Skip to main content

Cortex XSOAR Content Release Notes for version 21.1.1 (256150)#

Published on 19 January 2021#

Breaking Changes#

The following packs include breaking changes.

New: Ansible Tower Pack v1.0.0#

Integrations#

Ansible Tower#

Scale IT automation, manage complex deployments, and speed productivity.

Playbooks#

Launch Adhoc Command Generic - Ansible Tower#

Generic pooling playbook for running ad hoc commands. Ad-hoc commands in Ansible allow you to execute simple tasks at the command line against one or all of your hosts. This playbook launches an ad hoc command, reports the status of the task when it finishes running, and then returns the output of the task.

Launch Job - Ansible Tower#

Launches a specific job template and returns the job status when the job finishes running.


New: Cognni Pack v1.0.0 (Partner Supported)#

Integrations#

Cognni#

Autonomous detection and investigation of information security incidents and other potential threats.


New: Cyren Threat InDepth Threat Intelligence Pack v1.0.0 (Partner Supported)#

Indicator Fields#

Cyren Country Code#

Associated country code by Cyren Threat InDepth Intelligence.

Cyren Detection Categories#

Associated categories by Cyren Threat InDepth Intelligence.

Cyren Detection Date#

Time when the threat was identified by Cyren Threat InDepth Intelligence.

Cyren Detection Methods#

Methods used by Cyren Threat InDepth Intelligence to detect the threat.

Cyren Feed Action#

Action to be executed ('+' add indicator, '=' update indicator, '-' remove/reclassify indicator).

Cyren IP Class#

Type of IP identified by Cyren Threat InDepth Intelligence.

Cyren Industries#

Related industries associated with the indicator by Cyren Threat InDepth Intelligence.

Cyren Object Type#

Object type identified by Cyren Threat InDepth Intelligence,

Cyren Phishing Brands#

Targeted brands of a phishing indicator identified by Cyren Threat InDepth Intelligence.

Cyren Port#

Port identified by Cyren Threat InDepth Intelligence.

Cyren Protocol#

Protocol identified by Cyren Threat InDepth Intelligence.

Integrations#

Cyren Threat InDepth Threat Intelligence Feed#

Threat InDepth's actionable and contextualized intelligence helps enterprises improve their threat detection and response by providing unprecedented visibility into new email-born security threats faster than other security vendors.


New: Gurucul Risk Analytics Pack v1.0.0 (Partner Supported)#

Classifiers#

Gurucul-GRA#
Gurucul-GRACases - Classifier#
Gurucul-HighRiskUsers - Classifier#
Gurucul-GRACases Incoming Mapper#
Gurucul-HighRiskUsers Incoming Mapper#

Incident Fields#

  • Gra Case Id
  • Gra Entity
  • Gra Entity Id
  • Gra Entity Type Id
  • Gra Open Date
  • Gra Owner Id
  • Gra Owner Name
  • Gra Owner Type
  • Gra Risk Date

Incident Types#

  • GraCase
  • GraHighRiskUser

Integrations#

Gurucul-GRA#

Gurucul Risk Analytics (GRA) is a unified security and risk Analytics platform.

Playbooks#

GraCase#

Playbook for fetching cases associated with high risk users.

GraHighRiskUser#

Playbook for fetching high risk users and associated anomalies.


Active Directory Query Pack v1.1.2#

Classifiers#

User Profile - Active Directory (Incoming)#

Removed non-existing incident fields from the classifier.

User Profile - Active Directory (Outgoing)#

Removed non-existing incident fields from the classifier.


AlienVault Feed Pack v1.0.10#

Integrations#

AlienVault Reputation Feed#

Improved error handling for proxy and SSL errors.


Atlassian Jira Pack v1.2.8#

Integrations#

Atlassian Jira v2#
  • Documentation and metadata improvements.
  • Updated the Docker image to: demisto/oauthlib:1.0.0.15261.

Azure WAF Pack v1.0.1#

Integrations#

Azure Web Application Firewall#

Fixed an issue where the refresh token was not cached in the integration context.


Bambenek Consulting Feed Pack v1.0.8#

Integrations#

Bambenek Consulting Feed#

Improved error handling for proxy and SSL errors.


