Skip to main content

Cortex XSOAR Content Release Notes for version 21.7.0 (6375665)

Published on 06 July 2021#

Breaking Changes#

The SearchIndicatorRelationships script in the following pack includes a breaking change:

Base Pack v1.12.18

New: Content Management Pack v1.0.0#

Incident Fields#

  • Branch Name
  • Configuration File Path
  • Configuration File Source
  • Custom Packs Installed
  • Custom Packs Source
  • Jobs Created
  • Lists Created
  • Marketplace Packs Installed

Incident Types#

Configuration Setup

Layouts#

configuration setup (Available from Cortex XSOAR 6.0.0)

Playbooks#

Configuration Setup#

Playbook for configuration incident type.

Scripts#

ConfigurationSetup#

Configuration loader for the Content Management pack.

CustomPackInstaller#

Custom packs installer for the Content Management pack.

JobCreator#

Job creator for the Content Management pack.

ListCreator#

List creator for the Content Management pack.

MarketplacePackInstaller#

Marketplace packs installer for the Content Management pack.

New: Google Maps Pack v1.0.0#

Integrations#

Google Maps#

Enables you to use the Google Maps API to retrieve the coordinates of a given physical address.

New: PingCastle Pack v1.0.0 (Partner Supported)#

Classifiers#

PingCastle-Report-Classifier#
PingCastle-Report-Mapper#
PingCastle#

Incident Fields#

PingCastle XML Report

Incident Types#

PingCastle

Integrations#

PingCastle#

This integration runs a server that listens for PingCastle XML reports.

Playbooks#

SX - PC - PingCastle Report#

This playbook runs when a new report is sent from PingCastle. It then parses it to a JSON and renders a table. It also puts a download link to the XML report in the War Room.

New: Powershell Remoting Pack v1.0.0#

Integrations#

PowerShell Remoting (Beta)#

A comprehensive built-in remoting subsystem that is a part of Microsoft's native Windows management framework (WMF) and Windows remote management (WinRM). This feature allows you to handle most remoting tasks in any configuration you might encounter by creating a remote PowerShell session to Windows hosts and executing commands in the created session. The integration includes out-of-the-box commands which supports agentless forensics for remote hosts.

New: Redact/Defang Indicators (URLs, IPs, Email) Pack v1.0.0 (Community Contributed)#

Scripts#

redactindicator#

Enables you to defang/redact any kind of indicator (IPv4, url, domain, and email). Optionally, you can define a "searchkey" which does not need to be case sensitive, which will be replaced as \<REDACTED>.

New: Strip Accent Marks From String Pack v1.0.0 (Community Contributed)#

Scripts#

StripAccentMarksFromString#

Strips accent marks (diacritics) from a given string. For example: "Niรฑo ืฉืึธืœื•ึนื Montrรฉal ุงูŽู„ุณูŽู‘ู„ูŽุงู…ู ุนูŽู„ูŽูŠู’ูƒูู…ู’โ€Ž" Will return: "Nino ืฉืœื•ื Montreal ุงู„ุณู„ุงู… ุนู„ูŠูƒู…"

New: UBIRCH Pack v1.0.0 (Partner Supported)#

Incident Types#

  • UBIRCH Authenticity
  • UBIRCH Integrity
  • UBIRCH Privacy
  • UBIRCH Sequence

Integrations#

UBIRCH#

The UBIRCH solution can be seen as an external data certification provider, as a data notary service, giving data receivers the capability to verify data they receive with regard to its authenticity and integrity and correctness of sequence.

New: Windows Forensics Pack v1.0.0#

Incident Types#

Forensic Acquisition And Analysis

Layouts#

Forensic Acquisition And Analysis (Available from Cortex XSOAR 6.0.0).

Playbooks#

Acquire And Analyze Host Forensics#

Enables gathering forensic data from a host and analyzing the acquired data by using the relevant forensics automations.

Forensics Tools Analysis#

Enables the user to analyze forensic evidence acquired from a host, such as registry files and PCAP files.

PS-Remote Acquire Host Forensics#

Enables the user to gather multiple forensic data from a Windows endpoint including network traffic, MFT (Master File Table), and registry export by using the PS Remote automation which enables connecting to a Windows host without the need to install any 3rd-party tools using just native Windows management tools.

PS Remote Get File Sample From Path#

Leverages the Windows built-in PowerShell and WinRM capabilities to connect to a Windows host to acquire a file as forensic evidence for further analysis.

PS-Remote Get MFT#

Leverages the Windows built-in PowerShell and WinRM capabilities to connect to a Windows host to acquire and export the MFT (Master File Table) as forensic evidence for further analysis.

PS-Remote Get Network Traffic#

Leverages the Windows built-in PowerShell and WinRM capabilities to connect to a Windows host. It then connects to the Netsh tool to create an ETL file which is the equivalent of a Wireshark PCAP file by using the PS-Remote integration. After receiving the resultant ETL, XSOAR will be able to convert the ETL to a PCAP file to be parsed and enriched later. Review the Microsoft documentation for how to use ETL filters (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj129382(v=ws.11)#using-filters-to-limit-etl-trace-file-details).

PS-Remote Get Registry#

Leverages the Windows built-in PowerShell and WinRM capabilities to connect to a Windows host to acquire and export the registry as forensic evidence for further analysis. The capture can be for the entire registry or for a specific hive or path.

Registry Parse Data Analysis#

Leverages the RegistryParse automation to perform registry analysis and extract forensic artifacts. The automation includes common registry objects to extract which are useful for analyzing a registry, or a user provided registry path to parse.

Scripts#

Etl2Pcap#

Receives an ETL file and converts it to a PCAP file.

RegistryParse#

Extracts critical forensics data from a registry file.

New: XSOAR Content Update Notifications Pack v1.0.0 (Community Contributed)#

Incident Fields#

  • Content Notification Email
  • Content Notification Slack Channel
  • Content Notification Slack Username
  • Content Pack Selection
  • Content Updates Available

Incident Types#

Content Update Check

Layouts#

Content Update Check Layout (Available from Cortex XSOAR 6.0.0).

