#
Cortex XSOAR Content Release Notes for version 21.2.1 (280430)#
Published on 16 February 2021#
New: Azure Kubernetes Services Pack v1.0.0#
Integrations#
Azure Kubernetes Services (Beta)Deploy and manage containerized applications with a fully managed Kubernetes service.
#
New: Azure SQL Management (Beta) Pack v1.0.0#
Integrations#
Azure SQL Management (Beta)Microsoft Azure SQL Management integration manages the Auditing and Threat Policies for Azure SQL.
#
New: Cyjax Feed Pack v1.0.0 (Partner Supported)#
Indicator Fields#
Cyjax Techniques Tactics Procedures#
Cyjax industry types#
Integrations#
Cyjax FeedThe feed allows customers to pull indicators of compromise from cyber incidents (IP addresses, URLs, domains, CVE, and file hashes).
#
New: Cymptom Pack v1.0.0 (Partner Supported)#
Incident TypesCymptom Mitigations
#
Integrations#
CymptomCymptom is a Breach and Attack Simulation solution that revolutionizes the existing approach by transforming attack simulation into a data analysis question. Cymptom agentless scanning brings real-time always-on visibility into the entire security posture.
#
Playbooks#
Cymptom - Expire passwords for password cracked usersExpires passwords for password cracked users using an Active Directory query integration instance.
#
New: Feed DHS Pack v1.0.0#
Integrations#
DHS FeedThe Cybersecurity and Infrastructure Security Agency’s (CISA’s) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators, at machine speed, to the Federal Government community.
#
New: FireEye Detection on Demand Pack v1.0.0 (Partner Supported)#
Integrations#
FireEye Detection on DemandFireEye Detection On Demand is a threat detection service delivered as an API for integration into the SOC workflow, SIEM analytics, data repositories, web applications, etc. It delivers flexible file and content analysis to identify malicious behavior wherever the enterprise needs it.
#
Playbooks#
Detonate File - FireEye Detection on DemandDetonate one or more files using the FireEye Detection on Demand integration. This playbook returns relevant reports to the War Room and file reputations to the context data.
#
New: Forti Sandbox Pack v1.0.0 (Community Contributed)#
Integrations#
FortiSandboxFortiSandbox integration is used to submit files to FortiSandbox for malware analysis and retrieve the report of the analysis. It can also provide a file rating based on hashes for already scanned files.
#
Playbooks#
Detonate File - FortiSandboxMain playbook to upload submissions to FortiSandbox, poll for the verdict, and retrieve the report.
#
FortiSandbox - Loop For Job VerdictRetrieves the verdict of a specific job ID for a sample submitted to FortiSandbox.
#
FortiSandbox - Loop for Job SubmissionsRetrieves the job ID for submissions of FortiSandbox using the submission ID.
#
FortiSandbox - Upload Multiple FilesUploads files to FortiSandbox.
#
New: GreatHorn Pack v1.0.0 (Partner Supported)#
Incident TypesGreatHorn Phishing
#
Integrations#
GreatHornThe only cloud-native security platform that stops targeted social engineering and phishing attacks on cloud email platforms such as Office 365 and G Suite.
#
New: GreyNoise Pack v1.0.0 (Partner Supported)#
Integrations#
GreyNoiseGreyNoise is a cybersecurity platform that collects and analyzes Internet-wide scan and attack traffic. With this integration, users can contextualize existing alerts, filter false-positives, identify compromised devices, and track emerging threats.
#
Playbooks#
Calculate Severity - GreyNoiseCalculate and assign the incident severity based on the highest returned severity level from the following calculations:
- DBotScores of indicators
- Current incident severity
#
Calculate Severity Highest DBotScore For Egress Network Traffic - GreyNoiseCalculates the severity based on GreyNoise.
#
Calculate Severity Highest DBotScore For Ingress Network Traffic - GreyNoiseCalculate the severity based on GreyNoise.
#
IP Reputation-GreyNoisePlaybook for the ip reputation command.
#
New: Ja3er Pack v1.0.0 (Community Contributed)#
Integrations#
Ja3erQuery the ja3er API for MD5 hashes of JA3 fingerprints.
