Cortex XSOAR Content Release Notes for version 20.9.2 (127966)
Published on 30 September 2020
New: Axonius Pack v1.0.0 (Partner Supported)
Integrations
Axonius
Fetches information about assets in Axonius.
New: Bmc Helix Remedyforce Pack v1.0.0
Classifiers
BMCHelixRemedyforce - Classifier
Classifies BMC Helix Remedy force incidents.
BMCHelixRemedyforce - Incoming Mapper
Maps incoming BMC Helix Remedy force incident fields.
Incident Fields
- Bmc Remedyforce Attachment(s)
- Bmc Remedyforce Broadcast
- Bmc Remedyforce Category
- Bmc Remedyforce Client Account
- Bmc Remedyforce Client Name
- Bmc Remedyforce Closed Date
- Bmc Remedyforce Configuration Item / Asset
- Bmc Remedyforce Created Date
- Bmc Remedyforce Description
- Bmc Remedyforce Due Date
- Bmc Remedyforce ID
- Bmc Remedyforce Impact
- Bmc Remedyforce Last Modified Date
- Bmc Remedyforce Note(s)
- Bmc Remedyforce Opened Date
- Bmc Remedyforce Outage End
- Bmc Remedyforce Outage Start
- Bmc Remedyforce Queue
- Bmc Remedyforce Request Definition
- Bmc Remedyforce Resolution
- Bmc Remedyforce Responded Date
- Bmc Remedyforce Service
- Bmc Remedyforce Service Offering
- Bmc Remedyforce Service Request
- Bmc Remedyforce Staff
- Bmc Remedyforce Status
- Bmc Remedyforce Template
- Bmc Remedyforce Urgency
Incident Types
- Bmc Remedyforce Incident
- Bmc Remedyforce Service Request
Integrations
BMC Helix Remedyforce
The BMC Helix Remedyforce integration enables customers to create/update service requests and incidents, update statuses, and resolve service requests and incidents with customer notes. This integration exposes standard ticketing capabilities that can be utilized as part of automation & orchestration.
Layouts
- Bmc Remedyforce Incident - Summary
- Bmc Remedyforce Service Request - Summary
Scripts
BMCHelixRemedyforceCreateIncident
Simplifies the process of creating an incident in BMC Helix Remedyforce. The script will consider the ID over the name of the argument when both are provided. Example: client_id is considered when both client_id and client_user_name are provided.
BMCHelixRemedyforceCreateServiceRequest
Simplifies the process of creating a service request in BMC Helix Remedyforce. The script will consider the ID over the name of the argument when both are provided. Example: client_id is considered when both client_id and client_user_name are provided.
New: Bonusly Pack v1.0.0
Integrations
Bonusly
Interacts with the Bonusly platform through the API. Bonusly is an employee recognition platform that enterprises use for employee recognition.
Playbooks
Bonusly - AutoGratitude
AutoGratitude is a playbook used to provide gratitude to security engineers and developers when they successfully complete an SLA.
Scripts
IncOwnerToBonuslyUser
Gets the email address of the incident owner and then returns the incident owner's username in Bonusly.
New: CaseManagement-Generic Pack v1.0.0
Beta pack built by the Cortex Customer Success Team to provide quick and valuable deployment of XSOAR for case management.
Dashboards
My Incidents
Case Management Implementation Guide
Incidents Overview
Incident Types
Case
Layouts
- Case - Close
- Case - None
- Case - New/Edit
- Case - Mobile
- Case - Quick View
Playbooks
Case Management - Generic
This playbook executes when no other playbook is associated with an incident. It enriches indicators in an incident using one or more integrations.
Scripts
AssignToMeButton
Assigns the current incident to the Cortex XSOAR user who clicked the button.
GenerateSummaryReportButton
Generates a summary Case Report template for a given incident.
LinkIncidentsButton
Links incidents to or unlinks incidents from another incident.
TimersOnOwnerChange
- Stops the Time To Assignment timer when an owner is assigned to the incident.
- Starts the Remediation SLA timer when an owner is assigned to the incident.
New: CrowdStrike Falcon Intel Feed Pack v1.0.0
Integrations
CrowdStrike Falcon Intel Feed
The CrowdStrike intelligence team tracks the activities of threat actor groups and advanced persistent threats (APTs) to understand as much as possible about their known aliases, targets, methods, and more. This integration retrieves indicators from the CrowdStrike Falcon Intel Feed.
New: FeedTalos Pack v1.0.0
Integrations
Talos Feed
Gets indicators from the Talos feed.