Playbooks#

Check For Content Installation#

This playbook checks for content updates.

Content Update Check#

This playbook checks to see if there are any content updates available for installed packs and notifies users via email or Slack.

Scripts#

FormatContentData#

This script formats the value given input from a JSON list into a table.

ListInstalledContentPacks#

This script shows all installed content packs and whether or not they have an update.

ANY.RUN Pack v1.0.4#

Integrations#

ANY.RUN#

Updated the Docker image to: demisto/python3:3.9.5.21272.

APIVoid Pack v1.0.3#

Integrations#

APIVoid#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ARIAPacketIntelligence Pack v2.0.4 (Partner Supported)#

Integrations#

ARIA Packet Intelligence#
  • Maintenance and stability enhancements.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

Abuse.ch SSL Blacklist Feed Pack v1.1.4#

Integrations#

abuse.ch SSL Blacklist Feed#

Improved implementation of the timestamp conversion to ISO format.

Acalvio ShadowPlex Pack v1.0.2 (Partner Supported)#

Integrations#

Acalvio ShadowPlex#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Accessdata Pack v1.0.2 (Partner Supported)#

Integrations#

Accessdata#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Agari Phishing Defense Pack v1.0.3 (Partner Supported)#

Integrations#

Agari Phishing Defense#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Alexa Rank Indicator Pack v1.1.4#

Integrations#

Alexa Rank Indicator#

Fixed an issue where the default source reliability was not set properly for integration instances configured prior to pack version 1.1.2.

AlienVault Feed Pack v1.1.4#

Integrations#

AlienVault Reputation Feed#

Improved implementation of the timestamp conversion to ISO format.

AlienVault USM Anywhere Pack v1.0.4#

Integrations#

AlienVault USM Anywhere#

Updated the Docker image to: demisto/python3:3.9.5.21272.

AlphaVantage Pack v1.0.2 (Community Contributed)#

Integrations#

AlphaVantage#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Analyst1 Pack v1.0.10 (Partner Supported)#

Integrations#

Analyst1#

Updated the Docker image to: demisto/python3:3.9.5.21272.

illuminate (Deprecated)#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Anomali Enterprise Pack v1.0.4#

Integrations#

Anomali Match#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Ansible Powered Integrations Pack v1.0.2 (Community Contributed)#

Integrations#

Microsoft Windows#

Updated the Docker image to: demisto/ansible-runner:1.0.0.21453.

Ansible Tower Pack v1.0.4#

Integrations#

Ansible Tower#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ApiModules Pack v2.2.1#

Scripts#

CSVFeedApiModule#

Improved implementation of the timestamp conversion to ISO format.

Atlassian IAM Pack v1.0.3#

Integrations#

Atlassian IAM#

Updated the Docker image to: demisto/python3:3.9.5.21272.

AttackIQ Platform Pack v1.0.4#

Integrations#

AttackIQ Platform#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Azure Feed Pack v1.0.6#

Integrations#

Azure Feed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Bambenek Consulting Feed Pack v1.1.4#

Integrations#

Bambenek Consulting Feed#

Improved implementation of the timestamp conversion to ISO format.

Base Pack v1.12.18#

Scripts#

CreateIndicatorRelationship#

Fixed an issue where creating new relationships was not working for indicators that were already in the database.

DBotTrainClustering#

Fixed an issue where the script caused the associated widget to not work properly.

CommonServerPython#
  • Improved the default processing logic of integration parameters when the None value is set.
  • Added the execute_command wrapper function.
  • Maintenance and stability enhancements.
SearchIndicatorRelationships#
  • Breaking Change: Removed the STIX prefix from the option list names in the entity_types argument.
  • Added the following entity types to the option list names in the entity_types argument:
    • Campaign
    • Course of Action
    • Intrusion Set
    • Infrastructure
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

Bastille Networks Pack v1.0.4 (Partner Supported)#

Integrations#

Bastille Networks#

Updated the Docker image to: demisto/python3:3.9.5.21272.

BeyondTrust Password Safe Pack v1.0.5#

Integrations#

BeyondTrust Password Safe#

Updated the Docker image to: demisto/python3:3.9.5.21272.

BitSight Pack v1.0.5 (Partner Supported)#

Integrations#

BitSight for Security Performance Management#

Updated the Docker image to: demisto/python3:3.9.5.21272.

BitcoinAbuse Feed Pack v1.0.7#

Integrations#

BitcoinAbuse Feed#

Improved implementation of the timestamp conversion to ISO format.

Blueliv ThreatCompass Pack v1.0.3 (Community Contributed)#

Integrations#

Blueliv ThreatCompass#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Blueliv ThreatContext Pack v1.0.2 (Community Contributed)#

Integrations#

Blueliv ThreatContext#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Bmc Helix Remedyforce Pack v1.0.6#

Scripts#

BMCHelixRemedyforceCreateIncident#

Updated the Docker image to: demisto/python3:3.9.5.21272.

BMCHelixRemedyforceCreateServiceRequest#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Bonusly Pack v1.0.3 (Community Contributed)#

Integrations#

Bonusly#

Updated the Docker image to: demisto/python3:3.9.5.21272.

CSV Feed Pack v1.1.3#

Integrations#

CSV Feed#

Improved implementation of the timestamp conversion to ISO format.

CVE Search Pack v1.0.6#

Playbooks#

CVE Enrichment - Generic#
  • Deprecated. Use CVE Enrichment - Generic v2 instead.
  • Maintenance and stability enhancements

Carbon Black Cloud Enterprise EDR Pack v1.1.5#

Integrations#

VMware Carbon Black Enterprise EDR#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Carbon Black Endpoint Standard Pack v3.0.2#

Integrations#

Carbon Black Live Response Cloud#

Maintenance and stability enhancements.