Base Pack v1.6.6#

Scripts#

CommonServerPython#
  • Added support for logging Python warnings.
  • Internal code improvements.
  • Added support for XML body in the generated cURL query in debug mode.
DBotBuildPhishingClassifier#
  • The script will now run on a separate container.
  • Updated the Docker image to: demisto/ml:1.0.0.13629.
CommonServerPowerShell#

Fixed an issue within the DemistoObject's GetIntegrationContext method. It will now support Cortex XSOAR version 5.5.0 and above.


BigFix Pack v1.0.4#

Integrations#

BigFix#

Improved proxy handling.


BlockList DE Feed Pack v1.0.2#

Integrations#

Blocklist_de Feed#

Improved error handling for proxy and SSL errors.


Bluecat Address Manager Pack v1.0.1#

Integrations#

Bluecat Address Manager#
  • Maintenance and stability enhancements.
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

Bmc Helix Remedyforce Pack v1.0.4#

Integrations#

BMC Helix Remedyforce#

Updated the Docker image to: demisto/python3:3.9.1.14969.

Layouts#

  • Bmc Remedyforce Incident - Maintenance and stability enhancements.
  • Bmc Remedyforce Service Request - Maintenance and stability enhancements.

Scripts#

BMCHelixRemedyforceCreateIncident#

Updated the Docker image to: demisto/python3:3.9.1.14969.

BMCHelixRemedyforceCreateServiceRequest#

Updated the Docker image to: demisto/python3:3.9.1.14969.


BruteForce Feed Pack v1.0.2#

Integrations#

BruteForceBlocker Feed#

Improved error handling for proxy and SSL errors.


CSV Feed Pack v1.0.8#

Integrations#

CSV Feed#

Improved error handling for proxy and SSL errors.


CVE Search Pack v1.0.4#

Integrations#

CVE Search v2#
  • Stabilized the test-module command.
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

Carbon Black Enterprise Protection Pack v1.0.4#

Integrations#

VMware Carbon Black App Control v2#
  • Fixed an issue where the incidents_per_fetch integration parameter wasn't used properly.
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

Claroty Pack v1.0.8 (Partner Supported)#

Classifiers#

Claroty#

Maintenance and stability enhancements.

Claroty - Incoming Mapper#

Maintenance and stability enhancements.

Layouts#

  • Claroty Security Incident - Maintenance and stability enhancements.
  • Claroty Integrity Incident - Maintenance and stability enhancements.

Cloudflare Feed Pack v1.0.2#

Integrations#

Cloudflare Feed#

Improved error handling for proxy and SSL errors.


Code42 Pack v2.0.9 (Partner Supported)#

Classifiers#

Code42#

Maintenance and stability enhancements.

Layouts#

  • Code42 Security Alert Maintenance and stability enhancements.

Common Playbooks Pack v1.8.10#

Playbooks#

Detonate File - Generic#
  • Fixed an issue where two tasks overlapped in the playbook's overview.
  • Added the following sub-playbooks
    • Detonate File - Group-IB TDS Polygon
    • Detonate File - CrowdStrike Falcon X
Dedup - Generic v3#

Fixed an issue where the playbook did not ignore closed incidents when it attempted to find duplicate incidents.


Common Scripts Pack v1.3.12#

Scripts#

FailedInstances#

Fixed an issue where testmodule was listed as a failed instance in air-gapped environments.

RunPollingCommand#

Updated the script to execute using the DBot role.

SetGridField#

Improved the error message when a grid ID is incorrect.


Common Types Pack v2.7.2#

Classifiers#

Mail Listener - Incoming Mapper#

Maintenance and stability enhancements.

mail-listener#

Maintenance and stability enhancements.

Layouts#

  • layout-edit-Vulnerability.json - Maintenance and stability enhancements.
  • File Indicator - Maintenance and stability enhancements.
  • unifiedFileRep - Maintenance and stability enhancements.

CrowdStrike Malquery Pack v1.0.2#

Integrations#

CrowdStrike Malquery#
  • Fixed an issue where the filter_filetypes argument was not used correctly in the following commands:
    • cs-malquery-hunt
    • cs-malquery-exact-search
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

Cryptocurrency Pack v1.1.1#

Integrations#

Layouts#

  • Cryptocurrency
  • Cryptocurrency Address

Scripts#

CryptoCurrenciesFormat#

Updated the Docker image to: demisto/python3:3.9.1.14969.


