Cortex XSOAR Content Release Notes for version 21.2.1 (280430)#

Published on 16 February 2021#

New: Azure Kubernetes Services Pack v1.0.0#

Integrations#

Azure Kubernetes Services (Beta)#

Deploy and manage containerized applications with a fully managed Kubernetes service.

New: Azure SQL Management (Beta) Pack v1.0.0#

Integrations#

Azure SQL Management (Beta)#

Microsoft Azure SQL Management integration manages the Auditing and Threat Policies for Azure SQL.

New: Cyjax Feed Pack v1.0.0 (Partner Supported)#

Indicator Fields#

Cyjax Techniques Tactics Procedures#
Cyjax industry types#

Integrations#

Cyjax Feed#

The feed allows customers to pull indicators of compromise from cyber incidents (IP addresses, URLs, domains, CVE, and file hashes).

New: Cymptom Pack v1.0.0 (Partner Supported)#

Incident Types#

Cymptom Mitigations

Integrations#

Cymptom#

Cymptom is a Breach and Attack Simulation solution that revolutionizes the existing approach by transforming attack simulation into a data analysis question. Cymptom agentless scanning brings real-time always-on visibility into the entire security posture.

Playbooks#

Cymptom - Expire passwords for password cracked users#

Expires passwords for password cracked users using an Active Directory query integration instance.

New: Feed DHS Pack v1.0.0#

Integrations#

DHS Feed#

The Cybersecurity and Infrastructure Security Agency’s (CISA’s) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators, at machine speed, to the Federal Government community.

New: FireEye Detection on Demand Pack v1.0.0 (Partner Supported)#

Integrations#

FireEye Detection on Demand#

FireEye Detection On Demand is a threat detection service delivered as an API for integration into the SOC workflow, SIEM analytics, data repositories, web applications, etc. It delivers flexible file and content analysis to identify malicious behavior wherever the enterprise needs it.

Playbooks#

Detonate File - FireEye Detection on Demand#

Detonate one or more files using the FireEye Detection on Demand integration. This playbook returns relevant reports to the War Room and file reputations to the context data.

New: Forti Sandbox Pack v1.0.0 (Community Contributed)#

Integrations#

FortiSandbox#

FortiSandbox integration is used to submit files to FortiSandbox for malware analysis and retrieve the report of the analysis. It can also provide a file rating based on hashes for already scanned files.

Playbooks#

Detonate File - FortiSandbox#

Main playbook to upload submissions to FortiSandbox, poll for the verdict, and retrieve the report.

FortiSandbox - Loop For Job Verdict#

Retrieves the verdict of a specific job ID for a sample submitted to FortiSandbox.

FortiSandbox - Loop for Job Submissions#

Retrieves the job ID for submissions of FortiSandbox using the submission ID.

FortiSandbox - Upload Multiple Files#

Uploads files to FortiSandbox.

New: GreatHorn Pack v1.0.0 (Partner Supported)#

Incident Types#

GreatHorn Phishing

Integrations#

GreatHorn#

The only cloud-native security platform that stops targeted social engineering and phishing attacks on cloud email platforms such as Office 365 and G Suite.

New: GreyNoise Pack v1.0.0 (Partner Supported)#

Integrations#

GreyNoise#

GreyNoise is a cybersecurity platform that collects and analyzes Internet-wide scan and attack traffic. With this integration, users can contextualize existing alerts, filter false-positives, identify compromised devices, and track emerging threats.

Playbooks#

Calculate Severity - GreyNoise#

Calculate and assign the incident severity based on the highest returned severity level from the following calculations:

  • DBotScores of indicators
  • Current incident severity
Calculate Severity Highest DBotScore For Egress Network Traffic - GreyNoise#

Calculates the severity based on GreyNoise.

Calculate Severity Highest DBotScore For Ingress Network Traffic - GreyNoise#

Calculate the severity based on GreyNoise.

IP Reputation-GreyNoise#

Playbook for the ip reputation command.

New: Ja3er Pack v1.0.0 (Community Contributed)#

Integrations#

Ja3er#

Query the ja3er API for MD5 hashes of JA3 fingerprints.