Carbon Black Enterprise Protection Pack v1.0.7#

Integrations#

VMware Carbon Black App Control v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Carbon Black Enterprise Response Pack v2.0.0#

Classifiers#

New: Carbon Black EDR Classifier#

Classifies Carbon Black EDR's alerts (Available from Cortex XSOAR 6.0.0).

Incident Fields#

  • Carbon Black EDR Watchlist Id
  • Carbon Black EDR Watchlist Name
  • Carbon Black EDR IOC Value
  • Carbon Black EDR Segment ID

Incident Types#

Integrations#

New: VMware Carbon Black EDR v2#

VMware Carbon Black EDR (formerly known as Carbon Black Response). (Available from Cortex XSOAR 6.0.0).

Layouts#

New: Carbon Black EDR Incidents - Carbon Black EDR Incident's standard layout. (Available from Cortex XSOAR 6.0.0).

Mappers#

New: Carbon Black EDR Mapper#

Maps Carbon Black EDR's alert fields. (Available from Cortex XSOAR 6.0.0).

Playbooks#

New: Carbon Black EDR - Enrich Process#

Default playbook for Carbon Black EDR incidents. (Available from Cortex XSOAR 6.0.0).

Chronicle Pack v2.0.3 (Partner Supported)#

Classifiers#

New: Chronicle - Incoming Mapper#

Maps incoming Chronicle incident fields. (Available from Cortex XSOAR 6.0.0).

New: Google Chronicle Backstory#

(Available from Cortex XSOAR 5.0.0).

Incident Fields#

Integrations#

Chronicle#
  • Added a simple_backoff_rules dictionary to track retry attempts for 429 and 500 errors and if 400 or 404 error occurs for detection of any rule.
  • Added 2 commands:
    • gcb-list-detections
    • gcb-list-rules
  • Updated the Docker image to: demisto/googleapi-python3:1.0.0.21730.

Scripts#

ChronicleAssetEventsForHostnameWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ChronicleAssetEventsForIPWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ChronicleAssetEventsForMACWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ChronicleAssetEventsForProductIDWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ChronicleAssetIdentifierScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ChronicleDBotScoreWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ChronicleDomainIntelligenceSourcesWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ChronicleIsolatedHostnameWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ChronicleIsolatedIPWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ChronicleListDeviceEventsByEventTypeWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ChroniclePotentiallyBlockedIPWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ConvertDomainToURLs#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ExtractDomainFromIOCDomainMatchRes#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Cisco ISE Pack v1.0.4#

Integrations#

Cisco ISE#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Cisco Threat Grid Pack v1.2.5#

Integrations#

Cisco Secure Malware Analytics Feed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Cisco Umbrella Enforcement Pack v1.0.2#

Integrations#

Cisco Umbrella Enforcement#

Updated the Docker image to: demisto/python3:3.9.5.21272.

CiscoFirepower Pack v1.0.6#

Integrations#

Cisco Firepower#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Claroty Pack v1.0.10 (Partner Supported)#

Integrations#

Claroty#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Cofense Feed Pack v1.0.9#

Integrations#

Cofense Feed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Cognni Pack v1.0.2 (Partner Supported)#

Integrations#

Cognni#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Common Playbooks Pack v1.9.9#

Playbooks#

New: Retrieve File from Endpoint - Generic V3#

Retrieves a file sample from an endpoint using the following sub-playbooks:

  • Get File Sample From Path - Generic v3.
  • Get File Sample By Hash - Generic v3. (Available from Cortex XSOAR 6.0.0).
New: Get File Sample From Path - Generic V3#

Returns a file sample correlating to a path into the War Room using the following sub-playbooks:

  • Get File Sample From Path - Powershell Remoting.
  • Get File Sample From Path - VMware Carbon Black EDR (Live Response API). (Available from Cortex XSOAR 6.0.0).
CVE Enrichment - Generic v2#

Maintenance and stability enhancements

Common Scripts Pack v1.3.66#

Scripts#

AssignAnalystToIncident#

Changed email comparison from case-sensitive to case-insensitive.

ShowOnMap#

Show addresses (or location descriptions, such as 'Paloalto Networks Tel Aviv Office') by calling the GoogleMaps integration. Make sure to have a configured instance of GoogleMaps to utilize this functionality.

Base64Decode#
  • Fixed an issue where the script failed to decode special characters in Windows-1252 encoding.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.
ExtractIndicatorsFromWordFile#

Updated the Docker image to: demisto/office-utils:2.0.0.21435.

SetGridField#

Updated the Docker image to: demisto/pandas:1.0.0.21648.

GetDuplicatesMlv2#
  • Maintenance and stability enhancements.
  • Updated the Docker image to: demisto/machine-learning:1.0.0.22015.
WordTokenizer#

Updated the Docker image to: demisto/nltk:2.0.0.19143.

Common Types Pack v3.1.3#

Incident Fields#

  • Process Name
  • Process Path
  • Resource Type
  • Associated the following fields with the CarbonBlackEDR incident type:
    • Username
    • Event Descriptions
    • Device Id

Confluera Pack v1.0.2 (Partner Supported)#

Integrations#

Confluera#

Updated the Docker image to: demisto/python3:3.9.5.21272.

CounterCraft Deception Director Pack v1.0.2 (Partner Supported)#

Integrations#

CounterCraft Deception Director#

Updated the Docker image to: demisto/python3:3.9.5.21272.

CrowdStrike FalconX Pack v1.1.3#

Integrations#

CrowdStrike Falcon X#

Updated the Docker image to: demisto/python3:3.9.5.21272.

CrowdStrike Malquery Pack v1.0.4#

Integrations#

CrowdStrike Malquery#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Cryptocurrency Pack v1.1.5#

Integrations#

Cryptocurrency#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Scripts#

CryptoCurrenciesFormat#

Updated the Docker image to: demisto/python3:3.9.5.21272.

CyberArk Pack v1.0.4#

Integrations#

CyberArk PAS#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Cyberint Pack v1.0.8 (Partner Supported)#

Integrations#

Cyberint#

Updated the Docker image to: demisto/python3:3.9.5.21272.

