Cortex XSOAR Content Release Notes for version 20.9.2 (127966)#

Published on 30 September 2020#

New: Axonius Pack v1.0.0 (Partner Supported)#

Integrations#

Axonius#

Fetches information about assets in Axonius.

New: Bmc Helix Remedyforce Pack v1.0.0#

Classifiers#

BMCHelixRemedyforce - Classifier#

Classifies BMC Helix Remedy force incidents.

BMCHelixRemedyforce - Incoming Mapper#

Maps incoming BMC Helix Remedy force incident fields.

Incident Fields#

  • Bmc Remedyforce Attachment(s)
  • Bmc Remedyforce Broadcast
  • Bmc Remedyforce Category
  • Bmc Remedyforce Client Account
  • Bmc Remedyforce Client Name
  • Bmc Remedyforce Closed Date
  • Bmc Remedyforce Configuration Item / Asset
  • Bmc Remedyforce Created Date
  • Bmc Remedyforce Description
  • Bmc Remedyforce Due Date
  • Bmc Remedyforce ID
  • Bmc Remedyforce Impact
  • Bmc Remedyforce Last Modified Date
  • Bmc Remedyforce Note(s)
  • Bmc Remedyforce Opened Date
  • Bmc Remedyforce Outage End
  • Bmc Remedyforce Outage Start
  • Bmc Remedyforce Queue
  • Bmc Remedyforce Request Definition
  • Bmc Remedyforce Resolution
  • Bmc Remedyforce Responded Date
  • Bmc Remedyforce Service
  • Bmc Remedyforce Service Offering
  • Bmc Remedyforce Service Request
  • Bmc Remedyforce Staff
  • Bmc Remedyforce Status
  • Bmc Remedyforce Template
  • Bmc Remedyforce Urgency

Incident Types#

  • Bmc Remedyforce Incident
  • Bmc Remedyforce Service Request

Integrations#

BMC Helix Remedyforce#

The BMC Helix Remedyforce integration enables customers to create/update service requests and incidents, update statuses, and resolve service requests and incidents with customer notes. This integration exposes standard ticketing capabilities that can be utilized as part of automation & orchestration.

Layouts#

  • Bmc Remedyforce Incident - Summary
  • Bmc Remedyforce Service Request - Summary

Scripts#

BMCHelixRemedyforceCreateIncident#

Simplifies the process of creating an incident in BMC Helix Remedyforce. The script will consider the ID over the name of the argument when both are provided. Example: client_id is considered when both client_id and client_user_name are provided.

BMCHelixRemedyforceCreateServiceRequest#

Simplifies the process of creating a service request in BMC Helix Remedyforce. The script will consider the ID over the name of the argument when both are provided. Example: client_id is considered when both client_id and client_user_name are provided.

New: Bonusly Pack v1.0.0#

Integrations#

Bonusly#

Interacts with the Bonusly platform through the API. Bonusly is an employee recognition platform that enterprises use for employee recognition.

Playbooks#

Bonusly - AutoGratitude#

AutoGratitude is a playbook used to provide gratitude to security engineers and developers when they successfully complete an SLA.

Scripts#

IncOwnerToBonuslyUser#

Gets the email address of the incident owner and then returns the incident owner's username in Bonusly.

New: CaseManagement-Generic Pack v1.0.0#

Beta pack built by the Cortex Customer Success Team to provide quick and valuable deployment of XSOAR for case management.

Dashboards#

My Incidents#
Case Management Implementation Guide#
Incidents Overview#

Incident Types#

Case

Layouts#

  • Case - Close
  • Case - None
  • Case - New/Edit
  • Case - Mobile
  • Case - Quick View

Playbooks#

Case Management - Generic#

This playbook executes when no other playbook is associated with an incident. It enriches indicators in an incident using one or more integrations.

Scripts#

AssignToMeButton#

Assigns the current incident to the Cortex XSOAR user who clicked the button.

GenerateSummaryReportButton#

Generates a summary Case Report template for a given incident.

LinkIncidentsButton#

Links incidents to or unlinks incidents from another incident.