New: Nutanix Hypervisor Pack v1.0.0#

Classifiers#

Nutanix Hypervisor#
Nutanix Hypervisor - Incoming Mapper#

Incident Fields#

  • Acknowledged

  • Acknowledged By Username

  • Alert Closing User

  • Alert Type UUID

  • Check ID

  • Classifications

  • Cluster UUID

  • Message

  • Operation Type

  • Resolved

Incident Types#

Nutanix Hypervisor Alert

Integrations#

Nutanix Hypervisor#

Nutanix Hypervisor abstracts and isolates the VMs and their programs from the underlying server hardware, enabling a more efficient use of physical resources, simpler maintenance and operations, and reduced costs.

Layouts#

Nutanix Hypervisor Alert - Summary

Playbooks#

Nutanix Change Virtual Machine Power State#

Use this playbook to perform a power status change for a virtual machine, and wait until the power status change task is completed. This playbook receives the desired power status, calls the Nutanix service to perform the power status change, and continuously polls by running the nutanix-hypervisor-task-results-get command on the task ID provided as an output from Nutanix to power the status change operation.

New: Office365 and Azure Audit Log Pack v1.0.0#

Integrations#

Microsoft Policy And Compliance (Audit Log)#

Gets logs from the O365 service.

New: Palo Alto Networks IoT 3rd Party Integrations Pack v1.0.0#

Incident Types#

  • PANW IoT 3rd Party Cisco ISE Quarantine

  • PANW IoT 3rd Party Cisco ISE Un-quarantine

  • PANW IoT 3rd Party SIEM Alert

  • PANW IoT 3rd Party SIEM Vulnerability

  • PANW IoT 3rd Party ServiceNow Alert

  • PANW IoT 3rd Party ServiceNow Vulnerability

Integrations#

Palo Alto Networks IoT 3rd Party#

Base integration for Palo Alto IoT third party integrations. This integration communicates with Palo Alto IoT Cloud to get alerts, vulnerabilities, and devices.

Playbooks#

Bulk Export Devices to ServiceNow - PANW IoT 3rd Party Integration#

Gets all available devices from PANW IoT Cloud and updates/creates endpoints with custom attributes in ServiceNow.

Bulk Export to Cisco ISE - PANW IoT 3rd Party Integration#

Gets all available device inventory from PANW IoT Cloud and updates/create endpoints with custom attributes on Cisco ISE.

Bulk Export to SIEM - PANW IoT 3rd Party Integration#

Gets all available assets (alerts, vulnerabilities, and devices) and sends then to configured the PANW third-party integration SIEM server.

Export Single Alert to ServiceNow - PANW IoT 3rd Party Integration#

Handles incidents triggered in the PANW IoT (Zingbox) UI by sending the alert to ServiceNow.

Export Single Asset to SIEM - PANW IoT 3rd Party Integration#

Handles incidents triggered in the PANW IoT (Zingbox) UI by sending the alert to your SIEM.

Export Single Vulnerability to ServiceNow - PANW IoT 3rd Party Integration#

Handles incidents triggered in the PANW IoT (Zingbox) UI by sending the vulnerability to ServiceNow.

Incremental Export Devices to ServiceNow - PANW IoT 3rd Party Integration#

Playbook to be run every 15 minutes via a job. Each run will get incremental updates for devices to send to the ServiceNow server.

Incremental Export to Cisco ISE - PANW IoT 3rd Party Integration#

Playbook to be run every 15 minutes via a job. Each run will get incremental updates for devices, and will update or create new endpoints in Cisco ISE with PANW IOT discovered attributes (ISE custom attributes).

Incremental Export to SIEM - PANW IoT 3rd Party Integration#

Playbook to be run every 15 minutes via a job. Each run will get incremental updates for devices, alerts, and vulnerabilities and send CEF syslogs to the configured SIEM server.

Quarantine Device in Cisco ISE - PANW IoT 3rd Party Integration#

Handles incidents triggered from PANW IoT (Zingbox) UI to quarantine a device in Cisco ISE.

Un-quarantine Device in Cisco ISE - PANW IoT 3rd Party Integration#

Handles incidents triggered from PANW IoT (Zingbox) UI to un-quarantine a device in Cisco ISE.