#
New: Nutanix Hypervisor Pack v1.0.0#
Classifiers#
Nutanix Hypervisor#
Nutanix Hypervisor - Incoming Mapper#
Incident FieldsAcknowledged
Acknowledged By Username
Alert Closing User
Alert Type UUID
Check ID
Classifications
Cluster UUID
Message
Operation Type
Resolved
#
Incident TypesNutanix Hypervisor Alert
#
Integrations#
Nutanix HypervisorNutanix Hypervisor abstracts and isolates the VMs and their programs from the underlying server hardware, enabling a more efficient use of physical resources, simpler maintenance and operations, and reduced costs.
#
LayoutsNutanix Hypervisor Alert - Summary
#
Playbooks#
Nutanix Change Virtual Machine Power StateUse this playbook to perform a power status change for a virtual machine, and wait until the power status change task is completed. This playbook receives the desired power status, calls the Nutanix service to perform the power status change, and continuously polls by running the nutanix-hypervisor-task-results-get command on the task ID provided as an output from Nutanix to power the status change operation.
#
New: Office365 and Azure Audit Log Pack v1.0.0#
Integrations#
Microsoft Policy And Compliance (Audit Log)Gets logs from the O365 service.
#
New: Palo Alto Networks IoT 3rd Party Integrations Pack v1.0.0#
Incident TypesPANW IoT 3rd Party Cisco ISE Quarantine
PANW IoT 3rd Party Cisco ISE Un-quarantine
PANW IoT 3rd Party SIEM Alert
PANW IoT 3rd Party SIEM Vulnerability
PANW IoT 3rd Party ServiceNow Alert
PANW IoT 3rd Party ServiceNow Vulnerability
#
Integrations#
Palo Alto Networks IoT 3rd PartyBase integration for Palo Alto IoT third party integrations. This integration communicates with Palo Alto IoT Cloud to get alerts, vulnerabilities, and devices.
#
Playbooks#
Bulk Export Devices to ServiceNow - PANW IoT 3rd Party IntegrationGets all available devices from PANW IoT Cloud and updates/creates endpoints with custom attributes in ServiceNow.
#
Bulk Export to Cisco ISE - PANW IoT 3rd Party IntegrationGets all available device inventory from PANW IoT Cloud and updates/create endpoints with custom attributes on Cisco ISE.
#
Bulk Export to SIEM - PANW IoT 3rd Party IntegrationGets all available assets (alerts, vulnerabilities, and devices) and sends then to configured the PANW third-party integration SIEM server.
#
Export Single Alert to ServiceNow - PANW IoT 3rd Party IntegrationHandles incidents triggered in the PANW IoT (Zingbox) UI by sending the alert to ServiceNow.
#
Export Single Asset to SIEM - PANW IoT 3rd Party IntegrationHandles incidents triggered in the PANW IoT (Zingbox) UI by sending the alert to your SIEM.
#
Export Single Vulnerability to ServiceNow - PANW IoT 3rd Party IntegrationHandles incidents triggered in the PANW IoT (Zingbox) UI by sending the vulnerability to ServiceNow.
#
Incremental Export Devices to ServiceNow - PANW IoT 3rd Party IntegrationPlaybook to be run every 15 minutes via a job. Each run will get incremental updates for devices to send to the ServiceNow server.
#
Incremental Export to Cisco ISE - PANW IoT 3rd Party IntegrationPlaybook to be run every 15 minutes via a job. Each run will get incremental updates for devices, and will update or create new endpoints in Cisco ISE with PANW IOT discovered attributes (ISE custom attributes).
#
Incremental Export to SIEM - PANW IoT 3rd Party IntegrationPlaybook to be run every 15 minutes via a job. Each run will get incremental updates for devices, alerts, and vulnerabilities and send CEF syslogs to the configured SIEM server.
#
Quarantine Device in Cisco ISE - PANW IoT 3rd Party IntegrationHandles incidents triggered from PANW IoT (Zingbox) UI to quarantine a device in Cisco ISE.
#
Un-quarantine Device in Cisco ISE - PANW IoT 3rd Party IntegrationHandles incidents triggered from PANW IoT (Zingbox) UI to un-quarantine a device in Cisco ISE.