DShield Feed Pack v1.0.2#

Integrations#

DShield Feed#

Improved error handling for proxy and SSL errors.


Darktrace Pack v1.0.1 (Partner Supported)#

Classifiers#

Darktrace Model Breach Mapper#

Maintenance and stability enhancements.

Integrations#

Darktrace#

Updated the Docker image to: demisto/python3:3.9.1.14969.

Layouts#

Darktrace Model Breach Layout - Maintenance and stability enhancements.


Developer Tools Pack v1.1.1#

Integrations#

New: XSOAR Powershell Testing#

Powershell integration for testing that Powershell support is working as expected. (Available from Cortex XSOAR 5.5.0.)

XSOAR Powershell Testing#
  • The test-module now works as expected.
  • Updated the Docker image to: demisto/powershell-ubuntu:7.0.3.12001.

EWS Pack v1.7.2#

Integrations#

O365 - Security And Compliance - Content Search (beta)#
  • Improved the integration setup error handling. Now validates that the user ran the o365-sc-auth-start command before running the o365-sc-auth-complete command.
  • Fixed an issue where regex results were not parsed as expected in the o365-sc-get-search-action command.

Employee Offboarding Pack v1.0.6#

Layouts#

  • Employee Offboarding Incident - Maintenance and stability enhancements.
  • Employee Offboarding - Maintenance and stability enhancements.

Expanse v2 Pack v1.0.4#

Integrations#

Expanse v2#

Updated the Docker image to: demisto/python3:3.9.1.14969.

Expanse Expander Feed#

Updated the Docker image to: demisto/python3:3.9.1.14969.

Layouts#

Expanse Certificate Indicator Layout - Maintenance and stability enhancements.

Scripts#

ExpanseAggregateAttributionDevice#

Updated the Docker image to: demisto/python3:3.9.1.14969.

ExpanseAggregateAttributionIP#

Updated the Docker image to: demisto/python3:3.9.1.14969.

ExpanseAggregateAttributionUser#

Updated the Docker image to: demisto/python3:3.9.1.14969.

ExpanseEnrichAttribution#

Updated the Docker image to: demisto/python3:3.9.1.14969.

ExpanseEvidenceDynamicSection#

Updated the Docker image to: demisto/python3:3.9.1.14969.

ExpanseGenerateIssueMapWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.14969.

ExpansePrintSuggestions#

Updated the Docker image to: demisto/python3:3.9.1.14969.

ExpanseRefreshIssueAssets#

Updated the Docker image to: demisto/python3:3.9.1.14969.

MatchIPinCIDRIndicators#

Updated the Docker image to: demisto/python3:3.9.1.14969.


FeodoTracker Feed Pack v1.0.3#

Integrations#

Feodo Tracker Hashes Feed (Deprecated)#

Improved error handling for proxy and SSL errors.


FireEyeNX Pack v1.0.1#

Layouts#

  • layout-quickView-FireEye_NX_IPS_Event.json - Maintenance and stability enhancements.
  • FireEye NX Alert - Maintenance and stability enhancements.
  • layout-mobile-FireEye_NX_IPS_Event.json - Maintenance and stability enhancements.

Freshdesk Pack v1.0.2#

Integrations#

Freshdesk#

Improved proxy handling.


Google Drive Pack v1.0.1#

Layouts#

  • layout-quickView-Google_Drive_Activity.json - Maintenance and stability enhancements.
  • layout-mobile-Google_Drive_Activity.json - Maintenance and stability enhancements.

Humio Pack v1.0.3 (Partner Supported)#

Integrations#

Humio#
  • The values for the start and end arguments for the humio_query command can now be given as either a timestamp or a relative time duration.
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

IAM SCIM Pack v1.0.1#

Classifiers#

User Profile - SCIM (Incoming)#

Removed non-existing incident fields from the classifier.


IBM QRadar Pack v1.2.8#

Classifiers#

QRadar - Generic Incoming Mapper#

Maintenance and stability enhancements.


