Cortex XSOAR Content Release Notes for version 20.9.2 (127966)

Published on 30 September 2020

New: Axonius Pack v1.0.0 (Partner Supported)

Integrations

Axonius

Fetches information about assets in Axonius.

---

New: Bmc Helix Remedyforce Pack v1.0.0

Classifiers

BMCHelixRemedyforce - Classifier

Classifies BMC Helix Remedy force incidents.

BMCHelixRemedyforce - Incoming Mapper

Maps incoming BMC Helix Remedy force incident fields.

Incident Fields

• Bmc Remedyforce Attachment(s)
• Bmc Remedyforce Broadcast
• Bmc Remedyforce Category
• Bmc Remedyforce Client Account
• Bmc Remedyforce Client Name
• Bmc Remedyforce Closed Date
• Bmc Remedyforce Configuration Item / Asset
• Bmc Remedyforce Created Date
• Bmc Remedyforce Description
• Bmc Remedyforce Due Date
• Bmc Remedyforce ID
• Bmc Remedyforce Impact
• Bmc Remedyforce Last Modified Date
• Bmc Remedyforce Note(s)
• Bmc Remedyforce Opened Date
• Bmc Remedyforce Outage End
• Bmc Remedyforce Outage Start
• Bmc Remedyforce Queue
• Bmc Remedyforce Request Definition
• Bmc Remedyforce Resolution
• Bmc Remedyforce Responded Date
• Bmc Remedyforce Service
• Bmc Remedyforce Service Offering
• Bmc Remedyforce Service Request
• Bmc Remedyforce Staff
• Bmc Remedyforce Status
• Bmc Remedyforce Template
• Bmc Remedyforce Urgency

Incident Types

• Bmc Remedyforce Incident
• Bmc Remedyforce Service Request

Integrations

BMC Helix Remedyforce

The BMC Helix Remedyforce integration enables customers to create/update service requests and incidents, update statuses, and resolve service requests and incidents with customer notes. This integration exposes standard ticketing capabilities that can be utilized as part of automation & orchestration.

Layouts

• Bmc Remedyforce Incident - Summary
• Bmc Remedyforce Service Request - Summary

Scripts

BMCHelixRemedyforceCreateIncident

Simplifies the process of creating an incident in BMC Helix Remedyforce. The script will consider the ID over the name of the argument when both are provided. Example: client_id is considered when both client_id and client_user_name are provided.

BMCHelixRemedyforceCreateServiceRequest

Simplifies the process of creating a service request in BMC Helix Remedyforce. The script will consider the ID over the name of the argument when both are provided. Example: client_id is considered when both client_id and client_user_name are provided.

---

New: Bonusly Pack v1.0.0

Integrations

Bonusly

Interacts with the Bonusly platform through the API. Bonusly is an employee recognition platform that enterprises use for employee recognition.

Playbooks

Bonusly - AutoGratitude

AutoGratitude is a playbook used to provide gratitude to security engineers and developers when they successfully complete an SLA.

Scripts

IncOwnerToBonuslyUser

Gets the email address of the incident owner and then returns the incident owner's username in Bonusly.

---

New: CaseManagement-Generic Pack v1.0.0

Beta pack built by the Cortex Customer Success Team to provide quick and valuable deployment of XSOAR for case management.

Dashboards

My Incidents

Case Management Implementation Guide

Incidents Overview

Incident Types

Case

Layouts

• Case - Close
• Case - None
• Case - New/Edit
• Case - Mobile
• Case - Quick View

Playbooks

Case Management - Generic

This playbook executes when no other playbook is associated with an incident. It enriches indicators in an incident using one or more integrations.

Scripts

AssignToMeButton

Assigns the current incident to the Cortex XSOAR user who clicked the button.

GenerateSummaryReportButton

Generates a summary Case Report template for a given incident.

LinkIncidentsButton

Links incidents to or unlinks incidents from another incident.