#
Scripts#
GeneratePANWIoTDeviceTableQueryForServiceNowGenerates a single query or query list with which to query in ServiceNow.
#
GetCiscoISEActiveInstanceDetermines which configured Cisco ISE instance is in active or primary state and returns the name of the instance.
#
SendAllPANWIoTAssetsToSIEMRetrieves all specified assets from the PANW IoT cloud and sends them to the SIEM server.
#
SendAllPANWIoTDevicesToCiscoISEGets all available devices from the PANW IoT cloud and updates or creates them on Cisco ISE using the custom attributes.
#
SendAllPANWIoTDevicesToServiceNowGets all available devices from the PANW IoT cloud and sends them to the ServiceNow server.
#
SendPANWIoTDevicesToCiscoISEGets (as a required argument) custom attributes from the PANW IoT cloud and creates or updates endpoints in ISE with the input custom attributes.
#
New: SailPoint IdentityIQ Pack v1.0.0 (Partner Supported)#
Classifiers#
SailPoint IdentityIQ Alert Classifier#
SailPoint IdentityIQ Alert Mapper#
Incident Fields- SailPoint IdentityIQ Alert Display Name
- SailPoint IdentityIQ Alert Target Display Name
- SailPoint IdentityIQ Alert Target Id
- SailPoint IdentityIQ Alert Target Type
- SailPoint IdentityIQ Alert Type
#
Incident TypesSailPoint IdentityIQ Alert
#
Integrations#
SailPoint IdentityIQSailPoint IdentityIQ context pack enables XSOAR customers to utilize the deep, enriched contextual data in the SailPoint predictive identity platform to better drive identity-aware security practices.
#
LayoutsSailPoint IdentityIQ Alert
#
Playbooks#
SailPoint IdentityIQ Disable User Account AccessChecks if the risk score of an identity exceeds a set threshold of 500 and disables the accounts.
#
New: Sophos XG Firewall Pack v1.0.0#
Integrations#
Sophos FirewallOn-premise firewall by Sophos enables you to manage your firewall, respond to threats, and monitor what’s happening on your network.
#
Playbooks#
Sophos Firewall - Block IPAdds the IP address to a pre-configured firewall rule. The target firewall rule can be changed as requested.
Pre-Requisite: 1) Create an IP host group. 2) Create a firewall rule which refers to the IP host group created in the previous step.
#
Sophos Firewall - Block URLAdds the URL to the Default Block URL Policy. The target policy can be changed as requested.
Pre-Requisite: 1) Create a web policy rule that refers to the URL group you specified in the inputs of the playbook. 2) Create a new firewall rule and assign the web policy to the one created in the previous step.
#
New: Tidy Pack v1.0.0 (Community Contributed)#
Incident Fields- TidyGitHubToken
- TidyHost
- TidyPassword
- TidyUser
#
Incident TypesTidy install
#
Integrations#
TidyHandles endpoint environment installation.
#
Playbooks#
Content developer setupSets up a content developers environment for 6.0.0.
#
Tidy install contentNew content developer installation.
#
APIVoid Pack v1.0.1#
Integrations#
APIVoid- Fixed an issue where the test-module command failed in case an invalid API key was entered.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
Active Directory Query Pack v1.1.4#
Integrations#
Active Directory Query v2Maintenance enhancements.
#
AlienVault Feed Pack v1.0.11#
Integrations#
AlienVault Reputation FeedMaintenance and stability enhancements.
#
Arduino Pack v1.0.1 (Community Contributed)#
Integrations#
ArduinoUpdated the integration's detailed description.
#
Axonius Pack v1.0.2 (Partner Supported)#
Integrations#
AxoniusFixed an issue where commands failed due to invalid key parsing.
#
Azure SQL Management (Beta) Pack v1.0.1#
Integrations#
Azure SQL Management (Beta)Documentation and metadata improvements.
#
Bambenek Consulting Feed Pack v1.0.9#
Integrations#
Bambenek Consulting FeedMaintenance and stability enhancements.
