Demisto Content Release Notes for version 19.5.0 (22786)

Published on 14 May 2019


3 New Integrations

  • Image OCR Extracts text from images.
  • Netcraft Enables you to open and handle takedown requests.
  • Palo Alto Networks WildFire v2 Perform malware dynamic analysis.

5 Improved Integrations

  • Carbon Black Enterprise Protection v2
  • Cherwell
    • Enhanced "Test Module" functionality.
    • Fixed a syntax error.
  • ServiceNow Added caller as an optional field for create a ticket and update a ticket commands.
  • Palo Alto Networks WildFire
    • Added the md5 and sha256 arguments to !file command.
    • Invalid hashes in the !file command are regarded as a warning.
    • Added the sha256 argument and deprecated the hash argument for the wildfire-report command.
    • Added the wildfire-get-sample command.
  • Rasterize Rasterize URL error handling.


2 New Scripts

  • GDPRContactAuthorities Returns the GDPR Data Protection Supervisory Authority Listing. A supervisory authority is an independent public authority which is established by a Member State pursuant to Article 51. GDPR - Art. 4.
  • GetDockerImageLatestTag Gets the latest tag for a Docker image, by simulating the Docker pull flow, but does not actually pull the image. The script returns an entry with the latest tag of a Docker image if all is good, otherwise it will return an error.

9 Improved Scripts

  • CherwellCreateIncident Added tags and the dependsOn command.
  • CherwellGetIncident Added tags and the dependsOn command.
  • CherwellIncidentOwnTask Added tags and the dependsOn command.
  • CherwellIncidentUnlinkTask Added tags and the dependsOn command.
  • CherwellQueryIncidents Added tags and the dependsOn command.
  • CherwellUpdateIncident Added tags and the dependsOn command.
  • DeleteContext Fixed an issue where the script defines the index parameter as undefined when it set to zero.
  • IsEmailAddressInternal Added the ability to check for sub-domains.
  • LinkIncidentsWithRetry Improved script descriptions.

Deprecated Script

  • SendEmail Deprecated. Use the send-mail command instead.


5 New Playbooks

  • GDPR Breach Notification This playbook executes when you manually create a GDPR data breach incident, and then performs the required tasks that are detailed in GDPR Article 33. For more information, see the GDPR Breach Notification documentation.

    ***Disclaimer: This playbook does not ensure compliance to the GDPR regulation. Before using this playbook, we advise consulting with the relevant authority, and adjusting it to the organization's needs.

  • Account Enrichment - Generic v2.1

    • Replaced the Active Directory integration with the Active Directory v2 Query integration.
    • Removed redundant outputs.
  • Email Address Enrichment - Generic v2.1

    • Enriches email addresses.
    • Gets information from Active Directory for internal addresses
    • Gets the domain-squatting reputation for external addresses.
    • Uses the Active Directory v2 integration.
  • Endpoint Enrichment - Cylance Protect v2 Enrich endpoints using the Cylance Protect v2 integration.

  • Endpoint Enrichment - Generic v2 Enriches endpoints using relevant v2 integrations.

4 Improved Playbooks

  • Account Enrichment - Generic Added support for the Active Directory Query v2 integration.
  • Entity Enrichment - Generic v2 The playbook now uses the v2.1 enrichment playbooks, which utilize v2 integrations.
  • Phishing Investigation - Generic v2 The playbook now uses Entity Enrichment - Phishing v2, as expected.
  • Entity Enrichment - Phishing v2 The playbook now uses the v2.1 enrichment playbooks, which utilize v2 integrations.

Incident Fields

Added a new incident field for GDPR Data Breach incidents.

Incident Layouts

1 New Incident Layout

  • GDPR Data Breach GDPR Data Breach Incident.