DeHashed Pack v1.1.2#

Integrations#

DeHashed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Demisto REST API Pack v1.1.4#

Scripts#

DemistoUploadFileV2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Deprecated Content Pack v1.6.12#

Integrations#

Palo Alto Networks MineMeld (Deprecated)#

Updated the Docker image to: demisto/python:2.7.18.20958.

Azure Security Center (Deprecated)#

Updated the Docker image to: demisto/python:2.7.18.20958.

Azure Compute (Deprecated)#

Updated the Docker image to: demisto/python:2.7.18.20958.

Cymon (Deprecated)#

Updated the Docker image to: demisto/python:2.7.18.20958.

Scripts#

LCMPathFinderScanHost#

Updated the Docker image to: demisto/python:2.7.18.20958.

IPExtract#

Updated the Docker image to: demisto/python:2.7.18.20958.

BinaryReputationPy#

Updated the Docker image to: demisto/python:2.7.18.20958.

AwsStartInstance#

Updated the Docker image to: demisto/python:2.7.18.20958.

OktaGetUser#

Updated the Docker image to: demisto/python:2.7.18.20958.

LCMDetectedEntities#

Updated the Docker image to: demisto/python:2.7.18.20958.

OktaActivateUser#

Updated the Docker image to: demisto/python:2.7.18.20958.

ExchangeDeleteIDsFromContext#

Updated the Docker image to: demisto/python:2.7.18.20958.

PWFindEvents#

Updated the Docker image to: demisto/python:2.7.18.20958.

EPORetrieveCurrentDATVersion#

Updated the Docker image to: demisto/python:2.7.18.20958.

LCMHosts#

Updated the Docker image to: demisto/python:2.7.18.20958.

VectraSettings#

Updated the Docker image to: demisto/python:2.7.18.20958.

NessusShowEditorTemplates#

Updated the Docker image to: demisto/python:2.7.18.20958.

CPTaskStatus#

Updated the Docker image to: demisto/python:2.7.18.20958.

VectraTriage#

Updated the Docker image to: demisto/python:2.7.18.20958.

CBFindHash#

Updated the Docker image to: demisto/python:2.7.18.20958.

AwsCreateVolumeSnapshot#

Updated the Docker image to: demisto/python:2.7.18.20958.

JiraCreateIssue#

Updated the Docker image to: demisto/python:2.7.18.20958.

LCMIndicatorsForEntity#

Updated the Docker image to: demisto/python:2.7.18.20958.

MD5Extract#

Updated the Docker image to: demisto/python:2.7.18.20958.

CSActors#

Updated the Docker image to: demisto/python:2.7.18.20958.

ParseEmailHeaders#

Updated the Docker image to: demisto/python:2.7.18.20958.

EPORepositoryComplianceCheck#

Updated the Docker image to: demisto/python:2.7.18.20958.

VectraClassifier#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADIsUserMember#

Updated the Docker image to: demisto/python:2.7.18.20958.

XBLockouts#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetEmailForUser#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetAllUsersEmail#

Updated the Docker image to: demisto/python:2.7.18.20958.

GoogleappsGmailSearch#

Updated the Docker image to: demisto/python:2.7.18.20958.

XBUser#

Updated the Docker image to: demisto/python:2.7.18.20958.

XBNotable#

Updated the Docker image to: demisto/python:2.7.18.20958.

CheckWhitelist#

Updated the Docker image to: demisto/python:2.7.18.20958.

ProofpointDecodeURL#

Updated the Docker image to: demisto/python:2.7.18.20958.

ExchangeSearch#

Updated the Docker image to: demisto/python:2.7.18.20958.

VectraGetDetetctionsById#

Updated the Docker image to: demisto/python:2.7.18.20958.

Elasticsearch#

Updated the Docker image to: demisto/python:2.7.18.20958.

LCMResolveHost#

Updated the Docker image to: demisto/python:2.7.18.20958.

PWObservationDetails#

Updated the Docker image to: demisto/python:2.7.18.20958.

OktaCreateUser#

Updated the Docker image to: demisto/python:2.7.18.20958.

PWEventPcapInfo#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADListUsers#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADExpirePassword#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetUserGroups#

Updated the Docker image to: demisto/python:2.7.18.20958.

CheckFilesWildfirePy#

Updated the Docker image to: demisto/python:2.7.18.20958.

OktaUpdateUser#

Updated the Docker image to: demisto/python:2.7.18.20958.

AwsCreateImage#

Updated the Docker image to: demisto/python:2.7.18.20958.

VectraSummary#

Updated the Docker image to: demisto/python:2.7.18.20958.

SplunkSearchJsonPy#

Updated the Docker image to: demisto/python:2.7.18.20958.

CheckIPs#

Updated the Docker image to: demisto/python:2.7.18.20958.

NessusScanDetails#

Updated the Docker image to: demisto/python:2.7.18.20958.

OktaSearch#

Updated the Docker image to: demisto/python:2.7.18.20958.

NessusListScans#

Updated the Docker image to: demisto/python:2.7.18.20958.

CheckURLs#

Updated the Docker image to: demisto/python:2.7.18.20958.

IsContextSet#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetComputerGroups#

Updated the Docker image to: demisto/python:2.7.18.20958.

SetSeverityByScore#

Updated the Docker image to: demisto/python:2.7.18.20958.

CYFileRep#

Updated the Docker image to: demisto/python:2.7.18.20958.

ConferSetSeverity#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADUserLogonInfo#

Updated the Docker image to: demisto/python:2.7.18.20958.

NessusHostDetails#

Updated the Docker image to: demisto/python:2.7.18.20958.

IngestCSV#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetGroupUsers#

Updated the Docker image to: demisto/python:2.7.18.20958.

SlackAskUser#

Updated the Docker image to: demisto/python:2.7.18.20958.

JiraIssueQuery#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetComputer#

Updated the Docker image to: demisto/python:2.7.18.20958.