TimersOnOwnerChange

• Stops the Time To Assignment timer when an owner is assigned to the incident.
• Starts the Remediation SLA timer when an owner is assigned to the incident.

---

New: CrowdStrike Falcon Intel Feed Pack v1.0.0

Integrations

CrowdStrike Falcon Intel Feed

The CrowdStrike intelligence team tracks the activities of threat actor groups and advanced persistent threats (APTs) to understand as much as possible about their known aliases, targets, methods, and more. This integration retrieves indicators from the CrowdStrike Falcon Intel Feed.

---

New: FeedTalos Pack v1.0.0

Integrations

Talos Feed

Gets indicators from the Talos feed.

---

New: FireEye Feed Pack v1.0.0

Integrations

FireEye Feed

Gets indicators from the FireEye Intelligence feed.

---

New: Gophish Pack v1.0.0

Integrations

Gophish

Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.

---

New: TrendMicro Cloud App Security Pack v1.0.0

TrendMicroCAS - incoming - mapper

Maps incoming Trend Micro Cloud App Security (CAS) fields.

Incident Types

Trend Micro CAS Event

Integrations

TrendMicro Cloud App Security

Use the Trend Micro Cloud App Security integration to protect against ransomware, phishing, malware, and unauthorized transmission of sensitive data for cloud applications, such as Microsoft 365, Box, Dropbox, Google G Suite, and Salesforce.

Playbooks

Trend Micro CAS - Take Action On Emails

Runs various actions on emails, such as deleting and quarantining email messages using the trendmicro-cas-email-take-action command and returns the results using the trendmicro-cas-email-action-result-query command.

Trend Micro CAS - Take Action On User Accounts

Runs various actions on a user's account, such as disabling accounts, requesting multi-factor authentication, and requesting a password using the trendmicro-cas-user-take-action command and returns the results using the trendmicro-cas-user-action-result-query command.

---

AWS Feed Pack v1.0.5

Integrations

AWS Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

AlienVault Feed Pack v1.0.5

Integrations

AlienVault Reputation Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

AlienVault OTX TAXII Feed

Added the Traffic Light Protocol integration parameter.

---

AlienVault USM Anywhere Pack v1.0.1

Integrations

AlienVault USM Anywhere

• Fixed an issue where the alienvault-search-alarms command ignored the following arguments: status, priority, rule_intent, rule_method, rule_strategy.
• Added the Alarm.Status output to the alienvault-search-alarms and alienvault-get-alarm commands.
• Updated the Docker image to demisto/python3:3.8.5.1084.

---

Anomali ThreatStream Pack v1.0.2

Integrations

Anomali ThreatStream v2

Rewrote the threatstream-import-indicator-without-approval command and removed the deprecated flag.

---

AutoFocus Pack v1.1.3

Integrations

AutoFocus Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

AutoFocus Daily Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Azure Compute Pack v1.0.1

Integrations

Azure Compute v2

• Maintenance and stability enhancements.
• Updated the Docker image to the latest version.

---

Azure Feed Pack v1.0.2

Integrations

Azure Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Azure Security Center Pack v1.1.2

Integrations

Azure Security Center v2

• Added the azure-sc-get-alert command.
• Updated the Alert API version to 2019-01-01.
• Maintenance and stability enhancements.
• Fixed an issue where commands that do not require a value for the subscription_id parameter failed when no value was provided.
• Updated the Docker image to: crypto:1.0.0.11650.

---

AzureSentinel Pack v1.0.2

Integrations

Azure Sentinel (Beta)

• Maintenance and stability enhancements.
• Updated the integration Docker image to the latest version.

---

Bambenek Consulting Feed Pack v1.0.3

Integrations

Bambenek Consulting Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Base Pack v1.3.9

Scripts

CommonServerPython

• Improved handling of input for the parse_date_frame function.
• Fixed an issue in the debug logger output.
• Added the get_demisto_version_as_str and get_x_content_info_headers functions.
• Added support for SHA512 regex and parsing.
• Maintenance and stability enhancements.