TimersOnOwnerChange#
  • Stops the Time To Assignment timer when an owner is assigned to the incident.
  • Starts the Remediation SLA timer when an owner is assigned to the incident.

New: CrowdStrike Falcon Intel Feed Pack v1.0.0#

Integrations#

CrowdStrike Falcon Intel Feed#

The CrowdStrike intelligence team tracks the activities of threat actor groups and advanced persistent threats (APTs) to understand as much as possible about their known aliases, targets, methods, and more. This integration retrieves indicators from the CrowdStrike Falcon Intel Feed.

New: FeedTalos Pack v1.0.0#

Integrations#

Talos Feed#

Gets indicators from the Talos feed.

New: FireEye Feed Pack v1.0.0#

Integrations#

FireEye Feed#

Gets indicators from the FireEye Intelligence feed.

New: Gophish Pack v1.0.0#

Integrations#

Gophish#

Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.

New: TrendMicro Cloud App Security Pack v1.0.0#

TrendMicroCAS - incoming - mapper#

Maps incoming Trend Micro Cloud App Security (CAS) fields.

Incident Types#

Trend Micro CAS Event

Integrations#

TrendMicro Cloud App Security#

Use the Trend Micro Cloud App Security integration to protect against ransomware, phishing, malware, and unauthorized transmission of sensitive data for cloud applications, such as Microsoft 365, Box, Dropbox, Google G Suite, and Salesforce.

Playbooks#

Trend Micro CAS - Take Action On Emails#

Runs various actions on emails, such as deleting and quarantining email messages using the trendmicro-cas-email-take-action command and returns the results using the trendmicro-cas-email-action-result-query command.

Trend Micro CAS - Take Action On User Accounts#

Runs various actions on a user's account, such as disabling accounts, requesting multi-factor authentication, and requesting a password using the trendmicro-cas-user-take-action command and returns the results using the trendmicro-cas-user-action-result-query command.

AWS Feed Pack v1.0.5#

Integrations#

AWS Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

AlienVault Feed Pack v1.0.5#

Integrations#

AlienVault Reputation Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.
AlienVault OTX TAXII Feed#

Added the Traffic Light Protocol integration parameter.

AlienVault USM Anywhere Pack v1.0.1#

Integrations#

AlienVault USM Anywhere#
  • Fixed an issue where the alienvault-search-alarms command ignored the following arguments: status, priority, rule_intent, rule_method, rule_strategy.
  • Added the Alarm.Status output to the alienvault-search-alarms and alienvault-get-alarm commands.
  • Updated the Docker image to demisto/python3:3.8.5.1084.

Anomali ThreatStream Pack v1.0.2#

Integrations#

Anomali ThreatStream v2#

Rewrote the threatstream-import-indicator-without-approval command and removed the deprecated flag.

AutoFocus Pack v1.1.3#

Integrations#

AutoFocus Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.
AutoFocus Daily Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Azure Compute Pack v1.0.1#

Integrations#

Azure Compute v2#
  • Maintenance and stability enhancements.
  • Updated the Docker image to the latest version.

Azure Feed Pack v1.0.2#

Integrations#

Azure Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Azure Security Center Pack v1.1.2#

Integrations#

Azure Security Center v2#
  • Added the azure-sc-get-alert command.
  • Updated the Alert API version to 2019-01-01.
  • Maintenance and stability enhancements.
  • Fixed an issue where commands that do not require a value for the subscription_id parameter failed when no value was provided.
  • Updated the Docker image to: crypto:1.0.0.11650.

AzureSentinel Pack v1.0.2#

Integrations#

Azure Sentinel (Beta)#
  • Maintenance and stability enhancements.
  • Updated the integration Docker image to the latest version.

Bambenek Consulting Feed Pack v1.0.3#

Integrations#

Bambenek Consulting Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Base Pack v1.3.9#

Scripts#

CommonServerPython#
  • Improved handling of input for the parse_date_frame function.
  • Fixed an issue in the debug logger output.
  • Added the get_demisto_version_as_str and get_x_content_info_headers functions.
  • Added support for SHA512 regex and parsing.
  • Maintenance and stability enhancements.
GetIncidentsByQuery#
  • Updated the script to execute using the DBot role.
  • Upgraded the Docker image to: 2.7.18.10627.
FindSimilarIncidentsByText#

Updated the script to execute using the DBot role.