URLExtract#

Updated the Docker image to: demisto/python:2.7.18.20958.

CPShowAccessRulebase#

Updated the Docker image to: demisto/python:2.7.18.20958.

IncidentSet#

Updated the Docker image to: demisto/python:2.7.18.20958.

CPCreateBackup#

Updated the Docker image to: demisto/python:2.7.18.20958.

GoogleappsListUsers#

Updated the Docker image to: demisto/python:2.7.18.20958.

IncidentToContext#

Updated the Docker image to: demisto/python:2.7.18.20958.

QrFullSearch#

Updated the Docker image to: demisto/python:2.7.18.20958.

LCMAcknowledgeHost#

Updated the Docker image to: demisto/python:2.7.18.20958.

AwsStopInstance#

Updated the Docker image to: demisto/python:2.7.18.20958.

XBTriggeredRules#

Updated the Docker image to: demisto/python:2.7.18.20958.

LCMDetectedIndicators#

Updated the Docker image to: demisto/python:2.7.18.20958.

RunSqlQuery#

Updated the Docker image to: demisto/python:2.7.18.20958.

NessusCreateScan#

Updated the Docker image to: demisto/python:2.7.18.20958.

QrOffenses#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADListUsersEx#

Updated the Docker image to: demisto/python:2.7.18.20958.

EPOUpdateEndpoints#

Updated the Docker image to: demisto/python:2.7.18.20958.

NessusGetReport#

Updated the Docker image to: demisto/python:2.7.18.20958.

SlackSend#

Updated the Docker image to: demisto/python:2.7.18.20958.

ClassifierNotifyAdmin#

Updated the Docker image to: demisto/python:2.7.18.20958.

QrSearches#

Updated the Docker image to: demisto/python:2.7.18.20958.

SendEmail#

Updated the Docker image to: demisto/python:2.7.18.20958.

VectraGetHostById#

Updated the Docker image to: demisto/python:2.7.18.20958.

PWEvents#

Updated the Docker image to: demisto/python:2.7.18.20958.

XBInfo#

Updated the Docker image to: demisto/python:2.7.18.20958.

PWObservations#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetEmailForAllUsers#

Updated the Docker image to: demisto/python:2.7.18.20958.

PWSensors#

Updated the Docker image to: demisto/python:2.7.18.20958.

SNListTickets#

Updated the Docker image to: demisto/python:2.7.18.20958.

SNUpdateTicket#

Updated the Docker image to: demisto/python:2.7.18.20958.

GoogleappsGetUser#

Updated the Docker image to: demisto/python:2.7.18.20958.

NetwitnessSAUpdateIncident#

Updated the Docker image to: demisto/python:2.7.18.20958.

LCMSetHostComment#

Updated the Docker image to: demisto/python:2.7.18.20958.

EPOUpdateRepository#

Updated the Docker image to: demisto/python:2.7.18.20958.

vmray_getResults#

Updated the Docker image to: demisto/python:2.7.18.20958.

JiraGetIssue#

Updated the Docker image to: demisto/python:2.7.18.20958.

VectraHosts#

Updated the Docker image to: demisto/python:2.7.18.20958.

QrGetSearch#

Updated the Docker image to: demisto/python:2.7.18.20958.

AdSearch#

Updated the Docker image to: demisto/python:2.7.18.20958.

CPShowBackupStatus#

Updated the Docker image to: demisto/python:2.7.18.20958.

NessusLaunchScan#

Updated the Docker image to: demisto/python:2.7.18.20958.

GoogleappsGmailGetMail#

Updated the Docker image to: demisto/python:2.7.18.20958.

PWEventDetails#

Updated the Docker image to: demisto/python:2.7.18.20958.

XBTimeline#

Updated the Docker image to: demisto/python:2.7.18.20958.

VMRay#

Updated the Docker image to: demisto/python:2.7.18.20958.

JiraIssueAddLink#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetGroupMembers#

Updated the Docker image to: demisto/python:2.7.18.20958.

WhoisLookup#

Updated the Docker image to: demisto/python:2.7.18.20958.

OktaDeactivateUser#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADSetNewPassword#

Updated the Docker image to: demisto/python:2.7.18.20958.

GoogleappsRevokeUserRole#

Updated the Docker image to: demisto/python:2.7.18.20958.

CPDeleteRule#

Updated the Docker image to: demisto/python:2.7.18.20958.

SandboxDetonateFile#

Updated the Docker image to: demisto/python:2.7.18.20958.

AwsRunInstance#

Updated the Docker image to: demisto/python:2.7.18.20958.

OktaGetGroups#

Updated the Docker image to: demisto/python:2.7.18.20958.

CommonIntegrationPython#

Updated the Docker image to: demisto/python:2.7.18.20958.

JiraIssueUploadFile#

Updated the Docker image to: demisto/python:2.7.18.20958.

EPODetermineRepository#

Updated the Docker image to: demisto/python:2.7.18.20958.

LocateAttachment#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetCommonGroups#

Updated the Docker image to: demisto/python:2.7.18.20958.

GetContextValue#

Updated the Docker image to: demisto/python:2.7.18.20958.

PWObservationPcapInfo#

Updated the Docker image to: demisto/python:2.7.18.20958.

CPBlockIP#

Updated the Docker image to: demisto/python:2.7.18.20958.

CPShowHosts#

Updated the Docker image to: demisto/python:2.7.18.20958.

EPORepoList#

Updated the Docker image to: demisto/python:2.7.18.20958.

CSHuntByIOC#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADListComputers#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetGroupComputers#

Updated the Docker image to: demisto/python:2.7.18.20958.

VectraDetections#

Updated the Docker image to: demisto/python:2.7.18.20958.

VirustotalIsMalicious#

Updated the Docker image to: demisto/python:2.7.18.20958.

DocumentationAutomation#

Updated the Docker image to: demisto/python:2.7.18.20958.

VectraSensors#

Updated the Docker image to: demisto/python:2.7.18.20958.