New: FireEye Feed Pack v1.0.0
Integrations
FireEye Feed
Gets indicators from the FireEye Intelligence feed.
New: Gophish Pack v1.0.0
Integrations
Gophish
Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.
New: TrendMicro Cloud App Security Pack v1.0.0
TrendMicroCAS - incoming - mapper
Maps incoming Trend Micro Cloud App Security (CAS) fields.
Incident Types
Trend Micro CAS Event
Integrations
TrendMicro Cloud App Security
Use the Trend Micro Cloud App Security integration to protect against ransomware, phishing, malware, and unauthorized transmission of sensitive data for cloud applications, such as Microsoft 365, Box, Dropbox, Google G Suite, and Salesforce.
Playbooks
Trend Micro CAS - Take Action On Emails
Runs various actions on emails, such as deleting and quarantining email messages using the trendmicro-cas-email-take-action command and returns the results using the trendmicro-cas-email-action-result-query command.
Trend Micro CAS - Take Action On User Accounts
Runs various actions on a user's account, such as disabling accounts, requesting multi-factor authentication, and requesting a password using the trendmicro-cas-user-take-action command and returns the results using the trendmicro-cas-user-action-result-query command.
AWS Feed Pack v1.0.5
Integrations
AWS Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
AlienVault Feed Pack v1.0.5
Integrations
AlienVault Reputation Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
AlienVault OTX TAXII Feed
Added the Traffic Light Protocol integration parameter.
AlienVault USM Anywhere Pack v1.0.1
Integrations
AlienVault USM Anywhere
- Fixed an issue where the alienvault-search-alarms command ignored the following arguments: status, priority, rule_intent, rule_method, rule_strategy.
- Added the Alarm.Status output to the alienvault-search-alarms and alienvault-get-alarm commands.
- Updated the Docker image to demisto/python3:3.8.5.1084.
Anomali ThreatStream Pack v1.0.2
Integrations
Anomali ThreatStream v2
Rewrote the threatstream-import-indicator-without-approval command and removed the deprecated flag.
AutoFocus Pack v1.1.3
Integrations
AutoFocus Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
AutoFocus Daily Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Azure Compute Pack v1.0.1
Integrations
Azure Compute v2
- Maintenance and stability enhancements.
- Updated the Docker image to the latest version.
Azure Feed Pack v1.0.2
Integrations
Azure Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Azure Security Center Pack v1.1.2
Integrations
Azure Security Center v2
- Added the azure-sc-get-alert command.
- Updated the Alert API version to 2019-01-01.
- Maintenance and stability enhancements.
- Fixed an issue where commands that do not require a value for the subscription_id parameter failed when no value was provided.
- Updated the Docker image to: crypto:1.0.0.11650.
AzureSentinel Pack v1.0.2
Integrations
Azure Sentinel (Beta)
- Maintenance and stability enhancements.
- Updated the integration Docker image to the latest version.
Bambenek Consulting Feed Pack v1.0.3
Integrations
Bambenek Consulting Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Base Pack v1.3.9
Scripts
CommonServerPython
- Improved handling of input for the parse_date_frame function.
- Fixed an issue in the debug logger output.
- Added the get_demisto_version_as_str and get_x_content_info_headers functions.
- Added support for SHA512 regex and parsing.
- Maintenance and stability enhancements.
GetIncidentsByQuery
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: 2.7.18.10627.
FindSimilarIncidentsByText
Updated the script to execute using the DBot role.
WordTokenizerNLP
Implemented maximum input text length permitted for pre-processing.
DBotPreProcessTextData
Texts that exceed the maximum text length for pre-processing are now discarded.
DBotMLFetchData
Fixed an issue where incidents did not have any label fields. These are fields in which the incident close reason is specified, for example, Close Reason, Email Classification, etc.
DBotPredictPhishingWords
Added the language and tokenizer arguments, which enable you to get predictions for text in additional languages.
BeyondTrust Password Safe Pack v1.0.1
Integrations
BeyondTrust Password Safe
- Fixed a typo in an error message.
- Upgraded the Docker image to: demisto/python3:3.8.5.10845.
BlockList DE Feed Pack v1.0.1
Integrations
Blocklist_de Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Bmc Helix Remedyforce Pack v1.0.1
Integrations
BMC Helix Remedyforce
Maintenance and stability enhancements.