WordTokenizerNLP#

Implemented maximum input text length permitted for pre-processing.

DBotPreProcessTextData#

Texts that exceed the maximum text length for pre-processing are now discarded.

DBotMLFetchData#

Fixed an issue where incidents did not have any label fields. These are fields in which the incident close reason is specified, for example, Close Reason, Email Classification, etc.

DBotPredictPhishingWords#

Added the language and tokenizer arguments, which enable you to get predictions for text in additional languages.

BeyondTrust Password Safe Pack v1.0.1#

Integrations#

BeyondTrust Password Safe#
  • Fixed a typo in an error message.
  • Upgraded the Docker image to: demisto/python3:3.8.5.10845.

BlockList DE Feed Pack v1.0.1#

Integrations#

Blocklist_de Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Bmc Helix Remedyforce Pack v1.0.1#

Integrations#

BMC Helix Remedyforce#

Maintenance and stability enhancements.

BruteForce Feed Pack v1.0.1#

Integrations#

BruteForceBlocker Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

CSV Feed Pack v1.0.4#

Integrations#

CSV Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Cloudflare Feed Pack v1.0.1#

Integrations#

Cloudflare Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Code42 Pack v2.0.4 (Partner Supported)#

Integrations#

Code42#
  • Fixed an issue where capitalized alert file-observation categories would not map to file event query values.
  • Upgraded the py42 dependency and improved the internal code.

Playbooks#

Code42 File Download#

Added a missing Else case to the Code42 Download File playbook.

Cofense Feed Pack v1.0.6#

Integrations#

Cofense Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Common Playbooks Pack v1.8.1#

Playbooks#

Email Address Enrichment - Generic v2.1#

Fixed an issue where no results were returned when multiple internal email addresses were provided.

Common Scripts Pack v1.2.48#

Scripts#

DeleteContext#
  • Updated the script to execute using the LimitedUser role.
  • Updated the script to execute using the DBot role.
WhereFieldEquals#
  • Fixed an issue where the transformer failed on KeyError.
  • Updated the Docker image to the latest version.
  • Added the stringify argument.
IndicatorMaliciousRatioCalculation#

Updated the script to execute using the DBot role.

GetDuplicatesMlv2#

Updated the script to execute using the LimitedUser role.

FindSimilarIncidents#
  • Updated the script to execute using the DBot role.
  • Upgraded the Docker image to: demisto/python:2.7.18.10627.
SearchIncidentsV2#
  • Updated the script to execute using the DBot role.
  • Upgraded the Docker image to: demisto/python3:3.8.3.9324.
DBotClosedIncidentsPercentage#

Updated the script to execute using the DBot role.

MarkRelatedIncidents#

Updated the script to execute using the DBot role.

findIncidentsWithIndicator#

Updated the script to execute using the DBot role.

New: MatchRegexV2#

Extracts regex data from the provided text. The script supports groups and looping.

MatchRegex#

Deprecated. Use the MatchRegexV2 script instead.

GetIndicatorDBotScore#

Fixed an issue where the indicator's Vendor field returned an empty value.

Set#

Updated the documentation and descriptions.

Cortex Data Lake Pack v1.2.4#

Integrations#

Cortex Data Lake#
  • Maintenance and stability enhancements.
  • Added the cdl-query-file-data command.
  • Updated the Docker image to: demisto/python_pancloud_v2:1.0.0.11712.

CrowdStrike Falcon Pack v1.2.1#

Integrations#

CrowdStrike Falcon#
  • Fixed an issue with the username argument in the cs-falcon-resolve-detection command.
  • Added the comment argument to the cs-falcon-resolve-detection command, which enables you to add a comment when updating detections.