JiraIssueAddComment#

Updated the Docker image to: demisto/python:2.7.18.20958.

CSIndicators#

Updated the Docker image to: demisto/python:2.7.18.20958.

VectraHealth#

Updated the Docker image to: demisto/python:2.7.18.20958.

SNOpenTicket#

Updated the Docker image to: demisto/python:2.7.18.20958.

AggregateIOCs#

Updated the Docker image to: demisto/python:2.7.18.20958.

CPSetRule#

Updated the Docker image to: demisto/python:2.7.18.20958.

ConferIncidentDetails#

Updated the Docker image to: demisto/python:2.7.18.20958.

ExtractDomainFromURL#

Updated the Docker image to: demisto/python:2.7.18.20958.

SlackMirror#

Updated the Docker image to: demisto/python:2.7.18.20958.

IPInfoQuery#

Updated the Docker image to: demisto/python:2.7.18.20958.

NessusScanStatus#

Updated the Docker image to: demisto/python:2.7.18.20958.

ADGetUsersByEmail#

Updated the Docker image to: demisto/python:2.7.18.20958.

OktaSetPassword#

Updated the Docker image to: demisto/python:2.7.18.20958.

QrGetSearchResults#

Updated the Docker image to: demisto/python:2.7.18.20958.

EPOCheckLatestDAT#

Updated the Docker image to: demisto/python:2.7.18.20958.

CSCountDevicesForIOC#

Updated the Docker image to: demisto/python:2.7.18.20958.

GoogleappsGetUserRoles#

Updated the Docker image to: demisto/python:2.7.18.20958.

DevSecOps Pack v1.0.1 (Community Contributed)#

Integrations#

GitLab#
  • Added the following commands:
    • gitlab-pipelines-schedules-list
    • gitlab-pipelines-list
    • gitlab-jobs-list
    • gitlab-artifact-get
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

Digital Guardian Pack v1.0.4 (Partner Supported)#

Integrations#

Digital Guardian#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Druva Ransomware Response Pack v1.0.2 (Partner Supported)#

Integrations#

Druva Ransomware Response#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Elasticsearch Monitoring Pack v1.0.1#

Dashboards#

Elasticsearch Monitoring#

Fixed an issue where the Elasticsearch Active Shards widget was displaying incorrectly in red.

EmailRepIO Pack v1.0.3#

Integrations#

EmailRep.io#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Endace Pack v1.1.5 (Partner Supported)#

Integrations#

Endace#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Exabeam Pack v2.1.2#

Integrations#

Exabeam#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Expanse (Deprecated) Pack v1.2.2 (Partner Supported)#

Integrations#

Expanse (Deprecated)#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Scripts#

ExpanseParseRawIncident#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Expanse v2 Pack v1.7.0#

Incident Fields#

  • Expanse Activity Status
  • Expanse Asset
  • Expanse Asset Organization Unit
  • Expanse Asset Owner
  • Expanse Assignee
  • Expanse Business Units
  • Expanse Category
  • Expanse Certificate
  • Expanse Cloud Management Status
  • Expanse Created
  • Expanse Domain
  • Expanse Geolocation
  • Expanse IP
  • Expanse Initial Evidence
  • Expanse Issue ID
  • Expanse Issue Type
  • Expanse Latest Evidence
  • Expanse ML Features
  • Expanse Modified
  • Expanse Port
  • Expanse Priority
  • Expanse Progress Status
  • Expanse Protocol
  • Expanse Provider
  • Expanse Region
  • Expanse Service
  • Expanse Shadow IT
  • Expanse Tags

Incident Types#

Integrations#

Expanse v2#
  • Updated User Agent String.
  • Updated expanse-get-iprange include parameter.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.
Expanse Expander Feed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Layouts#

Expanse Issue Layout - Fixed section locations.

Mappers#

ExpanseV2 - Incoming Mapper#
  • Added Xpanse Issue - Generic to the mapper.
  • Mapped Alert Type ID with the issue type ID.

Playbooks#

New: Xpanse Incident Handling - Generic#

A generic playbook for handling Xpanse issues. The logic behind this playbook is to work with an internal exclusions list which will help the analyst to get to a decision or, if configured, close incidents automatically. The phases of this playbook are: 1) Check if assets (IP, Domain, or Certificate) associated with the issue are excluded in the exclusions list and optionally, close the incident automatically. 2) Optionally, enrich indicators and calculate the severity of the issue, using sub-playbooks. 3) Optionally, allow the analyst to add associated assets (IP, Domain, or Certificate) to the exclusions list. 4) Tag associated assets. 5) Update the status of the issue.

Expanse Load-Create List#
  • Added the ListValues playbook input.
  • Changed the internal task to use the above value.
Handle Expanse Incident#
  • Added "{}" as an input for the "Expanse Load-Create List" sub-playbook.
  • Corrected spelling errors.
  • Add "else" statement to task 169.
  • Updated to include the Expanse VM Enrich sub-playbook.
  • Updated to include the Expanse Unmanaged Cloud sub-playbook.
Expanse Attribution#

Updated to include the ServiceNow CMDB Search sub-playbook and a new script for result aggregation.

New: Expanse Unmanaged Cloud#

Sub-playbook for bringing rogue cloud accounts under management. (Available from Cortex XSOAR 6.0.0). Helps identify owners of unknown cloud assets so they can be brought under management in Prisma Cloud.

Expanse VM Enrich#

Updated to include asset vulnerability results as evidence.

Scripts#

ExpanseAggregateAttributionDevice#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ExpanseAggregateAttributionIP#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ExpanseAggregateAttributionUser#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ExpanseEnrichAttribution#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ExpanseEvidenceDynamicSection#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ExpansePrintSuggestions#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ExpanseRefreshIssueAssets#

Updated the Docker image to: demisto/python3:3.9.5.21272.

MatchIPinCIDRIndicators#

Updated the Docker image to: demisto/python3:3.9.5.21272.