Scripts#

GeneratePANWIoTDeviceTableQueryForServiceNow#

Generates a single query or query list with which to query in ServiceNow.

GetCiscoISEActiveInstance#

Determines which configured Cisco ISE instance is in active or primary state and returns the name of the instance.

SendAllPANWIoTAssetsToSIEM#

Retrieves all specified assets from the PANW IoT cloud and sends them to the SIEM server.

SendAllPANWIoTDevicesToCiscoISE#

Gets all available devices from the PANW IoT cloud and updates or creates them on Cisco ISE using the custom attributes.

SendAllPANWIoTDevicesToServiceNow#

Gets all available devices from the PANW IoT cloud and sends them to the ServiceNow server.

SendPANWIoTDevicesToCiscoISE#

Gets (as a required argument) custom attributes from the PANW IoT cloud and creates or updates endpoints in ISE with the input custom attributes.

New: SailPoint IdentityIQ Pack v1.0.0 (Partner Supported)#

Classifiers#

SailPoint IdentityIQ Alert Classifier#
SailPoint IdentityIQ Alert Mapper#

Incident Fields#

  • SailPoint IdentityIQ Alert Display Name
  • SailPoint IdentityIQ Alert Target Display Name
  • SailPoint IdentityIQ Alert Target Id
  • SailPoint IdentityIQ Alert Target Type
  • SailPoint IdentityIQ Alert Type

Incident Types#

SailPoint IdentityIQ Alert

Integrations#

SailPoint IdentityIQ#

SailPoint IdentityIQ context pack enables XSOAR customers to utilize the deep, enriched contextual data in the SailPoint predictive identity platform to better drive identity-aware security practices.

Layouts#

SailPoint IdentityIQ Alert

Playbooks#

SailPoint IdentityIQ Disable User Account Access#

Checks if the risk score of an identity exceeds a set threshold of 500 and disables the accounts.

New: Sophos XG Firewall Pack v1.0.0#

Integrations#

Sophos Firewall#

On-premise firewall by Sophos enables you to manage your firewall, respond to threats, and monitor what’s happening on your network.

Playbooks#

Sophos Firewall - Block IP#

Adds the IP address to a pre-configured firewall rule. The target firewall rule can be changed as requested.

Pre-Requisite: 1) Create an IP host group. 2) Create a firewall rule which refers to the IP host group created in the previous step.

Sophos Firewall - Block URL#

Adds the URL to the Default Block URL Policy. The target policy can be changed as requested.

Pre-Requisite: 1) Create a web policy rule that refers to the URL group you specified in the inputs of the playbook. 2) Create a new firewall rule and assign the web policy to the one created in the previous step.

New: Tidy Pack v1.0.0 (Community Contributed)#

Incident Fields#

  • TidyGitHubToken
  • TidyHost
  • TidyPassword
  • TidyUser

Incident Types#

Tidy install

Integrations#

Tidy#

Handles endpoint environment installation.

Playbooks#

Content developer setup#

Sets up a content developers environment for 6.0.0.

Tidy install content#

New content developer installation.

APIVoid Pack v1.0.1#

Integrations#

APIVoid#
  • Fixed an issue where the test-module command failed in case an invalid API key was entered.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

Active Directory Query Pack v1.1.4#

Integrations#

Active Directory Query v2#

Maintenance enhancements.

AlienVault Feed Pack v1.0.11#

Integrations#

AlienVault Reputation Feed#

Maintenance and stability enhancements.

Arduino Pack v1.0.1 (Community Contributed)#

Integrations#

Arduino#

Updated the integration's detailed description.

Axonius Pack v1.0.2 (Partner Supported)#

Integrations#

Axonius#

Fixed an issue where commands failed due to invalid key parsing.

Azure SQL Management (Beta) Pack v1.0.1#

Integrations#

Azure SQL Management (Beta)#

Documentation and metadata improvements.

Bambenek Consulting Feed Pack v1.0.9#

Integrations#

Bambenek Consulting Feed#

Maintenance and stability enhancements.