CrowdStrike Falcon Intel Pack v2.0.0#

Integrations#

New: CrowdStrike Falcon Intel v2#

CrowdStrike Threat intelligence service integration helps organizations defend themselves against adversary activity by investigating incidents, and accelerating alert triage and response.

CrowdStrike Falcon Intel (Deprecated)#

The CrowdStrike Falcon Intel integration is deprecated. Use the CrowdStrike Falcon Intel v2 integration instead.

CrowdStrike Falcon Sandbox Pack v1.0.1#

Integrations#

CrowdStrike Falcon Sandbox#

Added the dontThrowErrorOnFileDetonation parameter to the crowdstrike-submit-url command, which gives you the option not to throw an error when sending a URL that points to a file.

Playbooks#

Detonate URL - CrowdStrike#

The playbook will not fail when it detonates a URL that points to a file.

CrowdStrike Falcon Streaming Pack v1.0.8#

Scripts#

CrowdStrikeStreamingPreProcessing#

Updated the script to execute using the DBot role.

Crowdstrike Falcon Intel Feed Pack v1.0.1#

Integrations#

Crowdstrike Falcon Intel Feed#

Added the Traffic Light Protocol integration parameter.

CyberArk AIM Pack v1.0.2#

Integrations#

CyberArk AIM#
  • Added a new version of the CyberArk AIM integration as CyberArk AIM v2.
  • The CyberArk AIM v2 integration supports Windows authentication and certificate-based authentication.
CyberArk AIM (Deprecated)#
  • The CyberArk AIM integration is deprecated. Please use the CyberArk AIM v2 integration instead.
  • Documentation and metadata improvements.

Cybereason Pack v1.0.3#

Scripts#

CybereasonPreProcessingExample#

Updated the script to execute using the LimitedUser role.

Cymulate Pack v1.0.5 (Partner Supported)#

Integrations#

Cymulate#
  • Maintenance and stability enhancements.
  • Updated the Docker image to the latest version.

DShield Feed Pack v1.0.1#

Integrations#

DShield Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

DeepInstinct Pack v1.0.2 (Partner Supported)#

Integrations#

Deep Instinct#

Added a description to the integration.

EWS Pack v1.3.2#

Integrations#

EWS O365#

Maintenance and stability enhancements.

Scripts#

GetEWSFolder#

Fixed an issue in cases where no emails were found in one of the folders.

Elasticsearch Feed Pack v1.0.7#

Integrations#

Elasticsearch Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Farsight DNSDB Pack v2.0.0 (Partner Supported)#

Integrations#

Farsight DNSDB v2#
  • Updated the integration using the latest version of DNSDB API v1.
  • Added the summarize and rate limit commands.

Playbooks#

Added 3 playbooks.

  • DNSB - Related Hostnames from Hostname Retrieves related host names from the target host name.
  • DNSB - IPs from Hostname Retrieves all IP addresses from a host name.
  • DNSDB - Hostname from IP Retrieves all host names from an IP address.

Fastly Feed Pack v1.0.2#

Integrations#

Fastly Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

FeedTalos Pack v1.0.1#

Integrations#

Talos Feed#

Added the Traffic Light Protocol integration parameter.

FeodoTracker Feed Pack v1.0.1#

Integrations#

Feodo Tracker Hashes Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.
Feodo Tracker IP Blocklist Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

FireEye Feed Pack v1.0.1#

Integrations#

FireEye Feed#

Maintenance and stability enhancements.

FortiGate Pack v1.0.1#

Integrations#

FortiGate#

Added more comprehensive logs to the integration.

GCP Whitelist Feed Pack v1.0.2#

Integrations#

GCP Whitelist Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

GenericSQL Pack v1.0.7#

Integrations#

Generic SQL#
  • Fixed an issue where special characters in the password caused an authentication failure.
  • Updated the Docker image to: demisto/genericsql:1.1.0.11281.

Gmail Pack v1.0.6#

Integrations#

Gmail#
  • Fixed an issue where the from argument did not work as expected in the send-mail command.
  • Updateed the Docker image to: demisto/google-api:1.0.0.11655.

