๐ŸŽ„ Demisto Content Release Notes for version 18.12.2 (16142) ๐ŸŽ„

Published on 25 December 2018

โ„๏ธ Integrations โ„๏ธ

3 New Integrations

  • HashiCorp Vault Manage secrets and protect sensitive data.
  • Attivo BOTsink Network-based threat deception for post-compromise threat detection.
  • AbuseIP Central repository to report and identify IP addresses that have been associated with malicious activity online.

4 Improved Integrations

  • EWS v2 Improved error messages.
  • FireEye HX Added two commands:
    • fireeye-hx-search
    • fireeye-hx-get-host-set-information
  • Rasterize Improved error handling for Rasterize errors.
  • Palo Alto Networks Panorama
    • Added support for Palo Alto Firewall.
    • Added 28 new commands, which are related to:
      - Commit and push configurations
      - Object handling: Addresses, Address Groups, Custom URL Category and URL FIltering
      - Security rule management: Create, edit, move, and delete rules

โ˜ƒ๏ธ Scripts โ˜ƒ๏ธ

5 New Scripts

  • DBotPredictPhishingEvaluation Evaluate pre-trained machine learning phishing model in Demisto.
  • DBotPredictPhishingLabel Predict text labels using the pre-trained machine learning phishing model.
  • DBotPredictTextLabel Predict text labels using the pre-trained machine learning phishing model.
  • DBotPreparePhishingData This script is part of phishing model training using machine learning.
  • DBotTrainTextClassifier Create a text classifier model using machine learning.

Improved Script

  • findIncidentsWithIndicator Fixed the Indicator and incidentIDs context keys (this fix is not backward compatible).

6 Deprecated Scripts

  • PanoramaBlockIP Use the panorama-custom-block-rule command.
  • PanoramaCommit Use the integration panorama-commit command.
  • PanoramaConfig Use the panorama-config command.
  • PanoramaDynamicAddressGroup Use the panorama-create-address-group command.
  • PanoramaMove Use the panorama-move-rule command.
  • PanoramaPcaps

๐ŸŽ… Playbooks ๐ŸŽ…

3 New Playbooks

  • DBotCreatePhishingClassifier Create a phishing classifier using machine learning technique, based on email content. For more information, see the Demisto Phishing Email Classifier documentation.
  • DBotCreatePhishingClassifierJob Train the phishing machine learning model.
  • PanoramaCommitConfiguration Commit configurations to Palo Alto Networks Firewall and Panorama.

7 Improved Playbooks

  • Detonate File - BitDam Only supported file types are submitted to BitDam.
  • Detonate File - Lastline Only supported file types are submitted to Lastline.
  • ATD - Detonate File Only supported file types are submitted to McAfee ATD.
  • Detonate File - SNDBOX Only supported file types are submitted to SNDBOX.
  • Detonate File - ThreatGrid Only supported file types are submitted to ThreatGrid.
  • WildFire - Detonate file Only supported file types are submitted to WildFire.
  • Extract Indicators From File - Generic Fixed duplicate parsing of .eml and .msg files. These file types are now ignored when extracting indicators from files.

Demisto Wishes You Happy Holidays !


Assets