New: ExpanseAggregateAttributionCI#
  • Aggregate entries from the ServiceNow CMDB into AttributionCI (Available from Cortex XSOAR 6.0.0).
  • Updated the Docker image to: demisto/python3:3.9.5.20958.

F5 Silverline Pack v1.0.1#

Integrations#

F5 Silverline#

Maintenance and stability enhancements.

F5 firewall Pack v1.2.2#

Integrations#

F5 Application Security Manager (WAF)#

Updated the Docker image to: demisto/python3:3.9.5.21272.

FireEye Central Management Pack v1.1.0#

Integrations#

FireEye Central Management#
  • Internal code improvements.
  • Added the timeout argument to the fireeye-cm-get-alert-details command.
  • Fixed an issue where the fetch-incidents command was not fetching new alerts in some cases.

FireEye Email Security (EX) Pack v2.0.0#

Classifiers#

New: FireEye Email Security - Classifier#

Classifies FireEye Email Security Alerts.

Integrations#

New: FireEye Email Security#

Added the FireEye Email Security integration.

FireEye Feed Pack v2.0.2#

Integrations#

FireEye Feed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

FireEye Helix Pack v1.0.4#

Integrations#

FireEye Helix#

Updated the Docker image to: demisto/python3:3.9.5.21272.

FortiManager Pack v1.0.2#

Integrations#

FortiManager#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Gamma Pack v1.0.2 (Partner Supported)#

Integrations#

Gamma#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Genians Pack v1.0.5 (Partner Supported)#

Integrations#

Genians#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Get License ID Pack v1.0.3#

Scripts#

GetLicenseID#

Updated the Docker image to: demisto/python3:3.9.5.21272.

GetServerURL Pack v1.0.2#

Scripts#

GetServerURL#

Updated the Docker image to: demisto/python3:3.9.5.21272.

GitHub Pack v1.2.11#

Integrations#

GitHub#

Added the Github-list-issue-events command.

Google Key Management Service Pack v1.0.3#

Integrations#

Google Key Management Service#

Updated the Docker image to: demisto/google-kms:1.0.0.21967.

Google Safe Browsing Pack v2.0.3#

Integrations#

Google Safe Browsing v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

GreatHorn Pack v1.0.2 (Partner Supported)#

Integrations#

GreatHorn#

Updated the Docker image to: demisto/python3:3.9.5.21272.

HashiCorp Vault Pack v1.0.1#

Integrations#

HashiCorp Vault#
  • Maintenance and stability enhancements.
  • Updated the Docker image to: demisto/hashicorp:1.0.0.19034.

Hello World IAM Pack v1.0.5#

Integrations#

Hello World IAM#

Updated the Docker image to: demisto/python3:3.9.5.21272.

HelloWorld Pack v1.2.5 (Community Contributed)#

Integrations#

HelloWorld Feed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

HelloWorld#

Updated the Docker image to: demisto/python3:3.9.5.21272.

HostIo Pack v1.0.2#

Integrations#

HostIo#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Humio Pack v1.0.7 (Partner Supported)#

Integrations#

Humio#

Updated the Docker image to: demisto/python3:3.9.5.21272.

IBM QRadar Pack v2.0.16#

Integrations#

IBM QRadar v2#
  • Set a predefined amount of incident samples to be generated by the long-running-execution instance.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.
IBM QRadar v3#
  • Set a predefined amount of incident samples to be generated by the long-running-execution instance.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.
IBM QRadar (Deprecated)#
  • Deprecated. Use the IBM QRadar v2 or IBM QRadar v3 integration instead.
  • Maintenance and stability enhancements.

Playbooks#

QRadarFullSearch#

Maintenance and stability enhancements.

Imperva WAF Pack v1.0.3#

Integrations#

Imperva WAF#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Infoblox Pack v1.0.5#

Integrations#

Infoblox#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Integrations & Incidents Health Check Pack v1.1.20#

Scripts#

CopyLinkedAnalystNotes#

Updated the Docker image to: demisto/python3:3.9.5.21272.

GetFailedTasks#

Updated the Docker image to: demisto/python3:3.9.5.21272.

IncidentsCheck-NumberofIncidentsNoOwner#

Updated the Docker image to: demisto/python3:3.9.5.21272.

IncidentsCheck-NumberofIncidentsWithErrors#

Updated the Docker image to: demisto/python3:3.9.5.21272.

IncidentsCheck-NumberofTotalEntriesErrors#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Intel471 Feed Pack v2.0.1 (Partner Supported)#

Integrations#

Intel471 Actors Feed#

Custom user agent added.

Intel471 Malware Feed (Deprecated)#

Custom user agent added.

Intel471 Malware Indicator Feed#

Custom user agent added.

IronNet Pack v1.1.6 (Partner Supported)#

Integrations#

IronDefense#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Jask Pack v1.1.0#

Integrations#

Jask (Deprecated)#

Deprecated. Use the Sumo Logic Cloud SIEM integration from the Sumo Logic Cloud SIEM pack.

JsonWhoIs Pack v1.0.5#

Integrations#

JsonWhoIs#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Kaspersky Security Center Pack v1.0.2#

Integrations#

Kaspersky Security Center (Beta)#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Kenna Pack v1.1.2#

Integrations#

Kenna v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Lockpath Keylight Pack v1.1.2#

Integrations#

Lockpath KeyLight v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Scripts#

KeylightCreateIssue#

Updated the Docker image to: demisto/python3:3.9.5.21272.

LogPoint SIEM Integration Pack v1.2.1 (Partner Supported)#

Integrations#

LogPoint SIEM Integration#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Logz.io Pack v1.1.6 (Partner Supported)#

Integrations#

Logz.io#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Machine Learning Pack v1.3.1#

Scripts#

ExportMLModel#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ImportMLModel#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Majestic Million Feed Pack v1.1.3#

Integrations#

Majestic Million Feed#

Improved implementation of the timestamp conversion to ISO format.