IBM Resilient Systems Pack v1.0.4#

Integrations#

IBM Resilient Systems#

Fixed an issue where the integration did not use a certificate.


IBM X-Force Exchange Pack v1.0.6#

Integrations#

IBM X-Force Exchange v2#
  • Fixed an issue where the threshold argument in the following commands was taking the value of the parameter instead.
    • ip
    • url
    • domain
  • Removed the long argument from the following commands as the raw_response option can be used instead:
    • file
    • domain
    • url
    • ip
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

Illusive Networks Pack v1.0.7 (Partner Supported)#

Classifiers#

Illusive Networks - Incoming Mapper#

Maintenance and stability enhancements.

IllusiveNetworks#

Maintenance and stability enhancements.

Layouts#

Illusive Networks Incident - Maintenance and stability enhancements.


Infinipoint Pack v1.0.5 (Partner Supported)#

Classifiers#

Infinipoint - Incoming Mapper#

Maintenance and stability enhancements.

Infinipoint#

Maintenance and stability enhancements.

Layouts#

  • Infinipoint Compliant - Maintenance and stability enhancements.
  • Infinipoint NotCompliant - Maintenance and stability enhancements.

IronNet Pack v1.1.4 (Partner Supported)#

Layouts#

layout-details-IronDefense_Event_Notification.json Maintenance and stability enhancements.


Logz.io Pack v1.1.4 (Partner Supported)#

Layouts#

Logz.io Alert - Maintenance and stability enhancements.


MITRE ATT&CK Pack v1.1.9#

Indicator Types#

MITRE ATT&CK - Fixed an issue where an indicator would match on invalid text.

Layouts#

  • MITRE ATT&CK - Maintenance and stability enhancements.
  • MITRE ATT&CK Indicator - Maintenance and stability enhancements.

Majestic Million Feed Pack v1.0.3#

Integrations#

Majestic Million Feed#

Improved error handling for proxy and SSL errors.


Malware Pack v1.2.7#

Incident Types#

Malware

  • Added updated Malware incident type for 6.1 incident field extraction.
  • Fixed an issue where the incident type was removed in pack versions 1.2.5 and 1.2.6. If you install these versions, the incident type will be deleted.

Layouts#

  • Malware Incident - Maintenance and stability enhancements.
  • Malware - Maintenance and stability enhancements.

MalwareDomainList Feed Pack v1.0.2#

Integrations#

Malware Domain List Active IPs Feed#

Improved error handling for proxy and SSL errors.


Microsoft Graph Files Pack v1.0.5#

Integrations#

Microsoft Graph Files#
  • Updated commands, arguments, descriptions, and readme.
  • Updated the Docker image to: demisto/python_pancloud:1.0.0.14303.

MobileIron-UEM Pack v1.0.1 (Partner Supported)#

Classifiers#

MobileIron Incident Incoming Mapper#

Maintenance and stability enhancements.

Integrations#

MobileIronCORE#

Updated the Docker image to: demisto/python3:3.9.1.14969.

MobileIronCLOUD#

Updated the Docker image to: demisto/python3:3.9.1.14969.

Layouts#

MobileIron Incident Layout - Maintenance and stability enhancements.


OpenLDAP Pack v1.0.3#

Integrations#

OpenLDAP#
  • The integration is now GA.
  • Updated the Docker image to: demisto/ldap:1.0.0.12410.

PAN-OS Pack v1.6.12#

Integrations#

Palo Alto Networks PAN-OS#
  • Fixed an issue where the panorama-apply-security-profile command did not work as expected when using a Firewall instance.
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

Palo Alto Networks BPA Pack v1.2.3#

Integrations#

Palo Alto Networks BPA#
  • Added filter options to the pan-os-get-documentation command. Results can be filtered by the doc_ids argument.
  • Added filter options to the pan-os-bpa-get-job-results command. Results can be filtered by the check_id or check_name argument.
  • Updated the description of a BPA instance configuration.
  • Updated the Docker image from: 3.8.3.9324 to the latest version 3.9.1.14969.

Palo Alto Networks Cortex XDR - Investigation and Response Pack v2.7.7#

Classifiers#

Cortex XDR - Outgoing Mapper#

Maintenance and stability enhancements.