Base Pack v1.7.13#

Scripts#

GetMLModelEvaluation#

Updated the Docker image to: demisto/ml:1.0.0.15569.

CommonServerPowerShell#
  • Added the ParseDateRange function to parse date ranges as "3 days".
  • Fixed an issue in the TableToMarkdown command where the outputted table included the type of the object instead of its content.
  • Updated the Docker image to: demisto/powershell:7.1.1.16151.
DBotTrainTextClassifierV2#
  • Added support for tag fields of type list.
  • Added support for non UTF-8 tag values.
  • Updated the Docker image to: demisto/ml:1.0.0.15569.
CommonServerPython#
  • Improved sensitive data masking in the logger object.
  • Maintenance and stability enhancements.
DBotPredictPhishingWords#
  • When the emailsubject or emailBody arguments are empty, the script will access the value of those incident fields to obtain their values.
  • Changed the logic of word highlighting.
  • Updated the Docker image to: demisto/ml:1.0.0.16162.

BlockList DE Feed Pack v1.0.4#

Integrations#

Blocklist_de Feed#

Maintenance and stability enhancements.

BruteForce Feed Pack v1.0.4#

Integrations#

BruteForceBlocker Feed#

Maintenance and stability enhancements.

CSV Feed Pack v1.0.9#

Integrations#

CSV Feed#

Maintenance and stability enhancements.

Carbon Black Cloud Enterprise EDR Pack v1.1.3#

Integrations#

VMware Carbon Black Enterprise EDR#
  • Documentation and metadata improvements.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

Carbon Black Enterprise Response Pack v1.1.4#

Integrations#

VMware Carbon Black EDR#

Added the limit argument to the cb-list-sensors command.

Chronicle Pack v2.0.0 (Partner Supported)#

Classifiers#

New: Chronicle - Incoming Mapper#

Maps incoming Chronicle incident fields. (Available from Cortex XSOAR 6.0.0.)

New: Google Chronicle Backstory#

(Available from Cortex XSOAR 5.0.0.)

New: Chronicle - Classifier#

Classifies Chronicle incidents (Available from Cortex XSOAR 6.0.0.)

Incident Fields#

  • Chronicle Rule Type
  • Chronicle Detection Window Start Time
  • Chronicle Events
  • Chronicle Detection State
  • Chronicle Detection Type
  • Chronicle User
  • Chronicle Detection Created Time
  • Chronicle Rule Version
  • Chronicle Alert Count
  • Chronicle Domain Name
  • Chronicle Alert Name
  • Chronicle Detection Window End Time
  • Chronicle Detection ID
  • Chronicle Rule Name
  • Chronicle Detection Time
  • Chronicle Last Seen
  • Chronicle Rule ID
  • Chronicle First Seen
  • Chronicle Source Product

Incident Types#

  • Chronicle Asset Alert
  • Chronicle User Alert
  • Chronicle Rule Detection

Integrations#

Chronicle#

Chronicle will now also return the detections for a specified rule version. Users can take advantage of this using the detection and fetch-incident commands.

Layouts#

  • Chronicle Rule Detection
  • layout-mobile-Chronicle_Rule_Detection.json
  • layout-quickView-Chronicle_Rule_Detection.json
  • Chronicle User Alert
  • layout-quickView-Chronicle_User_Alert_Incident.json
  • layout-mobile-Chronicle_User_Alert_Incident.json
  • Chronicle User Alert Incident
  • Chronicle Rule Detection Incident

Scripts#

ChronicleAssetEventsForHostnameWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ChronicleIsolatedHostnameWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ChroniclePotentiallyBlockedIPWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ConvertDomainToURLs#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ExtractDomainFromIOCDomainMatchRes#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ChronicleAssetEventsForProductIDWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ChronicleAssetIdentifierScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ChronicleAssetEventsForMACWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ChronicleListDeviceEventsByEventTypeWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ListDeviceEvents#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ChronicleDBotScoreWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ChronicleDomainIntelligenceSourcesWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ChronicleIsolatedIPWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

ChronicleAssetEventsForIPWidgetScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

Cisco ISE Pack v1.0.2#

Integrations#

Cisco ISE#
  • Added 3 commands:
    • cisco-ise-get-endpoint-id-by-name
    • cisco-ise-get-nodes
    • cisco-ise-create-endpoint
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

Cloudflare Feed Pack v1.0.4#

Integrations#

Cloudflare Feed#

Maintenance and stability enhancements.

