Demisto Content Release Notes for version 18.10.3 (14022)
Published on 30 October 2018
3 New Integrations
- AWS - CloudWatchLogs
Amazon Web Services CloudWatch Logs (logs). For more information, see the Amazon Web Services CloudWatch documentation.
BitDam secure email gateway protects against advanced content-borne threats with the most accurate prevention of known and unknown threats, at their source. For more information, see the BitDam documentation.
- Red Canary
Red Canary collects endpoint data using Carbon Black Response and CrowdStrike Falcon.
15 Improved Integrations
- AWS - S3
Added the aws-s3-upload-file command. For more information, see the AWS S3 documentation.
- Carbon Black Enterprise Live Response
Improved the integration test.
Improved integration implementation and execution. For more information, see the IntSights documentation.
Added a default results limit of 30.
- EWS v2
Added support for Public Folders and compliance search in Office 365.
- FireEye HX
Added enforcement of passing either the defaultSystemScript argument or both the script and scriptName arguments when running the fireeye-hx-data-acquisition command.
For more information, see the Lastline documentation.
- Improved outputs, error messages, and code readability.
- Added support to insert multiple inputs for the lastline-get command.
- PagerDuty v2
Added support to send ServiceKey with the PagerDuty-submit-event command.
- Dell Secureworks
Added support for getting ticket attachments.
- Added support for the catalog task ticket type.
- Improved error messages.
Added support to use the equal sign in the query and headers arguments for the search command.
Fixed a filter issue when the ratingThreshold argument is specified.
- FireEye iSIGHT
Added DBot score output for indicators that do not contain data.
- McAfee ePO
Added 2 commands:
- Cisco Umbrella Investigate
Added 13 commands:
2 New Scripts
Checks if a list exists in Demisto lists.
Extracts elements that are contained in all the subgroups that match the pattern.
5 Improved Scripts
Improved error handling.
Added arguments to enable setting analysis type and pre-fetch when running the script.
PagerDuty API v2 is now supported.
Enabled decompression of AES encrypted files.
Added support for multiple languages.
Use the closeInvestigation command.
13 New Playbooks
- Add Indicator to Miner - Palo Alto MineMeld
Add indicators to the relevant Miner using MineMeld.
- Detonate File - BitDam
Detonates one or more files using BitDam integration.
- Block Account - Generic
This playbook blocks malicious usernames using all integrations that you have enabled.
- Block File - Carbon Black Response
This playbook receives an MD5 hash and adds it to the blacklist in Carbon Black Enterprise Response..
- Block File - Generic
A generic playbook for blocking files from running on endpoints.
- Block IP - Generic
This playbook blocks malicious IPs using all integrations that you have enabled.
- Block Indicators - Generic
This playbook blocks malicious Indicators using all integrations that you have enabled.
- Block URL - Generic
This playbook blocks malicious URLs using all integrations that you have enabled.
- Demisto Self-Defense - Account policy monitoring playbook
Get list of Demisto users through the REST API, and alert if any non-SAML user accounts are found.
- Detonate File - Lastline
Detonates a File using the Lastline sandbox.
- Detonate URL - Lastline
Detonates a URL using the Lastline sandbox integration.
- Office 365 Search and Delete
Run a ComplianceSearch on Office 365 and delete the results.
- Phishing Investigation - Generic
Use this playbook to investigate and remediate a potential phishing incident. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself.
3 Improved Playbooks
- Detonate File - Generic
Added the Lastline Detonate File playbook.
- Detonate URL - Generic
Added the Lastline Detonate URL playbook.
- Phishing Investigation - Generic
Added support for blocking malicious indicators in relevant integrations.