GetIncidentsByQuery

• Updated the script to execute using the DBot role.
• Upgraded the Docker image to: 2.7.18.10627.

FindSimilarIncidentsByText

Updated the script to execute using the DBot role.

WordTokenizerNLP

Implemented maximum input text length permitted for pre-processing.

DBotPreProcessTextData

Texts that exceed the maximum text length for pre-processing are now discarded.

DBotMLFetchData

Fixed an issue where incidents did not have any label fields. These are fields in which the incident close reason is specified, for example, Close Reason, Email Classification, etc.

DBotPredictPhishingWords

Added the language and tokenizer arguments, which enable you to get predictions for text in additional languages.

---

BeyondTrust Password Safe Pack v1.0.1

Integrations

BeyondTrust Password Safe

• Fixed a typo in an error message.
• Upgraded the Docker image to: demisto/python3:3.8.5.10845.

---

BlockList DE Feed Pack v1.0.1

Integrations

Blocklist_de Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Bmc Helix Remedyforce Pack v1.0.1

Integrations

BMC Helix Remedyforce

Maintenance and stability enhancements.

---

BruteForce Feed Pack v1.0.1

Integrations

BruteForceBlocker Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

CSV Feed Pack v1.0.4

Integrations

CSV Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Cloudflare Feed Pack v1.0.1

Integrations

Cloudflare Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Code42 Pack v2.0.4 (Partner Supported)

Integrations

Code42

• Fixed an issue where capitalized alert file-observation categories would not map to file event query values.
• Upgraded the py42 dependency and improved the internal code.

Playbooks

Code42 File Download

Added a missing Else case to the Code42 Download File playbook.

---

Cofense Feed Pack v1.0.6

Integrations

Cofense Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Common Playbooks Pack v1.8.1

Playbooks

Email Address Enrichment - Generic v2.1

Fixed an issue where no results were returned when multiple internal email addresses were provided.

---

Common Scripts Pack v1.2.48

Scripts

DeleteContext

• Updated the script to execute using the LimitedUser role.
• Updated the script to execute using the DBot role.

WhereFieldEquals

• Fixed an issue where the transformer failed on KeyError.
• Updated the Docker image to the latest version.
• Added the stringify argument.

IndicatorMaliciousRatioCalculation

Updated the script to execute using the DBot role.

GetDuplicatesMlv2

Updated the script to execute using the LimitedUser role.

FindSimilarIncidents

• Updated the script to execute using the DBot role.
• Upgraded the Docker image to: demisto/python:2.7.18.10627.

SearchIncidentsV2

• Updated the script to execute using the DBot role.
• Upgraded the Docker image to: demisto/python3:3.8.3.9324.

DBotClosedIncidentsPercentage

Updated the script to execute using the DBot role.

MarkRelatedIncidents

Updated the script to execute using the DBot role.

findIncidentsWithIndicator

Updated the script to execute using the DBot role.

New: MatchRegexV2

Extracts regex data from the provided text. The script supports groups and looping.

MatchRegex

Deprecated. Use the MatchRegexV2 script instead.

GetIndicatorDBotScore

Fixed an issue where the indicator's Vendor field returned an empty value.

Set

Updated the documentation and descriptions.

---

Cortex Data Lake Pack v1.2.4

Integrations

Cortex Data Lake

• Maintenance and stability enhancements.
• Added the cdl-query-file-data command.
• Updated the Docker image to: demisto/python_pancloud_v2:1.0.0.11712.

---

CrowdStrike Falcon Pack v1.2.1

Integrations

CrowdStrike Falcon

• Fixed an issue with the username argument in the cs-falcon-resolve-detection command.
• Added the comment argument to the cs-falcon-resolve-detection command, which enables you to add a comment when updating detections.

---

CrowdStrike Falcon Intel Pack v2.0.0

Integrations

New: CrowdStrike Falcon Intel v2

CrowdStrike Threat intelligence service integration helps organizations defend themselves against adversary activity by investigating incidents, and accelerating alert triage and response.