#
Base Pack v1.7.13#
Scripts#
GetMLModelEvaluationUpdated the Docker image to: demisto/ml:1.0.0.15569.
#
CommonServerPowerShell- Added the ParseDateRange function to parse date ranges as "3 days".
- Fixed an issue in the TableToMarkdown command where the outputted table included the type of the object instead of its content.
- Updated the Docker image to: demisto/powershell:7.1.1.16151.
#
DBotTrainTextClassifierV2- Added support for tag fields of type list.
- Added support for non UTF-8 tag values.
- Updated the Docker image to: demisto/ml:1.0.0.15569.
#
CommonServerPython- Improved sensitive data masking in the logger object.
- Maintenance and stability enhancements.
#
DBotPredictPhishingWords- When the emailsubject or emailBody arguments are empty, the script will access the value of those incident fields to obtain their values.
- Changed the logic of word highlighting.
- Updated the Docker image to: demisto/ml:1.0.0.16162.
#
BlockList DE Feed Pack v1.0.4#
Integrations#
Blocklist_de FeedMaintenance and stability enhancements.
#
BruteForce Feed Pack v1.0.4#
Integrations#
BruteForceBlocker FeedMaintenance and stability enhancements.
#
CSV Feed Pack v1.0.9#
Integrations#
CSV FeedMaintenance and stability enhancements.
#
Carbon Black Cloud Enterprise EDR Pack v1.1.3#
Integrations#
VMware Carbon Black Enterprise EDR- Documentation and metadata improvements.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
Carbon Black Enterprise Response Pack v1.1.4#
Integrations#
VMware Carbon Black EDRAdded the limit argument to the cb-list-sensors command.
#
Chronicle Pack v2.0.0 (Partner Supported)#
Classifiers#
New: Chronicle - Incoming MapperMaps incoming Chronicle incident fields. (Available from Cortex XSOAR 6.0.0.)
#
New: Google Chronicle Backstory(Available from Cortex XSOAR 5.0.0.)
#
New: Chronicle - ClassifierClassifies Chronicle incidents (Available from Cortex XSOAR 6.0.0.)
#
Incident Fields- Chronicle Rule Type
- Chronicle Detection Window Start Time
- Chronicle Events
- Chronicle Detection State
- Chronicle Detection Type
- Chronicle User
- Chronicle Detection Created Time
- Chronicle Rule Version
- Chronicle Alert Count
- Chronicle Domain Name
- Chronicle Alert Name
- Chronicle Detection Window End Time
- Chronicle Detection ID
- Chronicle Rule Name
- Chronicle Detection Time
- Chronicle Last Seen
- Chronicle Rule ID
- Chronicle First Seen
- Chronicle Source Product
#
Incident Types- Chronicle Asset Alert
- Chronicle User Alert
- Chronicle Rule Detection
#
Integrations#
ChronicleChronicle will now also return the detections for a specified rule version. Users can take advantage of this using the detection and fetch-incident commands.
#
Layouts- Chronicle Rule Detection
- layout-mobile-Chronicle_Rule_Detection.json
- layout-quickView-Chronicle_Rule_Detection.json
- Chronicle User Alert
- layout-quickView-Chronicle_User_Alert_Incident.json
- layout-mobile-Chronicle_User_Alert_Incident.json
- Chronicle User Alert Incident
- Chronicle Rule Detection Incident
#
Scripts#
ChronicleAssetEventsForHostnameWidgetScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ChronicleIsolatedHostnameWidgetScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ChroniclePotentiallyBlockedIPWidgetScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ConvertDomainToURLsUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ExtractDomainFromIOCDomainMatchResUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ChronicleAssetEventsForProductIDWidgetScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ChronicleAssetIdentifierScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ChronicleAssetEventsForMACWidgetScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ChronicleListDeviceEventsByEventTypeWidgetScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ListDeviceEventsUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ChronicleDBotScoreWidgetScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ChronicleDomainIntelligenceSourcesWidgetScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ChronicleIsolatedIPWidgetScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
ChronicleAssetEventsForIPWidgetScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
Cisco ISE Pack v1.0.2#
Integrations#
Cisco ISE- Added 3 commands:
- cisco-ise-get-endpoint-id-by-name
- cisco-ise-get-nodes
- cisco-ise-create-endpoint
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
Cloudflare Feed Pack v1.0.4#
Integrations#
Cloudflare FeedMaintenance and stability enhancements.