BruteForce Feed Pack v1.0.1
Integrations
BruteForceBlocker Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
CSV Feed Pack v1.0.4
Integrations
CSV Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Cloudflare Feed Pack v1.0.1
Integrations
Cloudflare Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Code42 Pack v2.0.4 (Partner Supported)
Integrations
Code42
- Fixed an issue where capitalized alert file-observation categories would not map to file event query values.
- Upgraded the py42 dependency and improved the internal code.
Playbooks
Code42 File Download
Added a missing Else case to the Code42 Download File playbook.
Cofense Feed Pack v1.0.6
Integrations
Cofense Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Common Playbooks Pack v1.8.1
Playbooks
Email Address Enrichment - Generic v2.1
Fixed an issue where no results were returned when multiple internal email addresses were provided.
Common Scripts Pack v1.2.48
Scripts
DeleteContext
- Updated the script to execute using the LimitedUser role.
- Updated the script to execute using the DBot role.
WhereFieldEquals
- Fixed an issue where the transformer failed on KeyError.
- Updated the Docker image to the latest version.
- Added the stringify argument.
IndicatorMaliciousRatioCalculation
Updated the script to execute using the DBot role.
GetDuplicatesMlv2
Updated the script to execute using the LimitedUser role.
FindSimilarIncidents
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/python:2.7.18.10627.
SearchIncidentsV2
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/python3:3.8.3.9324.
DBotClosedIncidentsPercentage
Updated the script to execute using the DBot role.
MarkRelatedIncidents
Updated the script to execute using the DBot role.
findIncidentsWithIndicator
Updated the script to execute using the DBot role.
New: MatchRegexV2
Extracts regex data from the provided text. The script supports groups and looping.
MatchRegex
Deprecated. Use the MatchRegexV2 script instead.
GetIndicatorDBotScore
Fixed an issue where the indicator's Vendor field returned an empty value.
Set
Updated the documentation and descriptions.
Cortex Data Lake Pack v1.2.4
Integrations
Cortex Data Lake
- Maintenance and stability enhancements.
- Added the cdl-query-file-data command.
- Updated the Docker image to: demisto/python_pancloud_v2:1.0.0.11712.
CrowdStrike Falcon Pack v1.2.1
Integrations
CrowdStrike Falcon
- Fixed an issue with the username argument in the cs-falcon-resolve-detection command.
- Added the comment argument to the cs-falcon-resolve-detection command, which enables you to add a comment when updating detections.
CrowdStrike Falcon Intel Pack v2.0.0
Integrations
New: CrowdStrike Falcon Intel v2
CrowdStrike Threat intelligence service integration helps organizations defend themselves against adversary activity by investigating incidents, and accelerating alert triage and response.
CrowdStrike Falcon Intel (Deprecated)
The CrowdStrike Falcon Intel integration is deprecated. Use the CrowdStrike Falcon Intel v2 integration instead.
CrowdStrike Falcon Sandbox Pack v1.0.1
Integrations
CrowdStrike Falcon Sandbox
Added the dontThrowErrorOnFileDetonation parameter to the crowdstrike-submit-url command, which gives you the option not to throw an error when sending a URL that points to a file.
Playbooks
Detonate URL - CrowdStrike
The playbook will not fail when it detonates a URL that points to a file.
CrowdStrike Falcon Streaming Pack v1.0.8
Scripts
CrowdStrikeStreamingPreProcessing
Updated the script to execute using the DBot role.
Crowdstrike Falcon Intel Feed Pack v1.0.1
Integrations
Crowdstrike Falcon Intel Feed
Added the Traffic Light Protocol integration parameter.
CyberArk AIM Pack v1.0.2
Integrations
CyberArk AIM
- Added a new version of the CyberArk AIM integration as CyberArk AIM v2.
- The CyberArk AIM v2 integration supports Windows authentication and certificate-based authentication.
CyberArk AIM (Deprecated)
- The CyberArk AIM integration is deprecated. Please use the CyberArk AIM v2 integration instead.
- Documentation and metadata improvements.
Cybereason Pack v1.0.3
Scripts
CybereasonPreProcessingExample
Updated the script to execute using the LimitedUser role.
Cymulate Pack v1.0.5 (Partner Supported)
Integrations
Cymulate
- Maintenance and stability enhancements.
- Updated the Docker image to the latest version.
DShield Feed Pack v1.0.1
Integrations
DShield Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
DeepInstinct Pack v1.0.2 (Partner Supported)
Integrations
Deep Instinct
Added a description to the integration.
EWS Pack v1.3.2
Integrations
EWS O365
Maintenance and stability enhancements.