CrowdStrike Falcon Intel (Deprecated)

The CrowdStrike Falcon Intel integration is deprecated. Use the CrowdStrike Falcon Intel v2 integration instead.

---

CrowdStrike Falcon Sandbox Pack v1.0.1

Integrations

CrowdStrike Falcon Sandbox

Added the dontThrowErrorOnFileDetonation parameter to the crowdstrike-submit-url command, which gives you the option not to throw an error when sending a URL that points to a file.

Playbooks

Detonate URL - CrowdStrike

The playbook will not fail when it detonates a URL that points to a file.

---

CrowdStrike Falcon Streaming Pack v1.0.8

Scripts

CrowdStrikeStreamingPreProcessing

Updated the script to execute using the DBot role.

---

Crowdstrike Falcon Intel Feed Pack v1.0.1

Integrations

Crowdstrike Falcon Intel Feed

Added the Traffic Light Protocol integration parameter.

---

CyberArk AIM Pack v1.0.2

Integrations

CyberArk AIM

• Added a new version of the CyberArk AIM integration as CyberArk AIM v2.
• The CyberArk AIM v2 integration supports Windows authentication and certificate-based authentication.

CyberArk AIM (Deprecated)

• The CyberArk AIM integration is deprecated. Please use the CyberArk AIM v2 integration instead.
• Documentation and metadata improvements.

---

Cybereason Pack v1.0.3

Scripts

CybereasonPreProcessingExample

Updated the script to execute using the LimitedUser role.

---

Cymulate Pack v1.0.5 (Partner Supported)

Integrations

Cymulate

• Maintenance and stability enhancements.
• Updated the Docker image to the latest version.

---

DShield Feed Pack v1.0.1

Integrations

DShield Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

DeepInstinct Pack v1.0.2 (Partner Supported)

Integrations

Deep Instinct

Added a description to the integration.

---

EWS Pack v1.3.2

Integrations

EWS O365

Maintenance and stability enhancements.

Scripts

GetEWSFolder

Fixed an issue in cases where no emails were found in one of the folders.

---

Elasticsearch Feed Pack v1.0.7

Integrations

Elasticsearch Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

Farsight DNSDB Pack v2.0.0 (Partner Supported)

Integrations

Farsight DNSDB v2

• Updated the integration using the latest version of DNSDB API v1.
• Added the summarize and rate limit commands.

Playbooks

Added 3 playbooks.

• DNSB - Related Hostnames from Hostname Retrieves related host names from the target host name.
• DNSB - IPs from Hostname Retrieves all IP addresses from a host name.
• DNSDB - Hostname from IP Retrieves all host names from an IP address.

---

Fastly Feed Pack v1.0.2

Integrations

Fastly Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

FeedTalos Pack v1.0.1

Integrations

Talos Feed

Added the Traffic Light Protocol integration parameter.

---

FeodoTracker Feed Pack v1.0.1

Integrations

Feodo Tracker Hashes Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

Feodo Tracker IP Blocklist Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

FireEye Feed Pack v1.0.1

Integrations

FireEye Feed

Maintenance and stability enhancements.

---

FortiGate Pack v1.0.1

Integrations

FortiGate

Added more comprehensive logs to the integration.

---

GCP Whitelist Feed Pack v1.0.2

Integrations

GCP Whitelist Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

GenericSQL Pack v1.0.7

Integrations

Generic SQL

• Fixed an issue where special characters in the password caused an authentication failure.
• Updated the Docker image to: demisto/genericsql:1.1.0.11281.

---

Gmail Pack v1.0.6

Integrations

Gmail

• Fixed an issue where the from argument did not work as expected in the send-mail command.
• Updateed the Docker image to: demisto/google-api:1.0.0.11655.

---

Google Resource Manager Pack v1.0.1

Integrations

Google Resource Manager

• The proxy settings now work as expected.
• Updated the Docker image to: demisto/gvault:1.0.0.11675.