Cortex XDR - IR#

Maintenance and stability enhancements.

Cortex XDR - Incoming Mapper#

Maintenance and stability enhancements.

Incident Fields#

  • XDR device control violations
  • XDR Disconnected endpoints

Incident Types#

  • XDR Device Control Violations
  • Cortex XDR Disconnected endpoints

Indicator Fields#

XDR device control violations#

Integrations#

Cortex XDR - IOC#
  • Fixed an issue where the proxy was not ignored even when the Use system proxy settings integration parameter was unchecked.
  • Updated the Docker image to: demisto/python3:3.8.6.14516.
Palo Alto Networks Cortex XDR - Investigation and Response#
  • Removed the Fetch incident alerts and artifacts integration parameter. Alerts and artifacts are now being fetched by default.
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

Layouts#

  • Cortex XDR Device Control Violations
  • Cortex XDR Incident - Maintenance and stability enhancements.
  • Cortex XDR Port Scan - Maintenance and stability enhancements.

Playbooks#

New: Cortex XDR device control violations#

Queries Cortex XDR for device control violations for the specified host, IP address, or XDR endpoint ID. It then communicates via email with the involved users to understand the nature of the incident and if the user connected the device. All the collected data is displayed in the XDR device control incident layout. This playbook can also be associated with Cortex XDR device control violation jobs to periodically query and investigate XDR device control violations. In this configuration, the playbook only communicates with the involved users. (Available from Cortex XSOAR 5.5.0.)

New: JOB - Cortex XDR query endpoint device control violations#

A job that periodically queries Cortex XDR device control violations by a given timestamp in a relative date playbook input. The collected data, if found, is generated for a new incident. You can set the created new incident type in the playbook input. Use the XDR Device Control Violations incident type to associate it with the response playbook. The job includes an incident type with a dedicated layout to visualize the collected data.

To configure the job correctly:

  1. Create a new recurring job.
  2. Set the recurring schedule.
  3. Add a name.
  4. Set the type to XDR Device Control Violations.
  5. Set this playbook as the job's playbook.

The scheduled run time and the timestamp relative date should be identical. If the job recurs every 7 days, the timestamp should be 7 days as well. (Available from Cortex XSOAR 5.5.0.)

Cortex XDR incident handling v3#

Added Cortex XDR Device Control violations as an enrichment playbook to Cortex XDR incident handling v3.

New: Cortex XDR disconnected endpoints#

A job that periodically queries disconnected Cortex XDR endpoints with a provided last seen time range playbook input. The collected data, if found, is generated to a CSV report, including a detailed list of the disconnected endpoints. The report is sent to the recipient's provided email addresses in the playbook input. The playbook includes an incident type with a dedicated layout to visualize the collected data.

To set the job correctly:

  1. Create a new recurring job.
  2. Set the recurring schedule.
  3. Add a name.
  4. Set the type to Cortex XDR disconnected endpoints.
  5. Set this playbook as the job playbook.

https://xsoar.pan.dev/docs/incidents/incident-jobs

The scheduled run time and the timestamp relative date should be identical. If the job recurs every 7 days, the time range should be 7 days as well. (Available from Cortex XSOAR 5.5.0.)


Palo Alto Networks IoT Pack v1.0.2#

Integrations#

Palo Alto Networks IoT#

Documentation and metadata improvements.


Palo Alto Networks Threat Vault Pack v1.0.2#

Integrations#

Palo Alto Networks Threat Vault#
  • Handle errors in the threatvault-signature-search-results command gracefully.
  • Added missing outputs in the ip command.
  • Upgraded the Docker image to: demisto/python3:3.9.1.14969.

PhishTank Pack v2.0.3#

Integrations#

PhishTank v2#
  • The Additional details URL in the create_verified_markdown command output is now clickable.
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

Phishing Pack v2.0.3#

Incident Types#

Phishing

  • Added an updated Phishing incident type for 6.1 incident field extraction.
  • Fixed an issue where the incident type was removed in pack version 2.0.1. If you install this version, the incident type will be deleted.

Playbooks#

Phishing - Core#

Fixed typos in the playbook task descriptions.


Plain Text Feed Pack v1.0.3#

Integrations#

Plain Text Feed#

Improved error handling for proxy and SSL errors.


