- layout-details-Malware.json
#
Malwarebytes Pack v1.0.2 (Partner Supported)#
Integrations#
MalwarebytesAdded Code for Usage Analytics.
#
McAfee ESM v10 and v11 Pack v1.0.3#
Integrations#
Deprecated: McAfee ESM v10 and v11Use the McAfee ESM v2 integration instead.
#
Microsoft Graph User Pack v1.2.0#
Integrations#
Microsoft Graph UserFixed an issue where the next_page argument in the msgraph-user-list command did not work as expected.
#
Palo Alto Networks Cortex XDR - Investigation and Response Pack v2.3.3#
Integrations#
Palo Alto Networks Cortex XDR - Investigation and ResponseAdded a default classifier and mapper.
#
PassiveTotal Pack v1.0.1#
Integrations#
PassiveTotalLimited the number of related domains that display in the War Room for enrichment commands.
#
Phishing Pack v1.10.2#
Layouts#
layout-quickView-PhishingSet the default incident type for the layout.
#
layout-mobile-PhishingSet the default incident type for the layout.
#
Phishing IncidentSet the default incident type for the layout.
#
layout-edit-PhishingSet the default incident type for the layout.
#
Proofpoint TAP Pack v1.1.0#
Integrations#
Proofpoint TAP v2Fixed an issue in the proofpoint-get-forensics command where the command failed when getting a threat by campaignId.
#
ServiceNow Pack v1.2.1#
Classifiers#
New: ServiceNow ClassifierClassifies ServiceNow tickets.
#
New: ServiceNow - Outgoing MapperMaps outgoing ServiceNow incident fields.
#
New: ServiceNow - Incoming MapperMaps incoming ServiceNow incident fields.
#
Integrations#
ServiceNow v2- Added the ability to mirror tickets between ServiceNow and Cortex XSOAR.
- Removed unnecessary import.
#
LayoutsServiceNow Ticket
#
SplunkPy Pack v1.1.3#
Integrations#
SplunkPy- Fixed an issue where the splunk-parse-raw command failed when the raw argument received input in JSON format.
- Fixed an issue in which some incidents were not fetched.
#
Symantec Endpoint Protection Pack v1.0.2#
Integrations#
Symantec Endpoint Protection v2Fixed an issue in which the domain parameter was not parsed correctly.
#
Tanium Pack v1.0.2#
Integrations#
Tanium v2Added the completion-percantage argument to the following commands.
- tn-get-saved-question-result
- tn-get-question-result
#
ThreatConnect Pack v2.0.5#
Integrations#
ThreatConnect v2Fixed an issue where the DBotScore calculation did not work as expected.
#
Assets- Download Content Zip (Cortex XSOAR 5.5 and earlier): content_new.zip
- Download Marketplace Packs (Cortex XSOAR 6.0 and later): content_marketplace_packs.zip
- Browse the Source Code: Content Repo @ 20.9.0