Common Scripts Pack v1.3.19#

Scripts#

RunPollingCommand#

Fixed an issue where the script was failing when given integers or non-English characters as additional arguments.

SetIfEmpty#

Fixed an issue where the script failed on non-ASCII data.

GetIndicatorDBotScore#

Fixed an issue where multiple DBotScores were part of a single entry.

Common Widgets Pack v1.0.6#

Scripts#

GetLargestInputsAndOuputsInIncidents#
  • Fixed an issue where the script returned the task size in KB instead of MB.
  • Added the table_result argument to control whether the script outputs in textual or JSON format.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

CrowdStrike Falcon Intel Pack v2.0.10#

Integrations#

CrowdStrike Falcon Intel v2#
  • Fixed an issue where the outputs of the following commands were misspelled.
    • cs-indicators
    • url
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

CrowdStrike FalconX Pack v1.1.0#

Integrations#

CrowdStrike Falcon X#
  • Added the Cloud Base URL integration parameter.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

Cyberint Pack v1.0.2 (Partner Supported)#

Integrations#

Cyberint#

Fixed an issue in the cyberint-alerts-fetch command where the page_size argument was not handled correctly.

Cymptom Pack v1.0.1 (Partner Supported)#

Integrations#

Cymptom#

Updated the integration's detailed description.

Cyren Threat InDepth Threat Intelligence Pack v1.3.1 (Partner Supported)#

Integrations#

Cyren Threat InDepth Threat Intelligence Feed#
  • Removed the configurable API URL parameter.
  • Documentation and metadata improvements.

Scripts#

New: CyrenThreatInDepthRandomHunt#

Creates a threat hunting incident from a random Cyren Threat InDepth indicator. (Available from XSOAR 6.0.0.)

CyrenThreatInDepthRelatedWidget#

Updated the Docker image to: demisto/python3:3.9.1.15759.

DShield Feed Pack v1.0.4#

Integrations#

DShield Feed#

Maintenance and stability enhancements.

EWS Pack v1.7.8#

Integrations#

EWS v2#
  • Fixed an issue where the ews-get-items command failed for emails without headers.
  • Improved error messages.
EWS O365#
  • Fixed an issue where the send-mail command failed due to an empty HTML body parameter.
  • Fixed an issue where DT caused some commands to incorrectly override the previous context.
  • Updated the Docker image to: demisto/py3ews:1.0.0.15283.

Playbooks#

O365 - Security And Compliance - Search#

Fixed an issue where the DT argument in the GenericPolling playbook was incorrect.

O365 - Security And Compliance - Search Action - Delete#

Fixed an issue where the DT argument in the GenericPolling playbook was incorrect.

O365 - Security And Compliance - Search Action - Preview#

Fixed an issue where the DT argument in the GenericPolling playbook was incorrect.

Email Communication Pack v1.3.5#

Scripts#

SendEmailReply#

Changed the mandatory service_mail argument to optional.

FeodoTracker Feed Pack v1.0.7#

Integrations#

Feodo Tracker Hashes Feed (Deprecated)#

Maintenance and stability enhancements.

Gmail Pack v1.1.5#

Integrations#

Gmail#
  • Improved the description of the credentials parameter.
  • Updated the Docker image to: demisto/google-api:1.0.0.16046.

Integrations & Incidents Health Check Pack v1.1.12#

Scripts#

GetFailedTasks#

Added the max_incidents argument.

Kenna Pack v1.1.0#

Integrations#

Kenna v2#
  • Added the kenna-get-connector-runs command which returns data on the recent runs of a specified connector.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

Machine Learning Pack v1.2.2#

Scripts#

EvaluateMLModllAtProduction#
  • Maintenance and stability enhancements.
  • Updated the Docker image to: demisto/ml:1.0.0.15569.

Majestic Million Feed Pack v1.0.4#

Integrations#

Majestic Million Feed#

Maintenance and stability enhancements.