---

IBM QRadar Pack v1.0.11

Integrations

IBM QRadar V2

Enables incidents to be fetched with events and assets, with no additional playbook executions required for IBM QRadar for server versions 6.0.0 and above.

IBM QRadar v2

Fixed an issue where IP address values from fetched incidents were not enriched correctly.

---

JSON Feed Pack v1.0.3

Integrations

JSON Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

LogRhythmRest Pack v1.0.1

Integrations

LogRhythmRest

Added a required header to the API requests.

---

MITRE ATT&CK Pack v1.1.3

Integrations

MITRE ATT&CK Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.
• Populated the Creation Date, Modified, and Value indicator fields.

Layouts

Added 4 indicators.

• MITRE creation date
• MITRE modification date
• MITRE ID
• MITRE Name

Scripts

MitreIDLayoutDynamicSection

Populates the MITRE ATT&CK ID for the MITRE ATT&CK indicator layout.

MitreNameLayoutDynamicSection

Populates the MITRE ATT&CK name for the MITRE ATT&CK indicator layout.

---

MalwareDomainList Feed Pack v1.0.1

Integrations

Malware Domain List Active IPs Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

McAfee ESM Pack v1.1.0

Integrations

McAfee ESM v2

Added 5 new commands.

• esm-create-watchlist
• esm-delete-watchlist
• esm-get-watchlists
• esm-watchlist-add-entry
• esm-watchlist-delete-entry

---

McAfee ESM v10 and v11 Pack v1.0.4

Integrations

McAfee ESM v10 and v11 (Deprecated)

Maintenance and stability enhancements.

---

Micro Focus Service Manager Pack v1.0.1

Integrations

Micro Focus Service Manager

Fixed an issue where the test-module always returned a successful response.

---

Microsoft Azure AD Connect Health Feed Pack v1.0.1

Integrations

Azure AD Connect Health Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Microsoft Defender Advanced Threat Protection Pack v1.2.1

Integrations

Microsoft Defender Advanced Threat Protection

• Added the following indicator commands.

  • microsoft-atp-list-indicators

  • microsoft-atp-get-indicator-by-id

  • microsoft-atp-file-indicator-create

  • microsoft-atp-network-indicator-create

  • microsoft-atp-indicator-update

  • microsoft-atp-indicator-delete

    Note: To use these commands, in the Microsoft Defender Advanced Threat Protection integration's configuration window, reauthorize the app.

• Updated the Docker version to the latest version.

Microsoft Defender Advanced Threat Protection

Maintenance and stability enhancements.

---

Microsoft Graph Calendar Pack v1.0.2

Integrations

Microsoft Graph Calendar

• Maintenance and stability enhancements.
• Updated the Docker image to the latest version.

---

Microsoft Graph Device Management Pack v1.0.1

Integrations

Microsoft Graph Device Management (Microsoft Intune)

• Maintenance and stability enhancements.
• Updated the Docker image to the latest version.

---

Microsoft Graph Files Pack v1.0.1

Integrations

Microsoft Graph Files

• Maintenance and stability enhancements.
• Updated the Docker image to the latest version.

---

Microsoft Graph Groups Pack v1.0.1

Integrations

Microsoft Graph Groups

• Maintenance and stability enhancements.
• Updated the Docker image to the latest version.

---

Microsoft Graph Mail Pack v1.0.7

Integrations

Microsoft Graph Mail

• Maintenance and stability enhancements.
• Updated the Docker image to the latest version.
• General documentation improvements.

---

Microsoft Graph Mail Single User Pack v1.0.6

Integrations

Microsoft Graph Mail Single User

• Maintenance and stability enhancements.
• Updated the Docker image to the latest version.

---

Microsoft Graph Security Pack v2.0.3

Integrations

Microsoft Graph Security

• Maintenance and stability enhancements.
• Deprecated the msg-get-user and msg-get-users commands. Use the Microsoft Graph User integration for those commands instead.
• Updated the Docker image to: crypto:1.0.0.11412.