Google Resource Manager Pack v1.0.1#

Integrations#

Google Resource Manager#
  • The proxy settings now work as expected.
  • Updated the Docker image to: demisto/gvault:1.0.0.11675.

IBM QRadar Pack v1.0.11#

Integrations#

IBM QRadar V2#

Enables incidents to be fetched with events and assets, with no additional playbook executions required for IBM QRadar for server versions 6.0.0 and above.

IBM QRadar v2#

Fixed an issue where IP address values from fetched incidents were not enriched correctly.

JSON Feed Pack v1.0.3#

Integrations#

JSON Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

LogRhythmRest Pack v1.0.1#

Integrations#

LogRhythmRest#

Added a required header to the API requests.

MITRE ATT&CK Pack v1.1.3#

Integrations#

MITRE ATT&CK Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.
  • Populated the Creation Date, Modified, and Value indicator fields.

Layouts#

Added 4 indicators.

  • MITRE creation date
  • MITRE modification date
  • MITRE ID
  • MITRE Name

Scripts#

MitreIDLayoutDynamicSection#

Populates the MITRE ATT&CK ID for the MITRE ATT&CK indicator layout.

MitreNameLayoutDynamicSection#

Populates the MITRE ATT&CK name for the MITRE ATT&CK indicator layout.

MalwareDomainList Feed Pack v1.0.1#

Integrations#

Malware Domain List Active IPs Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

McAfee ESM Pack v1.1.0#

Integrations#

McAfee ESM v2#

Added 5 new commands.

  • esm-create-watchlist
  • esm-delete-watchlist
  • esm-get-watchlists
  • esm-watchlist-add-entry
  • esm-watchlist-delete-entry

McAfee ESM v10 and v11 Pack v1.0.4#

Integrations#

McAfee ESM v10 and v11 (Deprecated)#

Maintenance and stability enhancements.

Micro Focus Service Manager Pack v1.0.1#

Integrations#

Micro Focus Service Manager#

Fixed an issue where the test-module always returned a successful response.

Microsoft Azure AD Connect Health Feed Pack v1.0.1#

Integrations#

Azure AD Connect Health Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Microsoft Defender Advanced Threat Protection Pack v1.2.1#

Integrations#

Microsoft Defender Advanced Threat Protection#

  • Added the following indicator commands.

    • microsoft-atp-list-indicators

    • microsoft-atp-get-indicator-by-id

    • microsoft-atp-file-indicator-create

    • microsoft-atp-network-indicator-create

    • microsoft-atp-indicator-update

    • microsoft-atp-indicator-delete

      Note: To use these commands, in the Microsoft Defender Advanced Threat Protection integration's configuration window, reauthorize the app.

  • Updated the Docker version to the latest version.

Microsoft Defender Advanced Threat Protection#

Maintenance and stability enhancements.

Microsoft Graph Calendar Pack v1.0.2#

Integrations#

Microsoft Graph Calendar#
  • Maintenance and stability enhancements.
  • Updated the Docker image to the latest version.

Microsoft Graph Device Management Pack v1.0.1#

Integrations#

Microsoft Graph Device Management (Microsoft Intune)#
  • Maintenance and stability enhancements.
  • Updated the Docker image to the latest version.

Microsoft Graph Files Pack v1.0.1#

Integrations#

Microsoft Graph Files#
  • Maintenance and stability enhancements.
  • Updated the Docker image to the latest version.

Microsoft Graph Groups Pack v1.0.1#

Integrations#

Microsoft Graph Groups#
  • Maintenance and stability enhancements.
  • Updated the Docker image to the latest version.

Microsoft Graph Mail Pack v1.0.7#

Integrations#

Microsoft Graph Mail#
  • Maintenance and stability enhancements.
  • Updated the Docker image to the latest version.
  • General documentation improvements.

Microsoft Graph Mail Single User Pack v1.0.6#

Integrations#

Microsoft Graph Mail Single User#
  • Maintenance and stability enhancements.
  • Updated the Docker image to the latest version.