Scripts
GetEWSFolder
Fixed an issue in cases where no emails were found in one of the folders.
Elasticsearch Feed Pack v1.0.7
Integrations
Elasticsearch Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Farsight DNSDB Pack v2.0.0 (Partner Supported)
Integrations
Farsight DNSDB v2
- Updated the integration using the latest version of DNSDB API v1.
- Added the summarize and rate limit commands.
Playbooks
Added 3 playbooks.
- DNSB - Related Hostnames from Hostname Retrieves related host names from the target host name.
- DNSB - IPs from Hostname Retrieves all IP addresses from a host name.
- DNSDB - Hostname from IP Retrieves all host names from an IP address.
Fastly Feed Pack v1.0.2
Integrations
Fastly Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
FeedTalos Pack v1.0.1
Integrations
Talos Feed
Added the Traffic Light Protocol integration parameter.
FeodoTracker Feed Pack v1.0.1
Integrations
Feodo Tracker Hashes Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Feodo Tracker IP Blocklist Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
FireEye Feed Pack v1.0.1
Integrations
FireEye Feed
Maintenance and stability enhancements.
FortiGate Pack v1.0.1
Integrations
FortiGate
Added more comprehensive logs to the integration.
GCP Whitelist Feed Pack v1.0.2
Integrations
GCP Whitelist Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
GenericSQL Pack v1.0.7
Integrations
Generic SQL
- Fixed an issue where special characters in the password caused an authentication failure.
- Updated the Docker image to: demisto/genericsql:1.1.0.11281.
Gmail Pack v1.0.6
Integrations
Gmail
- Fixed an issue where the from argument did not work as expected in the send-mail command.
- Updateed the Docker image to: demisto/google-api:1.0.0.11655.
Google Resource Manager Pack v1.0.1
Integrations
Google Resource Manager
- The proxy settings now work as expected.
- Updated the Docker image to: demisto/gvault:1.0.0.11675.
IBM QRadar Pack v1.0.11
Integrations
IBM QRadar V2
Enables incidents to be fetched with events and assets, with no additional playbook executions required for IBM QRadar for server versions 6.0.0 and above.
IBM QRadar v2
Fixed an issue where IP address values from fetched incidents were not enriched correctly.
JSON Feed Pack v1.0.3
Integrations
JSON Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
LogRhythmRest Pack v1.0.1
Integrations
LogRhythmRest
Added a required header to the API requests.
MITRE ATT&CK Pack v1.1.3
Integrations
MITRE ATT&CK Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
- Populated the Creation Date, Modified, and Value indicator fields.
Layouts
Added 4 indicators.
- MITRE creation date
- MITRE modification date
- MITRE ID
- MITRE Name
Scripts
MitreIDLayoutDynamicSection
Populates the MITRE ATT&CK ID for the MITRE ATT&CK indicator layout.
MitreNameLayoutDynamicSection
Populates the MITRE ATT&CK name for the MITRE ATT&CK indicator layout.
MalwareDomainList Feed Pack v1.0.1
Integrations
Malware Domain List Active IPs Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
McAfee ESM Pack v1.1.0
Integrations
McAfee ESM v2
Added 5 new commands.
- esm-create-watchlist
- esm-delete-watchlist
- esm-get-watchlists
- esm-watchlist-add-entry
- esm-watchlist-delete-entry
McAfee ESM v10 and v11 Pack v1.0.4
Integrations
McAfee ESM v10 and v11 (Deprecated)
Maintenance and stability enhancements.
Micro Focus Service Manager Pack v1.0.1
Integrations
Micro Focus Service Manager
Fixed an issue where the test-module always returned a successful response.
Microsoft Azure AD Connect Health Feed Pack v1.0.1
Integrations
Azure AD Connect Health Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Microsoft Defender Advanced Threat Protection Pack v1.2.1
Integrations
Microsoft Defender Advanced Threat Protection
Added the following indicator commands.
microsoft-atp-list-indicators
microsoft-atp-get-indicator-by-id
microsoft-atp-file-indicator-create
microsoft-atp-network-indicator-create
microsoft-atp-indicator-update
microsoft-atp-indicator-delete
Note: To use these commands, in the Microsoft Defender Advanced Threat Protection integration's configuration window, reauthorize the app.
Updated the Docker version to the latest version.
Microsoft Defender Advanced Threat Protection
Maintenance and stability enhancements.
Microsoft Graph Calendar Pack v1.0.2
Integrations
Microsoft Graph Calendar
- Maintenance and stability enhancements.
- Updated the Docker image to the latest version.
