Accessdata
Use the Accessdata integration to protect against and provide additional visibility into phishing and other malicious email attacks.
IronDefense
Use the IronDefense Integration to rate alerts, update alert statuses, add comments to alerts, and to report observed bad activity.
Microsoft Graph Groups
Use the Microsoft Graph Groups integration to create and manage different types of groups and group functionality.
Gmail Single User (Beta)
Use the Gmail Single User integration to send and receive emails from a single user's mailbox. Authentication is performed using OAuth 2.0 protocol.
Blue Coat Content and Malware Analysis (Beta)
Blue Coat Content and Malware Analysis.
MISP V2
You can now filter an event by attribute data fields.
Alexa Rank Indicator
Added fallback for when the default endpoint is inaccessible.
Added support for connection from a proxy.
Updated DBotScore outputs.
CrowdStrike Falcon Sandbox
The crowdstrike-submit-sample command now works as expected.
PhishLabs IOC EIR v2
Changed the display name to PhishLabs EIR v2.
Microsoft Graph User
Fixed an issue where the msgraph-user-create command did not work if the optional argument other_properties was not supplied. You can now run this command without supplying the other_properties argument.
RSA Archer
Fixed an issue when retrieving app IDs for applications with reverse field mapping.
Added support for multiselect fields in the following commands.
archer-create-record
archer-update-record
Added support for specifying users in type 8 fields in the following commands.
archer-create-record
archer-update-record
WhatIsMyBrowser
Added support for the extend-context argument in the ua-parse command.
LogRhythm
Fixed an issue with an error message in the lr-get-alarms command.
Palo Alto Networks PAN-OS EDL Management
Updated the detailed description.
Fixed an issue where the pan-os-edl-update command failed when the file path included space characters at scp_execute().
Fixed an issue where the ssh_execute() function failed when the file name included space characters.
Added the following commands.
pan-os-edl-update-internal-list
pan-os-edl-update-external-file
VirusTotal
Added batch support for the reputation commands (ip, url, and domain).
Fixed an issue where the DBotScore would create duplications in the incident context. This effects Demisto v5.5 and later.
Symantec Managed Security Services
You can now use special characters in comments when running the symantec-mss-update-incident command.
Atlassian Jira (v2)
Improved support for the following authentication methods. (Requires Demisto v5.0)
Basic
OAuth 1.0
Exabeam
Improved error handling.
Added the prefix exabeam- to all commands.
Added 2 new commands.
exabeam-delete-watchlist
exabeam-get-asset-data
FireEye HX
Fixed an issue where fireeye-hx-file-acquisition command would fail on a timeout.
Anomali ThreatStream v2
The threatstream-import-indicator-with-approval command now works as expected.
Added support for comma-separated values in reputation commands (ip, file, domain, and url).
Palo Alto Networks PAN-OS
Fixed an issue where the status log queries that returned zero results did not update to Completed.
Added 2 commands.
panorama-get-url-category-from-cloud
panorama-get-url-category-from-host
Added support to get, create, and edit custom URL category objects, including using the categories attribute in PAN-OS v9.x and above.
EWS Mail Sender
Fixed issue where threads not closed after executing the command.
Active Directory Query v2
Improved handling of error messages.
PhishLabs IOC EIR
Changed the display name to Phishlabs IOC EIR.
Microsoft Graph Mail
Added 7 new commands.
msgraph-mail-list-folders
msgraph-mail-list-child-folders
msgraph-mail-create-folder
msgraph-mail-update-folder
msgraph-mail-delete-folder
msgraph-mail-move-email
msgraph-mail-get-email-as-eml
Slack v2
Fixed an issue where mirrored investigations contained mismatched user names.
Added reporter and reporter email as labels to incidents that are created by direct messages.
CrowdStrike Falcon
Fixed an issue with fetch incidents, which caused incident duplication.
AccessdataCheckProcessExistsInSnapshot
Reads the contents of the processes list XML file from context and checks if the given process exists in the process list.
GetEWSFolder
Retrieves emails from multiple folders of an account in a single batch.
ExportMLModel
Exports an existing machine learning (ML) model to a file.
ImportMLModel
Imports a file that contains a machine learning (ML) model.
ConvertAllExcept
Converts all selected values but exceptions.
PAN-OS Query Logs For Indicators
This playbook queries the following PAN-OS log types: traffic, threat, url, data-filtering and wildfire. The playbook accepts inputs such as IP, hash, and url.
Get Mails By Folder Pathes
This playbook retreives emails from specified folders and executes pre-processing using EWS.
Accessdata: Dump memory for malicious process
Use this playbook as a sub-playbook to dump memory if a given process is running on a legacy AD agent.