Port Scan Pack v1.1.2#

Layouts#

Port Scan Maintenance and stability enhancements.


Prisma Cloud Pack v1.6.1#

Classifiers#

Prisma Cloud - Incoming Mapper#

Maintenance and stability enhancements.

prismaCloud_app#

Maintenance and stability enhancements.

Prisma Cloud App - Incoming Mapper#

Maintenance and stability enhancements.

RedLock#

Maintenance and stability enhancements.

Layouts#

  • Prisma Cloud - Maintenance and stability enhancements.
  • GCP Compute Engine Misconfiguration Incident - Maintenance and stability enhancements.
  • AWS CloudTrail Misconfiguration Incident - Maintenance and stability enhancements.
  • AWS IAM Policy Misconfiguration - Maintenance and stability enhancements.
  • AWS EC2 Instance Misconfiguration Incident - Maintenance and stability enhancements.
  • GCP Kubernetes Engine Misconfiguration - Maintenance and stability enhancements.
  • AWS IAM Policy Misconfiguration Incident - Maintenance and stability enhancements.
  • Prisma Cloud Incident - Maintenance and stability enhancements.

Prisma Cloud Compute Pack v1.0.7#

Classifiers#

PaloAltoNetworks_PrismaCloudCompute#

Maintenance and stability enhancements.

Palo Alto Networks Prisma Cloud Compute - Incoming Mapper#

Maintenance and stability enhancements.

Layouts#

  • Prisma Cloud Compute Cloud Discovery - Maintenance and stability enhancements.
  • Prisma Cloud Compute Cloud Discovery Incident - Maintenance and stability enhancements.

RSA Archer Pack v1.1.9#

Integrations#

RSA Archer v2#

Fixed an issue where duplicate incidents were fetched.


SafeBreach - Breach and Attack Simulation platform Pack v1.1.4 (Partner Supported)#

Layouts#

  • SafeBreach Process - Maintenance and stability enhancements.
  • SafeBreach Command - Maintenance and stability enhancements.
  • SafeBreach Registry - Maintenance and stability enhancements.
  • SafeBreach Insight - Maintenance and stability enhancements.
  • SafeBreach Domain - Maintenance and stability enhancements.
  • SafeBreach Hash - Maintenance and stability enhancements.
  • SafeBreach URL - Maintenance and stability enhancements.
  • SafeBreach IP - Maintenance and stability enhancements.
  • SafeBreach Protocol - Maintenance and stability enhancements.
  • SafeBreach Port - Maintenance and stability enhancements.

ServiceNow Pack v2.1.4#

Classifiers#

ServiceNow - Outgoing Mapper#

Removed non-existing incident fields from the classifier.

ServiceNow Create Ticket - Incoming Mapper#

Removed non-existing incident fields from the classifier.

ServiceNow#

Removed non-existing incident fields from the classifier.

ServiceNow - Incoming Mapper#

Removed non-existing incident fields from the classifier.

Layouts#

ServiceNow Ticket - Maintenance and stability enhancements.


Shift Management Pack v1.1.4#

Scripts#

GetUsersOnCall#
  • Added the include_OOO_users argument that allows users to choose whether to include in the output users that are out of office. By default, out of office users are not included in the output.
  • Updated the Docker image to: demisto/pyjwt3:1.0.0.8871.

Sixgill Darkfeed - Annual Subscription Pack v1.2.3 (Partner Supported)#

Integrations#

New: Sixgill DarkFeed Enrichment#

Leverage the power of Sixgill to supercharge Cortex XSOAR with real-time Threat Intelligence indicators. Get IOCs such as domains, URLs, hashes, and IP addresses straight into the XSOAR platform.

Sixgill DarkFeed Threat Intelligence#

Updated the pack metadata.


Slack Pack v1.3.11#

Integrations#

Slack v2#

Fixed an issue where no response was returned from the integration in the event of a connection error.


Sophos Central Pack v1.0.2#

Classifiers#

Sophos Central - Incoming Mapper#

Maintenance and stability enhancements.


Spamhaus Feed Pack v1.0.2#

Integrations#

Spamhaus Feed#

Improved error handling for proxy and SSL errors.