#
Common Scripts Pack v1.3.19#
Scripts#
RunPollingCommandFixed an issue where the script was failing when given integers or non-English characters as additional arguments.
#
SetIfEmptyFixed an issue where the script failed on non-ASCII data.
#
GetIndicatorDBotScoreFixed an issue where multiple DBotScores were part of a single entry.
#
Common Widgets Pack v1.0.6#
Scripts#
GetLargestInputsAndOuputsInIncidents- Fixed an issue where the script returned the task size in KB instead of MB.
- Added the table_result argument to control whether the script outputs in textual or JSON format.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
CrowdStrike Falcon Intel Pack v2.0.10#
Integrations#
CrowdStrike Falcon Intel v2- Fixed an issue where the outputs of the following commands were misspelled.
- cs-indicators
- url
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
CrowdStrike FalconX Pack v1.1.0#
Integrations#
CrowdStrike Falcon X- Added the Cloud Base URL integration parameter.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
Cyberint Pack v1.0.2 (Partner Supported)#
Integrations#
CyberintFixed an issue in the cyberint-alerts-fetch command where the page_size argument was not handled correctly.
#
Cymptom Pack v1.0.1 (Partner Supported)#
Integrations#
CymptomUpdated the integration's detailed description.
#
Cyren Threat InDepth Threat Intelligence Pack v1.3.1 (Partner Supported)#
Integrations#
Cyren Threat InDepth Threat Intelligence Feed- Removed the configurable API URL parameter.
- Documentation and metadata improvements.
#
Scripts#
New: CyrenThreatInDepthRandomHuntCreates a threat hunting incident from a random Cyren Threat InDepth indicator. (Available from XSOAR 6.0.0.)
#
CyrenThreatInDepthRelatedWidgetUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
DShield Feed Pack v1.0.4#
Integrations#
DShield FeedMaintenance and stability enhancements.
#
EWS Pack v1.7.8#
Integrations#
EWS v2- Fixed an issue where the ews-get-items command failed for emails without headers.
- Improved error messages.
#
EWS O365- Fixed an issue where the send-mail command failed due to an empty HTML body parameter.
- Fixed an issue where DT caused some commands to incorrectly override the previous context.
- Updated the Docker image to: demisto/py3ews:1.0.0.15283.
#
Playbooks#
O365 - Security And Compliance - SearchFixed an issue where the DT argument in the GenericPolling playbook was incorrect.
#
O365 - Security And Compliance - Search Action - DeleteFixed an issue where the DT argument in the GenericPolling playbook was incorrect.
#
O365 - Security And Compliance - Search Action - PreviewFixed an issue where the DT argument in the GenericPolling playbook was incorrect.
#
Email Communication Pack v1.3.5#
Scripts#
SendEmailReplyChanged the mandatory service_mail argument to optional.
#
FeodoTracker Feed Pack v1.0.7#
Integrations#
Feodo Tracker Hashes Feed (Deprecated)Maintenance and stability enhancements.
#
Gmail Pack v1.1.5#
Integrations#
Gmail- Improved the description of the credentials parameter.
- Updated the Docker image to: demisto/google-api:1.0.0.16046.
#
Integrations & Incidents Health Check Pack v1.1.12#
Scripts#
GetFailedTasksAdded the max_incidents argument.
#
Kenna Pack v1.1.0#
Integrations#
Kenna v2- Added the kenna-get-connector-runs command which returns data on the recent runs of a specified connector.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
Machine Learning Pack v1.2.2#
Scripts#
EvaluateMLModllAtProduction- Maintenance and stability enhancements.
- Updated the Docker image to: demisto/ml:1.0.0.15569.
#
Majestic Million Feed Pack v1.0.4#
Integrations#
Majestic Million FeedMaintenance and stability enhancements.
#
MalwareDomainList Feed Pack v1.0.4#
Integrations#
Malware Domain List Active IPs FeedMaintenance and stability enhancements.