---

Microsoft Graph User Pack v1.3.2

Integrations

Microsoft Graph User

• Added the ability to get access on behalf of a user using a self-deployed app. This flow only supports the msgraph-user-change-password and msgraph-user-terminate-session commands.
• Updated the Docker image to the latest version.
• Documentation and metadata improvements.
• Maintenance and stability enhancements.

---

Microsoft Intune Feed Pack v1.0.2

Integrations

Microsoft Intune Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Microsoft Management Activity API (O365/Azure Events) Pack v1.1.0

Integrations

Microsoft Management Activity API (O365 Azure Events)

• Maintenance and stability enhancements.
• Updated the Docker image to the latest version.
• Added the timeout argument to the ms-management-activity-list-content to fetch larger amounts of data.
• Fixed a bug that occurred when resubscribing to a subscription.
• Updated the Docker image to demisto/pyjwt3:1.0.0.8871.

---

Microsoft Cloud App Security Pack v1.0.3

Integrations

Microsoft Cloud App Security

Added IP.Geo.Location context key to the microsoft-cas-activities-list command, which specifies the geolocation (latitude:longitude) of the IP address.

---

Office 365 Feed Pack v1.1.5

Integrations

Office 365 Feed

• Added the Traffic Light Protocol integration parameter.
• Updated Docker image to the latest version.

---

PCAP Analysis Pack v2.3.4

Scripts

PcapMinerV2

Fixed a bug in the IMF extraction process.

---

Palo Alto Networks Cortex XDR - Investigation and Response Pack v2.3.10

Integrations

Cortex XDR - IOC

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Palo Alto Networks WildFire Pack v1.2.1

Integrations

Palo Alto Networks WildFire v2

• Added a DBotScore of 0 in cases that no report is found when running the file command.
• Updated the Docker image to: demisto/python3:3.8.5.10845.

---

Scripts

PTEnrich

Maintenance and stability enhancements.

---

Plain Text Feed Pack v1.0.2

Integrations

Plain Text Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Prisma Access Pack v1.0.5

Integrations

Prisma Access Egress IP feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

Prisma Access

• Deprecated the prisma-access-active-users and prisma-access-cli-command commands.
• Upgraded the Docker image to: demisto/netmiko:1.0.0.11159.

---

Proofpoint Feed Pack v1.0.3

Integrations

Proofpoint Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Qualys Pack v1.0.1

Scripts

QualysCreateIncidentFromReport

Updated the script to execute using the LimitedUser role.

---

Rapid7 Nexpose Pack v1.0.1

Scripts

NexposeCreateIncidentsFromAssets

Updated the script to execute using the LimitedUser role.

---

Recorded Future Feed Pack v1.0.4

Integrations

Recorded Future RiskList Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

ReplaceMatchGroup Pack v1.0.1

Scripts

ReplaceMatchGroup

• Updated the Docker image to: demisto/python3:3.8.5.10845.
• Fixed an issue where the script was failing on a ModuleNotFoundError error.

---

SafeBreach - Breach and Attack Simulation platform Pack v1.0.8 (Partner Supported)

Integrations

SafeBreach v2

Added the Traffic Light Protocol integration parameter.

---

Security Intelligence Services Feed Pack v1.0.1 (Partner Supported)

Integrations

Security Intelligence Services Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Securonix Pack v1.1.3

Integrations

Securonix

• Added the Set default incident severity integration parameter.
• Updated the Docker image to the latest version.

---

ServiceNow Pack v1.3.2

Integrations

ServiceNow v2

• Improved the error message for the test-module command when the ServiceNow instance is in hibernate mode.
• Fixed an issue in the get-remote-data command that occurred when an attachment was referenced before it was assigned.

---

Sixgill Darkfeed - Core Edition Pack v1.1.5 (Partner Supported)

Integrations

Sixgill DarkFeed Threat Intelligence

Added the Traffic Light Protocol integration parameter.

---

Slack Pack v1.3.5

Integrations

Slack v2

• Updated the Docker image to the latest version.
• Maintenance and stability enhancements.