Microsoft Graph Security Pack v2.0.3#

Integrations#

Microsoft Graph Security#
  • Maintenance and stability enhancements.
  • Deprecated the msg-get-user and msg-get-users commands. Use the Microsoft Graph User integration for those commands instead.
  • Updated the Docker image to: crypto:1.0.0.11412.

Microsoft Graph User Pack v1.3.2#

Integrations#

Microsoft Graph User#
  • Added the ability to get access on behalf of a user using a self-deployed app. This flow only supports the msgraph-user-change-password and msgraph-user-terminate-session commands.
  • Updated the Docker image to the latest version.
  • Documentation and metadata improvements.
  • Maintenance and stability enhancements.

Microsoft Intune Feed Pack v1.0.2#

Integrations#

Microsoft Intune Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Microsoft Management Activity API (O365/Azure Events) Pack v1.1.0#

Integrations#

Microsoft Management Activity API (O365 Azure Events)#
  • Maintenance and stability enhancements.
  • Updated the Docker image to the latest version.
  • Added the timeout argument to the ms-management-activity-list-content to fetch larger amounts of data.
  • Fixed a bug that occurred when resubscribing to a subscription.
  • Updated the Docker image to demisto/pyjwt3:1.0.0.8871.

Microsoft Cloud App Security Pack v1.0.3#

Integrations#

Microsoft Cloud App Security#

Added IP.Geo.Location context key to the microsoft-cas-activities-list command, which specifies the geolocation (latitude:longitude) of the IP address.

Office 365 Feed Pack v1.1.5#

Integrations#

Office 365 Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated Docker image to the latest version.

PCAP Analysis Pack v2.3.4#

Scripts#

PcapMinerV2#

Fixed a bug in the IMF extraction process.

Palo Alto Networks Cortex XDR - Investigation and Response Pack v2.3.10#

Integrations#

Cortex XDR - IOC#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Palo Alto Networks WildFire Pack v1.2.1#

Integrations#

Palo Alto Networks WildFire v2#
  • Added a DBotScore of 0 in cases that no report is found when running the file command.
  • Updated the Docker image to: demisto/python3:3.8.5.10845.

Scripts#

PTEnrich#

Maintenance and stability enhancements.

Plain Text Feed Pack v1.0.2#

Integrations#

Plain Text Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Prisma Access Pack v1.0.5#

Integrations#

Prisma Access Egress IP feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.
Prisma Access#
  • Deprecated the prisma-access-active-users and prisma-access-cli-command commands.
  • Upgraded the Docker image to: demisto/netmiko:1.0.0.11159.

Proofpoint Feed Pack v1.0.3#

Integrations#

Proofpoint Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Qualys Pack v1.0.1#

Scripts#

QualysCreateIncidentFromReport#

Updated the script to execute using the LimitedUser role.

Rapid7 Nexpose Pack v1.0.1#

Scripts#

NexposeCreateIncidentsFromAssets#

Updated the script to execute using the LimitedUser role.

Recorded Future Feed Pack v1.0.4#

Integrations#

Recorded Future RiskList Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

ReplaceMatchGroup Pack v1.0.1#

Scripts#

ReplaceMatchGroup#
  • Updated the Docker image to: demisto/python3:3.8.5.10845.
  • Fixed an issue where the script was failing on a ModuleNotFoundError error.

SafeBreach - Breach and Attack Simulation platform Pack v1.0.8 (Partner Supported)#

Integrations#

SafeBreach v2#

Added the Traffic Light Protocol integration parameter.

Security Intelligence Services Feed Pack v1.0.1 (Partner Supported)#

Integrations#

Security Intelligence Services Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Securonix Pack v1.1.3#

Integrations#

Securonix#
  • Added the Set default incident severity integration parameter.
  • Updated the Docker image to the latest version.

ServiceNow Pack v1.3.2#

Integrations#

ServiceNow v2#
  • Improved the error message for the test-module command when the ServiceNow instance is in hibernate mode.
  • Fixed an issue in the get-remote-data command that occurred when an attachment was referenced before it was assigned.