#
Micro Focus Service Manager Pack v1.0.3#
Integrations#
Micro Focus Service ManagerAdded the following beta commands:
- hpsm-update-incident
- hpsm-create-resource
- hpsm-update-resource
- hpsm-list-resource
- hpsm-get-resource-by-id
#
Microsoft Cloud App Security Pack v1.0.14#
Integrations#
Microsoft Cloud App Security- Improved documentation
- Added an example for the Custom Filter parameter
- Added an explanation about the type and permissions assigned to the user/token used for the integration.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
Microsoft Defender for Endpoint Pack v1.2.10#
Integrations#
Microsoft Defender for EndpointFixed an issue where the severity argument was ignored in the following commands:
- microsoft-atp-indicator-update
- microsoft-atp-indicator-create-file
#
Microsoft Teams Pack v1.1.1#
Integration#
New: Microsoft Teams ManagementManages teams and members in Microsoft Teams.
#
Integrations#
Microsoft TeamsGeneral documentation improvements.
#
OpenPhish Pack v2.0.2#
Integrations#
OpenPhish v2- Added the Use secured protocol parameter in the instance's configuration which allows the use of HTTPS protocol.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
Orca Pack v1.0.3 (Partner Supported)#
Integrations#
OrcaAdded a README file with details regarding pack usage.
#
PANW Comprehensive Investigation Pack v1.3.5#
Playbooks#
Palo Alto Networks - Endpoint Malware Investigation v3Replaced the Rest API LinkIncident command with the built-in LinkIncident command.
#
PCAP Analysis Pack v2.3.8#
Playbooks#
PCAP Parsing And Indicator EnrichmentFixed the input for the email enrichment task.
#
Palo Alto Networks Automatic SLR Pack v1.0.1 (Community Contributed)#
Integrations#
Palo Alto Networks Automatic SLRGeneral documentation improvements.
#
Palo Alto Networks Cortex XDR - Investigation and Response Pack v2.8.5#
Classifiers#
Cortex XDR - Outgoing MapperFixed an issue where the mapper did not work as expected.
#
Integrations#
Palo Alto Networks Cortex XDR - Investigation and Response- Fixed an issue with the xdr-retrieve-file-details command where the command failed to retrieve the file.
- Fixed an issue with the xdr-get-endpoints command where endpoints without a user were not handled correctly.
- Maintenance and stability enhancements.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
Palo Alto Networks PAN-OS EDL Service Pack v1.0.8#
Integrations#
Palo Alto Networks PAN-OS EDL Service- Improved EDL creation time by increasing the page size when populating the EDL.
- Fixed an issue where redundant data was saved in memory.
- Updated the Docker image to: demisto/teams:1.0.0.15630.
#
PhishTank Pack v2.0.5#
Integrations#
PhishTank v2- Added the Use secured protocol parameter in the instance's configuration that allows the use of HTTPS protocol.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
Plain Text Feed Pack v1.0.5#
Integrations#
Plain Text FeedMaintenance and stability enhancements.
#
Preempt Pack v1.0.1#
Integrations#
Preempt- Fixed an issue where the API Key integration parameter type was incorrect.
- Updated the Docker image to: demisto/python:2.7.18.15765.
#
Prisma Access Pack v1.0.6#
Integrations#
Prisma AccessThe integration is now supported from XSOAR version 5.0.0. Please note this change does not affect versions 5.5.0 and higher.
#
Qualys Pack v1.0.3#
Integrations#
QualysFixed an issue where the policy_id argument of the qualys-report-launch-compliance-policy command was mishandled.
#
RST Threat Feed Pack v1.0.1 (Partner Supported)#
Integrations#
RST Cloud - Threat Feed APIUpdated the integration's detailed description.
#
Rapid7 Nexpose Pack v1.1.0#
Integrations#
Rapid7 Nexpose- Added the download_immediately argument to the following commands to support reports that take longer than 10 seconds to be generated.
- nexpose-create-sites-report
- nexpose-create-scan-report
- nexpose-create-assets-report
- Added the nexpose-get-report-status command, which returns the status of a report generation process.
- Added the nexpose-download-report command, which downloads a generated report.
