Demisto Content Release Notes for version 18.11.1 (14682)
Published on 18 November 2018
5 New Integrations
- BigFix IBM BigFix Patch provides an automated, simplified patching process that is administered from a single console. For more information, see the IBM BigFix documentation.
- Google Vault Archiving and eDiscovery for G Suite. For more information, see the Google Vault documentation.
- Luminate Enrich reports and respond to incidents. For more information, see the Luminate documentation.
- Tenable.io A comprehensive asset centric solution to accurately track resources while accommodating dynamic assets such as cloud, mobile devices, containers and web applications. For more information, see the Tenable.io documentation.
- Windows Defender Advanced Threat Protection Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. For more information, see the Windows Defender ATP documentation.
18 Improved Integrations
- Carbon Black Enterprise Live Response
- Improved error messages for the session-create-and-wait command.
- Improved results for the cb-session-close command to reflect the actual session status for a CB Response case.
- Carbon Black Enterprise Response
- Improved outputs for the command cb-binary command to display full results for the Hostname field.
- Improved implementation of the cb-process-events command to prevent failure in case the information returned is partial.
- CrowdStrike Falcon Intel Improved output for DBotScore when an indicator is not found.
- EWS v2 Fixed a typo in compliance search methods.
Added two commands to implement an email blockage use case. For more information, see the Gmail documentation.- ___gmail-add-delete-filter___- ___gmail-add-filter___
- Cylance Protect v2
Added 5 commands: - ___cylance-protect-download-threat___- ___cylance-protect-add-hash-to-list___- ___cylance-protect-delete-hash-from-lists___- ___cylance-protect-get-policy-details___- ___cylance-protect-delete-devices___
- Mimecast v2
- Refactored the Mimecast integration. Mimecast v1 is now deprecated.
- Implemented incident fetching.
- Fetch URL logs: Fetches email logs containing malicious URLs
- Fetch attachment logs: Fetches email logs containing malicious attachments
- Fetch impersonation logs: Fetches email logs containing impersonation incidents
- Added 12 commands:
- Palo Alto MineMeld Improved implementation of whitelist/blacklist initialization.
- Rapid7 Nexpose Added support to view, stop, pause and resume scans. For more information, see the Rapid7 Nexpose documentation.
- SCADAfence CNM
Added two commands. For more information, see the SCADAfence CNM documentation.- ___scadafence-getAllConnections___- ___scadafence-createAlert___
- SplunkPy Added support to fetch notable events using Splunk Time instead of the Demisto server time.
- VirusTotal - Private API Improved the error message when the quota is exceeded.
- Palo Alto WildFire The wildfire-upload command now supports multiple uploads.
- McAfee ePO
- Added two commands.
- Improved outputs for the epo-query-table command.
- Added two commands.
- Rasterize Added rasterize-image command to securely display images in war room.
- IBM QRadar
- Fixed incidents fetching bug.
- Added the qradar-get-reference-by-name command.
- Reimplemented the integration in Python.
- Cisco Threat Grid
- Updated the integration to align with changes in Threat Grid API.
- Enhanced outputs for the threat-grid-get-analysis-by-id command.
- Added two commands:- ___threat-grid-search-urls___- ___threat-grid-search-samples___
- The ip and file commands are no longer supported.
- Reformatted context outputs.
- Added the command urlscan-search
2 New Scripts
- ExifRead Read image files' metadata and provide Exif tags.
- ParseExcel The automation takes an Excel file (entryID) as an input and parses its content to the War Room and context.
6 Improved Scripts
- ADGetUser Improved display formatting of UserAccountControl flags.
- BlockIP The rulename and ipname arguments are now optional, and include improved defaults.
- CPBlockIP The rulename and ipname arguments are now optional, and include improved defaults.
- PanoramaBlockIP The rulename argument is now optional, and includes improved defaults.
- ProofpointDecodeURL Improved handling of error scenarios.
- ReadPDFFile Improved handling PSEOF error.
2 New Playbooks
- QRadarFullSearch This playbook runs a QRadar query and returns the query results to the context.
- Tenable.io Scan Run a Tenable.io scan.