Sixgill Darkfeed - Core Edition Pack v1.1.5 (Partner Supported)#

Integrations#

Sixgill DarkFeed Threat Intelligence#

Added the Traffic Light Protocol integration parameter.

Slack Pack v1.3.5#

Integrations#

Slack v2#
  • Updated the Docker image to the latest version.
  • Maintenance and stability enhancements.

Spamhaus Feed Pack v1.0.1#

Integrations#

Spamhaus Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

SplunkPy Pack v1.2.2#

Integrations#

SplunkPy#
  • Fixed an issue where the splunk-kv-store-collection-add-entries command failed on non-ASCII data.
  • Upgraded the Docker image to: demisto/splunksdk:1.0.0.11270.

TAXII Feed Pack v1.0.4#

Integrations#

TAXII Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.
TAXII 2 Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Threat Intelligence Management Pack v1.0.1#

Dashboards#

Threat Intel Management#

Removed the Incidents Per Feed widget to optimize the dashboard performance.

ThreatConnect Feed Pack v1.0.1#

Integrations#

ThreatConnect Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

ThreatQ Pack v1.0.6 (Partner Supported)#

Integrations#

ThreatQ v2#
  • Deprecated the threatq-search-by-name command.
  • Fix default parameters for the following commands:
    • threatq-search-by-name
    • threatq-upload-file
    • threatq-get-all-indicators
    • threatq-get-all-events
    • threatq-get-all-adversaries

Tor Exit Addresses Feed Pack v1.0.2#

Integrations#

Tor Exit Addresses Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Trend Micro Apex Pack v2.0.0#

Integrations#

Trend Micro Apex#
  • This integration is no longer a beta integration.
  • Fixed a bug in trendmicro-apex-udso-add command where the notes argument was not sent to Apex.
  • Added 8 commands.
    • trendmicro-apex-udso-file-add
    • trendmicro-apex-list-logs
    • trendmicro-apex-process-terminate
    • trendmicro-apex-security-agents-list
    • trendmicro-apex-managed-servers-list
    • trendmicro-apex-endpoint-sensors-list
    • trendmicro-apex-historical-investigation-create
    • trendmicro-apex-investigation-result-list
  • Deprecated the following commands.
    • trendmicro-apex-usdo-list Use the trendmicro-apex-udso-file-add command instead.
    • trendmicro-apex-usdo-add Use the trendmicro-apex-udso-add command instead.
    • trendmicro-apex-usdo-delete Use the trendmicro-apex-udso-delete command instead.

Tufin Pack v1.1.1 (Partner Supported)#

Integrations#

Tufin#

Updated the Docker image to the latest version.

URLhaus Pack v1.0.1#

Integrations#

URLhaus#
  • Maintenance and stability enhancements.
  • Updateed the Docker image to the latest version.

Unit42 Feed Pack v1.0.4#

Integrations#

Unit42 Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

Uptycs Pack v1.0.2 (Partner Supported)#

Integrations#

Uptycs#

Fixed various issues in the integration, such as descriptions, tag values, etc.

Playbooks#

Uptycs - Outbound Connection to Threat IOC Incident#
  • Fixed general issues in the playbook.
  • Add Gather Evidence tasks to the playbook, which adds information to the Evidence Board.

VirusTotal - Private API Pack v1.0.3#

Integrations#

VirusTotal - Private API#

Updated the vt-private-get-url-report command to return multiple entries (entry per indicator) instead of a single entry.

Windows Defender Advanced Threat Protection (Deprecated) Pack v1.0.2#

Integrations#

Windows Defender Advanced Threat Protection (Deprecated)#
  • Updated the Docker image to the latest version.
  • Maintenance and stability enhancements.

Zoom Feed Pack v1.1.2#

Integrations#

Zoom Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

abuse.ch SSL Blacklist Feed Pack v1.0.3#

Integrations#

abuse.ch SSL Blacklist Feed#
  • Added the Traffic Light Protocol integration parameter.
  • Updated the Docker image to the latest version.

urlscan.io Pack v1.0.3#

Integrations#

urlscan.io#

Improved the API error message to be more descriptive.

Assets#

Edit this page
Report an Issue