#
Playbooks#
New: Nexpose - Create and Download ReportUse this playbook as a sub-playbook to configure and download a report. This playbook implements polling by continuously running the nexpose-get-report-status command until the operation completes. The remote action should have the following structure:
- Initiate the operation - insert the type of the report (sites, scan, or assets) and its additional arguments, if required.
- Poll to check if the operation completed.
- Get the results of the operation.
#
Rasterize Pack v1.0.7#
Integrations#
Rasterize- Fixed an issue where warnings from the PdfFileReader module were treated as errors.
- Updated the Docker image to: demisto/chromium:1.0.0.16237.
#
Server Message Block (SMB) Pack v2.0.0#
Integrations#
New: Server Message Block (SMB) v2Files and directories management with an SMB server. Supports SMB2 and SMB3 protocols. (Available from Cortex XSOAR 5.5.0).
#
Server Message Block (SMB) (Deprecated)Deprecated. Use the Server Message Block (SMB) v2 integration instead.
#
ServiceNow Pack v2.1.14#
Integrations#
ServiceNow v2- Fixed an issue in the servicenow-upload-file command where the file to upload was mishandled.
- Metadata and documentation improvements.
- Improved the test-module command validations.
- Added support for closing ticket of sc_req_item type via the outgoing mirror feature.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
ServiceNow CMDBMaintenance and stability enhancements.
#
Shift Management Pack v1.2.2#
Dashboards#
New: Shift Management(Available from Cortex XSOAR 6.0.0.)
#
Scripts#
GetUsersOOOFixed message description.
#
GetUsersOnCallFixed message description.
#
Slack Pack v1.3.15#
Integrations#
Slack v2- Improved the documentation of the message argument in the send-notification command.
- Fixed an issue where the raw-response was not formatted correctly in the send-notification command.
#
Sophos XG Firewall Pack v1.0.1#
Integrations#
Sophos FirewallFixed an issue where some arguments were incorrectly marked as default arguments.
#
Spamhaus Feed Pack v1.0.4#
Integrations#
Spamhaus FeedMaintenance and stability enhancements.
#
Splunk Pack v1.3.0#
Integrations#
SplunkPy- Added support for the Splunk Common Information Model in the get-mapping-fields command.
- Updated the Docker image to: 1.0.0.15975.
#
Starter Pack Pack v1.0.1 (Community Contributed)#
Integrations#
Starter Base Integration- Updated the integration display name.
- Updated the Docker image to: demisto/python3:3.9.1.15759.
#
Scripts#
BaseScriptUpdated the Docker image to: demisto/python3:3.9.1.15759.
#
SumoLogic Pack v1.0.5#
Integrations#
SumoLogicImproved the last fetched record timestamp to avoid missing records.
#
Symantec Advanced Threat Protection Pack v1.1.2#
Integrations#
Symantec Advanced Threat ProtectionFixed an issue where the fetch-incident command did not pull all incidents.
#
TIM - SIEM Integration Pack v1.0.4#
Playbooks#
TIM - Add All Indicator Types To SIEMFixed an issue where playbookName was not identical to the actual playbook name.
#
Twinwave Pack v1.0.2 (Partner Supported)#
Integrations#
TwinwaveUpdated the description of the integration. No changes were made to the functionality of the integration.
#
Workday Pack v1.0.10#
Classifiers#
IAM Sync User - WorkdayFixed an issue where unmapped incident fields did not appear under the labels section in the IAM incident layouts.
#
Integrations#
Workday IAMFixed an issue where incidents fetched from the integration had an incorrect name.
#
Zscaler Pack v1.1.2#
Integrations#
ZscalerFixed an issue where the integration experienced timeout errors.
#
abuse.ch SSL Blacklist Feed Pack v1.0.8#
Integrations#
abuse.ch SSL Blacklist FeedMaintenance and stability enhancements.
#
Assets- Download Content Zip (Cortex XSOAR 5.5 and earlier): content_new.zip
- Download Marketplace Packs (Cortex XSOAR 6.0 and later): content_marketplace_packs.zip
- Browse the Source Code: Content Repo @ 21.2.1