---

Spamhaus Feed Pack v1.0.1

Integrations

Spamhaus Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

SplunkPy Pack v1.2.2

Integrations

SplunkPy

• Fixed an issue where the splunk-kv-store-collection-add-entries command failed on non-ASCII data.
• Upgraded the Docker image to: demisto/splunksdk:1.0.0.11270.

---

TAXII Feed Pack v1.0.4

Integrations

TAXII Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

TAXII 2 Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Threat Intelligence Management Pack v1.0.1

Dashboards

Threat Intel Management

Removed the Incidents Per Feed widget to optimize the dashboard performance.

---

ThreatConnect Feed Pack v1.0.1

Integrations

ThreatConnect Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

ThreatQ Pack v1.0.6 (Partner Supported)

Integrations

ThreatQ v2

• Deprecated the threatq-search-by-name command.
• Fix default parameters for the following commands:
  • threatq-search-by-name
  • threatq-upload-file
  • threatq-get-all-indicators
  • threatq-get-all-events
  • threatq-get-all-adversaries

---

Tor Exit Addresses Feed Pack v1.0.2

Integrations

Tor Exit Addresses Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Trend Micro Apex Pack v2.0.0

Integrations

Trend Micro Apex

• This integration is no longer a beta integration.
• Fixed a bug in trendmicro-apex-udso-add command where the notes argument was not sent to Apex.
• Added 8 commands.
  • trendmicro-apex-udso-file-add
  • trendmicro-apex-list-logs
  • trendmicro-apex-process-terminate
  • trendmicro-apex-security-agents-list
  • trendmicro-apex-managed-servers-list
  • trendmicro-apex-endpoint-sensors-list
  • trendmicro-apex-historical-investigation-create
  • trendmicro-apex-investigation-result-list
• Deprecated the following commands.
  • trendmicro-apex-usdo-list Use the trendmicro-apex-udso-file-add command instead.
  • trendmicro-apex-usdo-add Use the trendmicro-apex-udso-add command instead.
  • trendmicro-apex-usdo-delete Use the trendmicro-apex-udso-delete command instead.

---

Tufin Pack v1.1.1 (Partner Supported)

Integrations

Tufin

Updated the Docker image to the latest version.

---

URLhaus Pack v1.0.1

Integrations

URLhaus

• Maintenance and stability enhancements.
• Updateed the Docker image to the latest version.

---

Unit42 Feed Pack v1.0.4

Integrations

Unit42 Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

Uptycs Pack v1.0.2 (Partner Supported)

Integrations

Uptycs

Fixed various issues in the integration, such as descriptions, tag values, etc.

Playbooks

Uptycs - Outbound Connection to Threat IOC Incident

• Fixed general issues in the playbook.
• Add Gather Evidence tasks to the playbook, which adds information to the Evidence Board.

---

VirusTotal - Private API Pack v1.0.3

Integrations

VirusTotal - Private API

Updated the vt-private-get-url-report command to return multiple entries (entry per indicator) instead of a single entry.

---

Windows Defender Advanced Threat Protection (Deprecated) Pack v1.0.2

Integrations

Windows Defender Advanced Threat Protection (Deprecated)

• Updated the Docker image to the latest version.
• Maintenance and stability enhancements.

---

Zoom Feed Pack v1.1.2

Integrations

Zoom Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

abuse.ch SSL Blacklist Feed Pack v1.0.3

Integrations

abuse.ch SSL Blacklist Feed

• Added the Traffic Light Protocol integration parameter.
• Updated the Docker image to the latest version.

---

urlscan.io Pack v1.0.3

Integrations

urlscan.io

Improved the API error message to be more descriptive.

---

Assets

• Download Content Zip (Cortex XSOAR 5.5 and earlier): content_new.zip
• Download Marketplace Packs (Cortex XSOAR 6.0 and later): content_marketplace_packs.zip
• Browse the Source Code: Content Repo @ 20.9.2