MalwareDomainList Feed Pack v1.0.4#

Integrations#

Malware Domain List Active IPs Feed#

Maintenance and stability enhancements.

Micro Focus Service Manager Pack v1.0.3#

Integrations#

Micro Focus Service Manager#

Added the following beta commands:

  • hpsm-update-incident
  • hpsm-create-resource
  • hpsm-update-resource
  • hpsm-list-resource
  • hpsm-get-resource-by-id

Microsoft Cloud App Security Pack v1.0.14#

Integrations#

Microsoft Cloud App Security#
  • Improved documentation
    • Added an example for the Custom Filter parameter
    • Added an explanation about the type and permissions assigned to the user/token used for the integration.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

Microsoft Defender for Endpoint Pack v1.2.10#

Integrations#

Microsoft Defender for Endpoint#

Fixed an issue where the severity argument was ignored in the following commands:

  • microsoft-atp-indicator-update
  • microsoft-atp-indicator-create-file

Microsoft Teams Pack v1.1.1#

Integration#

New: Microsoft Teams Management#

Manages teams and members in Microsoft Teams.

Integrations#

Microsoft Teams#

General documentation improvements.

OpenPhish Pack v2.0.2#

Integrations#

OpenPhish v2#
  • Added the Use secured protocol parameter in the instance's configuration which allows the use of HTTPS protocol.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

Orca Pack v1.0.3 (Partner Supported)#

Integrations#

Orca#

Added a README file with details regarding pack usage.

PANW Comprehensive Investigation Pack v1.3.5#

Playbooks#

Palo Alto Networks - Endpoint Malware Investigation v3#

Replaced the Rest API LinkIncident command with the built-in LinkIncident command.

PCAP Analysis Pack v2.3.8#

Playbooks#

PCAP Parsing And Indicator Enrichment#

Fixed the input for the email enrichment task.

Palo Alto Networks Automatic SLR Pack v1.0.1 (Community Contributed)#

Integrations#

Palo Alto Networks Automatic SLR#

General documentation improvements.

Palo Alto Networks Cortex XDR - Investigation and Response Pack v2.8.5#

Classifiers#

Cortex XDR - Outgoing Mapper#

Fixed an issue where the mapper did not work as expected.

Integrations#

Palo Alto Networks Cortex XDR - Investigation and Response#
  • Fixed an issue with the xdr-retrieve-file-details command where the command failed to retrieve the file.
  • Fixed an issue with the xdr-get-endpoints command where endpoints without a user were not handled correctly.
  • Maintenance and stability enhancements.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

Palo Alto Networks PAN-OS EDL Service Pack v1.0.8#

Integrations#

Palo Alto Networks PAN-OS EDL Service#
  • Improved EDL creation time by increasing the page size when populating the EDL.
  • Fixed an issue where redundant data was saved in memory.
  • Updated the Docker image to: demisto/teams:1.0.0.15630.

PhishTank Pack v2.0.5#

Integrations#

PhishTank v2#
  • Added the Use secured protocol parameter in the instance's configuration that allows the use of HTTPS protocol.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

Plain Text Feed Pack v1.0.5#

Integrations#

Plain Text Feed#

Maintenance and stability enhancements.

Preempt Pack v1.0.1#

Integrations#

Preempt#
  • Fixed an issue where the API Key integration parameter type was incorrect.
  • Updated the Docker image to: demisto/python:2.7.18.15765.

Prisma Access Pack v1.0.6#

Integrations#

Prisma Access#

The integration is now supported from XSOAR version 5.0.0. Please note this change does not affect versions 5.5.0 and higher.

Qualys Pack v1.0.3#

Integrations#

Qualys#

Fixed an issue where the policy_id argument of the qualys-report-launch-compliance-policy command was mishandled.

RST Threat Feed Pack v1.0.1 (Partner Supported)#

Integrations#

RST Cloud - Threat Feed API#

Updated the integration's detailed description.

Rapid7 Nexpose Pack v1.1.0#

Integrations#

Rapid7 Nexpose#
  • Added the download_immediately argument to the following commands to support reports that take longer than 10 seconds to be generated.
    • nexpose-create-sites-report
    • nexpose-create-scan-report
    • nexpose-create-assets-report
  • Added the nexpose-get-report-status command, which returns the status of a report generation process.
  • Added the nexpose-download-report command, which downloads a generated report.