Microsoft Graph Device Management Pack v1.0.1
Integrations
Microsoft Graph Device Management (Microsoft Intune)
- Maintenance and stability enhancements.
- Updated the Docker image to the latest version.
Microsoft Graph Files Pack v1.0.1
Integrations
Microsoft Graph Files
- Maintenance and stability enhancements.
- Updated the Docker image to the latest version.
Microsoft Graph Groups Pack v1.0.1
Integrations
Microsoft Graph Groups
- Maintenance and stability enhancements.
- Updated the Docker image to the latest version.
Microsoft Graph Mail Pack v1.0.7
Integrations
Microsoft Graph Mail
- Maintenance and stability enhancements.
- Updated the Docker image to the latest version.
- General documentation improvements.
Microsoft Graph Mail Single User Pack v1.0.6
Integrations
Microsoft Graph Mail Single User
- Maintenance and stability enhancements.
- Updated the Docker image to the latest version.
Microsoft Graph Security Pack v2.0.3
Integrations
Microsoft Graph Security
- Maintenance and stability enhancements.
- Deprecated the msg-get-user and msg-get-users commands. Use the Microsoft Graph User integration for those commands instead.
- Updated the Docker image to: crypto:1.0.0.11412.
Microsoft Graph User Pack v1.3.2
Integrations
Microsoft Graph User
- Added the ability to get access on behalf of a user using a self-deployed app. This flow only supports the msgraph-user-change-password and msgraph-user-terminate-session commands.
- Updated the Docker image to the latest version.
- Documentation and metadata improvements.
- Maintenance and stability enhancements.
Microsoft Intune Feed Pack v1.0.2
Integrations
Microsoft Intune Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Microsoft Management Activity API (O365/Azure Events) Pack v1.1.0
Integrations
Microsoft Management Activity API (O365 Azure Events)
- Maintenance and stability enhancements.
- Updated the Docker image to the latest version.
- Added the timeout argument to the ms-management-activity-list-content to fetch larger amounts of data.
- Fixed a bug that occurred when resubscribing to a subscription.
- Updated the Docker image to demisto/pyjwt3:1.0.0.8871.
Microsoft Cloud App Security Pack v1.0.3
Integrations
Microsoft Cloud App Security
Added IP.Geo.Location context key to the microsoft-cas-activities-list command, which specifies the geolocation (latitude:longitude) of the IP address.
Office 365 Feed Pack v1.1.5
Integrations
Office 365 Feed
- Added the Traffic Light Protocol integration parameter.
- Updated Docker image to the latest version.
PCAP Analysis Pack v2.3.4
Scripts
PcapMinerV2
Fixed a bug in the IMF extraction process.
Palo Alto Networks Cortex XDR - Investigation and Response Pack v2.3.10
Integrations
Cortex XDR - IOC
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Palo Alto Networks WildFire Pack v1.2.1
Integrations
Palo Alto Networks WildFire v2
- Added a DBotScore of 0 in cases that no report is found when running the file command.
- Updated the Docker image to: demisto/python3:3.8.5.10845.
Scripts
PTEnrich
Maintenance and stability enhancements.
Plain Text Feed Pack v1.0.2
Integrations
Plain Text Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Prisma Access Pack v1.0.5
Integrations
Prisma Access Egress IP feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Prisma Access
- Deprecated the prisma-access-active-users and prisma-access-cli-command commands.
- Upgraded the Docker image to: demisto/netmiko:1.0.0.11159.
Proofpoint Feed Pack v1.0.3
Integrations
Proofpoint Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Qualys Pack v1.0.1
Scripts
QualysCreateIncidentFromReport
Updated the script to execute using the LimitedUser role.
Rapid7 Nexpose Pack v1.0.1
Scripts
NexposeCreateIncidentsFromAssets
Updated the script to execute using the LimitedUser role.
Recorded Future Feed Pack v1.0.4
Integrations
Recorded Future RiskList Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
ReplaceMatchGroup Pack v1.0.1
Scripts
ReplaceMatchGroup
- Updated the Docker image to: demisto/python3:3.8.5.10845.
- Fixed an issue where the script was failing on a ModuleNotFoundError error.
SafeBreach - Breach and Attack Simulation platform Pack v1.0.8 (Partner Supported)
Integrations
SafeBreach v2
Added the Traffic Light Protocol integration parameter.
Security Intelligence Services Feed Pack v1.0.1 (Partner Supported)
Integrations
Security Intelligence Services Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Securonix Pack v1.1.3
Integrations
Securonix
- Added the Set default incident severity integration parameter.