SumoLogic Pack v1.0.4#

Integrations#

SumoLogic#

Fixed an issue with the fetch-incidents command, which caused timeouts for large queries.


Syslog Sender Pack v1.0.1#

Integrations#

Syslog Sender#
  • The Log level to send integration parameter now works as expected.
  • The level argument in the send-notification command now works as expected.
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

TAXII Feed Pack v1.0.7#

Integrations#

TAXII 2 Feed#
  • Breaking Changes:
    • Removed the filter_args argument in the taxii2-get-indicators command as only the indicator filter type was supported.
    • Removed the filter_args integration parameter as only the indicator filter type was supported.
  • Updated the Docker image to: demisto/taxii2:1.0.0.13859.
TAXII Feed#
  • Fixed an issue where indicators were not parsed as expected in the get-indicators command.
  • Updated the Docker image to: demisto/taxii:1.0.0.15313.

Troubleshoot Pack v2.0.0#

Playbooks#

New: Integration Troubleshooting#

Troubleshoots a problem with either an integration's configuration or when running a command. (Available from Cortex XSOAR 5.0.0.)

Scripts#

New: TroubleshootIsDockerImageExists#

Gets a Docker image and checks if it exists on the machine running Cortex XSOAR. (Available from Cortex XSOAR 5.0.0.)

New: TroubleshootExecuteCommand#

Executes a command in Cortex XSOAR in debug mode and pulls logs from the command execution. (Available from Cortex XSOAR 5.0.0.)

New: TroubleshootTestInstance#

Clicks the Test button and indicates if the test failed. (Available from Cortex XSOAR 5.0.0.)

New: TroubleshootGetInstanceParameters#

Gets an instance's configuration parameters in order to troubleshoot the instance. (Available from Cortex XSOAR 5.0.0.)

New: TroubleshootGetCommandandArgs#

Gets a command with arguments, validates the command and arguments, and then parses it to use in the Cortex XSOAR context. (Available from Cortex XSOAR 5.0.0.)

New: TroubleshootAggregateResults#

Collects all results from previous tests. (Available from Cortex XSOAR 5.0.0.)

New: TroubleshootInstanceField#

Populates the InstanceName field with active instances. (Available from Cortex XSOAR 5.0.0.)


Vertica Pack v1.0.1#

Integrations#

Vertica#
  • Fixed an issue where the Database integration parameter was not used correctly.
  • Updated the Docker image to: demisto/vertica:1.0.0.12410.

Workday Pack v1.0.6#

Integrations#

New: Workday IAM Event Generator (Beta)#

This integration generates mock Workday reports and events, which you should use for testing and development purposes. (Available from Cortex XSOAR 6.0.0.)


X509Certificate Pack v1.0.3#

Layouts#

Certificate Indicator - Maintenance and stability enhancements.


XM Cyber Pack v1.0.5 (Partner Supported)#

Classifiers#

New: XM Cyber Incident Mapper#

Maintenance and stability enhancements.

Incident Types#

XM Cyber Security Score - Fixed an issue where the wrong playbook was called for the XM Cyber Security Score incident type.

Integrations#

XM Cyber#
  • Fixed an issue where the timeId argument wasn't used properly in the following commands:
    • xmcyber-affected-critical-assets-list
    • xmcyber-affected-entities-list
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

Layouts#

XM Cyber Technique Layout - Maintenance and stability enhancements.


Zimperium Pack v1.0.6#

Classifiers#

Zimperium#

Maintenance and stability enhancements.

Zimperium - Incoming Mapper#

Maintenance and stability enhancements.


abuse.ch SSL Blacklist Feed Pack v1.0.7#

Integrations#

abuse.ch SSL Blacklist Feed#

Improved error handling for proxy and SSL errors.


okta Pack v2.1.4#

Classifiers#

User Profile - Okta (Outgoing)#

Removed non-existing incident fields from the classifier.

Integrations#

Okta v2#
  • Breaking changes - Fixed a typo in the postalAddress argument name in the okta-update-user command.
  • Updated the Docker image to: demisto/python3:3.9.1.14969.

urlscan.io Pack v1.0.7#

Integrations#

urlscan.io#

Added the API key to all requests in order to avoid rate limit violations.


Assets#