Playbooks#

New: Nexpose - Create and Download Report#

Use this playbook as a sub-playbook to configure and download a report. This playbook implements polling by continuously running the nexpose-get-report-status command until the operation completes. The remote action should have the following structure:

  1. Initiate the operation - insert the type of the report (sites, scan, or assets) and its additional arguments, if required.
  2. Poll to check if the operation completed.
  3. Get the results of the operation.

Rasterize Pack v1.0.7#

Integrations#

Rasterize#
  • Fixed an issue where warnings from the PdfFileReader module were treated as errors.
  • Updated the Docker image to: demisto/chromium:1.0.0.16237.

Server Message Block (SMB) Pack v2.0.0#

Integrations#

New: Server Message Block (SMB) v2#

Files and directories management with an SMB server. Supports SMB2 and SMB3 protocols. (Available from Cortex XSOAR 5.5.0).

Server Message Block (SMB) (Deprecated)#

Deprecated. Use the Server Message Block (SMB) v2 integration instead.

ServiceNow Pack v2.1.14#

Integrations#

ServiceNow v2#
  • Fixed an issue in the servicenow-upload-file command where the file to upload was mishandled.
  • Metadata and documentation improvements.
  • Improved the test-module command validations.
  • Added support for closing ticket of sc_req_item type via the outgoing mirror feature.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.
ServiceNow CMDB#

Maintenance and stability enhancements.

Shift Management Pack v1.2.2#

Dashboards#

New: Shift Management#

(Available from Cortex XSOAR 6.0.0.)

Scripts#

GetUsersOOO#

Fixed message description.

GetUsersOnCall#

Fixed message description.

Slack Pack v1.3.15#

Integrations#

Slack v2#
  • Improved the documentation of the message argument in the send-notification command.
  • Fixed an issue where the raw-response was not formatted correctly in the send-notification command.

Sophos XG Firewall Pack v1.0.1#

Integrations#

Sophos Firewall#

Fixed an issue where some arguments were incorrectly marked as default arguments.

Spamhaus Feed Pack v1.0.4#

Integrations#

Spamhaus Feed#

Maintenance and stability enhancements.

Splunk Pack v1.3.0#

Integrations#

SplunkPy#
  • Added support for the Splunk Common Information Model in the get-mapping-fields command.
  • Updated the Docker image to: 1.0.0.15975.

Starter Pack Pack v1.0.1 (Community Contributed)#

Integrations#

Starter Base Integration#
  • Updated the integration display name.
  • Updated the Docker image to: demisto/python3:3.9.1.15759.

Scripts#

BaseScript#

Updated the Docker image to: demisto/python3:3.9.1.15759.

SumoLogic Pack v1.0.5#

Integrations#

SumoLogic#

Improved the last fetched record timestamp to avoid missing records.

Symantec Advanced Threat Protection Pack v1.1.2#

Integrations#

Symantec Advanced Threat Protection#

Fixed an issue where the fetch-incident command did not pull all incidents.

TIM - SIEM Integration Pack v1.0.4#

Playbooks#

TIM - Add All Indicator Types To SIEM#

Fixed an issue where playbookName was not identical to the actual playbook name.

Twinwave Pack v1.0.2 (Partner Supported)#

Integrations#

Twinwave#

Updated the description of the integration. No changes were made to the functionality of the integration.

Workday Pack v1.0.10#

Classifiers#

IAM Sync User - Workday#

Fixed an issue where unmapped incident fields did not appear under the labels section in the IAM incident layouts.

Integrations#

Workday IAM#

Fixed an issue where incidents fetched from the integration had an incorrect name.

Zscaler Pack v1.1.2#

Integrations#

Zscaler#

Fixed an issue where the integration experienced timeout errors.

abuse.ch SSL Blacklist Feed Pack v1.0.8#

Integrations#

abuse.ch SSL Blacklist Feed#

Maintenance and stability enhancements.

Assets#

Edit this page
Report an Issue