- Updated the Docker image to the latest version.
ServiceNow Pack v1.3.2
Integrations
ServiceNow v2
- Improved the error message for the test-module command when the ServiceNow instance is in hibernate mode.
- Fixed an issue in the get-remote-data command that occurred when an attachment was referenced before it was assigned.
Sixgill Darkfeed - Core Edition Pack v1.1.5 (Partner Supported)
Integrations
Sixgill DarkFeed Threat Intelligence
Added the Traffic Light Protocol integration parameter.
Slack Pack v1.3.5
Integrations
Slack v2
- Updated the Docker image to the latest version.
- Maintenance and stability enhancements.
Spamhaus Feed Pack v1.0.1
Integrations
Spamhaus Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
SplunkPy Pack v1.2.2
Integrations
SplunkPy
- Fixed an issue where the splunk-kv-store-collection-add-entries command failed on non-ASCII data.
- Upgraded the Docker image to: demisto/splunksdk:1.0.0.11270.
TAXII Feed Pack v1.0.4
Integrations
TAXII Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
TAXII 2 Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Threat Intelligence Management Pack v1.0.1
Dashboards
Threat Intel Management
Removed the Incidents Per Feed widget to optimize the dashboard performance.
ThreatConnect Feed Pack v1.0.1
Integrations
ThreatConnect Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
ThreatQ Pack v1.0.6 (Partner Supported)
Integrations
ThreatQ v2
- Deprecated the threatq-search-by-name command.
- Fix default parameters for the following commands:
- threatq-search-by-name
- threatq-upload-file
- threatq-get-all-indicators
- threatq-get-all-events
- threatq-get-all-adversaries
Tor Exit Addresses Feed Pack v1.0.2
Integrations
Tor Exit Addresses Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Trend Micro Apex Pack v2.0.0
Integrations
Trend Micro Apex
- This integration is no longer a beta integration.
- Fixed a bug in trendmicro-apex-udso-add command where the notes argument was not sent to Apex.
- Added 8 commands.
- trendmicro-apex-udso-file-add
- trendmicro-apex-list-logs
- trendmicro-apex-process-terminate
- trendmicro-apex-security-agents-list
- trendmicro-apex-managed-servers-list
- trendmicro-apex-endpoint-sensors-list
- trendmicro-apex-historical-investigation-create
- trendmicro-apex-investigation-result-list
- Deprecated the following commands.
- trendmicro-apex-usdo-list Use the trendmicro-apex-udso-file-add command instead.
- trendmicro-apex-usdo-add Use the trendmicro-apex-udso-add command instead.
- trendmicro-apex-usdo-delete Use the trendmicro-apex-udso-delete command instead.
Tufin Pack v1.1.1 (Partner Supported)
Integrations
Tufin
Updated the Docker image to the latest version.
URLhaus Pack v1.0.1
Integrations
URLhaus
- Maintenance and stability enhancements.
- Updateed the Docker image to the latest version.
Unit42 Feed Pack v1.0.4
Integrations
Unit42 Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
Uptycs Pack v1.0.2 (Partner Supported)
Integrations
Uptycs
Fixed various issues in the integration, such as descriptions, tag values, etc.
Playbooks
Uptycs - Outbound Connection to Threat IOC Incident
- Fixed general issues in the playbook.
- Add Gather Evidence tasks to the playbook, which adds information to the Evidence Board.
VirusTotal - Private API Pack v1.0.3
Integrations
VirusTotal - Private API
Updated the vt-private-get-url-report command to return multiple entries (entry per indicator) instead of a single entry.
Windows Defender Advanced Threat Protection (Deprecated) Pack v1.0.2
Integrations
Windows Defender Advanced Threat Protection (Deprecated)
- Updated the Docker image to the latest version.
- Maintenance and stability enhancements.
Zoom Feed Pack v1.1.2
Integrations
Zoom Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
abuse.ch SSL Blacklist Feed Pack v1.0.3
Integrations
abuse.ch SSL Blacklist Feed
- Added the Traffic Light Protocol integration parameter.
- Updated the Docker image to the latest version.
urlscan.io Pack v1.0.3
Integrations
urlscan.io
Improved the API error message to be more descriptive.
Assets
- Download Content Zip (Cortex XSOAR 5.5 and earlier): content_new.zip
- Download Marketplace Packs (Cortex XSOAR 6.0 and later): content_marketplace_packs.zip
- Browse the Source Code: Content Repo @ 20.9.2