Maltiverse Pack v1.0.5#

Integrations#

Maltiverse#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Manage Engine Service Desk Plus Pack v2.0.2#

Integrations#

Service Desk Plus#

Updated the Docker image to: demisto/python3:3.9.5.21272.

McAfee ESM Pack v1.1.9#

Integrations#

McAfee ESM v2#
  • Fixed an issue where alarms were fetched only for the user who was configured for authentication.
  • Added a default value of CURRENT_DAY to the timeRange argument of the esm-fetch-alarms command.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

Microsoft 365 Defender Pack v1.0.2#

Integrations#

Microsoft 365 Defender (Beta)#

Updated the description and README file.

Microsoft Azure AD Connect Health Feed Pack v1.0.2#

Integrations#

Azure AD Connect Health Feed#
  • Maintenance and stability enhancements.
  • Updated the Docker image to: demisto/btfl-soup:1.0.1.20928.

Microsoft Graph Groups Pack v1.0.7#

Integrations#

Microsoft Graph Groups#

Updated the Docker image to: demisto/crypto:1.0.0.19032.

MobileIron-UEM Pack v1.0.4 (Partner Supported)#

Integrations#

MobileIronCLOUD#

Updated the Docker image to: demisto/python3:3.9.5.21272.

MobileIronCORE#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ModulesManagement Pack v1.0.2#

Scripts#

GetInstances#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Netcraft Pack v1.0.3#

Integrations#

Netcraft#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Netscout Arbor Edge Defense - AED Pack v1.0.3#

Integrations#

Netscout Arbor Edge Defense#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Nozomi Networks Pack v1.0.3 (Partner Supported)#

Integrations#

Nozomi Networks#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Nutanix Hypervisor Pack v1.0.3#

Integrations#

Nutanix Hypervisor#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Office 365 Feed Pack v1.1.7#

Integrations#

Office 365 Feed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Okta Pack v2.1.11#

Integrations#

Okta IAM#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Okta v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

OpenCTI Feed Pack v2.0.1#

Integrations#

OpenCTI Feed 3.X#
  • Fixed an issue where the Tags integration parameter was not handled properly.
  • Updated the Docker image to: demisto/opencti:1.0.0.19143.
OpenCTI Feed 4.X#
  • Fixed an issue where the Tags integration parameter was not handled properly.
  • Updated the Docker image to: demisto/opencti-v4:1.0.0.19143.

OpenPhish Pack v2.0.4#

Integrations#

OpenPhish v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Opsgenie v2 Pack v1.0.2 (Community Contributed)#

Integrations#

Opsgenie v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Orca Pack v1.0.6 (Partner Supported)#

Integrations#

Orca#

Updated the Docker image to: demisto/python3:3.9.5.21272.

PAN-OS to Cortex Data Lake Monitoring Pack v1.0.6 (Community Contributed)#

Scripts#

PANOStoCortexDataLakeMonitoring#

Updated the Docker image to: demisto/python3:3.9.5.21272.

PANW Comprehensive Investigation Pack v1.3.7#

Scripts#

PanwIndicatorCreateQueries#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Palo Alto Networks BPA Pack v1.2.8#

Integrations#

Palo Alto Networks BPA#
  • Updated the description for the Server URL integration parameter.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

Palo Alto Networks Cortex XDR - Investigation and Response Pack v3.0.17#

Integrations#

Palo Alto Networks Cortex XDR - Investigation and Response#

Improved the error message for the test-module command in case the Cortex XDR server is not in sync with Cortex XSOAR.

Palo Alto Networks IoT Pack v1.0.4#

Integrations#

Palo Alto Networks IoT#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Palo Alto Networks PAN-OS EDL Service Pack v2.0.6#

Integrations#

Palo Alto Networks PAN-OS EDL Service#

Added the Use Legacy Queries integration parameter. When enabled, the integration will query the server using full queries. Enable this query mode, if you've been instructed by support, or you've encountered in the log errors of the form: msgpack: invalid code.

Palo Alto Networks Threat Vault Pack v1.0.5#

Integrations#

Palo Alto Networks Threat Vault#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Palo Alto Networks WildFire Pack v1.3.8#

Integrations#

Palo Alto Networks WildFire v2#
  • Fixed an issue where the wildfire-get-report-command command failed due to incorrect handling of chunked HTTP responses.
  • Added support for the Source Reliability integration parameter.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

PassiveTotal Pack v2.0.10 (Partner Supported)#

Integrations#

PassiveTotal v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Scripts#

RiskIQPassiveTotalComponentsWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

RiskIQPassiveTotalHostPairsChildrenWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

RiskIQPassiveTotalHostPairsParentsWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

RiskIQPassiveTotalPDNSWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

RiskIQPassiveTotalSSLForIssuerEmailWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

RiskIQPassiveTotalSSLForSubjectEmailWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

RiskIQPassiveTotalSSLWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

RiskIQPassiveTotalTrackersWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

RiskIQPassiveTotalWhoisWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

PhishTank Pack v2.0.8#

Integrations#

PhishTank v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Phishing Pack v2.2.6#

Playbooks#

Get Original Email - EWS#

Maintenance and stability enhancements.

Scripts#

FindDuplicateEmailIncidents#
  • Fixed an issue where passing an empty string as a query argument would cause the script to fail.
  • Updated the Docker image to: demisto/sklearn:1.0.0.22039.
PhishingDedupPreprocessingRule#

Maintenance and stability enhancements.

Phishing Campaign Pack v2.0.6#

Scripts#

FindEmailCampaign#
  • Added EmailCampaign.fieldsToDisplay to the context output, which indicates which headers should be displayed.
  • Updated the Docker image to: demisto/sklearn:1.0.0.21733.
GetCampaignIncidentsInfo#
  • The script will now display only the headers specified in the EmailCampaign.fieldsToDisplay context entry.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

Polygon Pack v1.0.4 (Partner Supported)#

Integrations#

Group-IB TDS Polygon#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Proofpoint Feed Pack v1.0.5#

Integrations#

Proofpoint Feed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Proofpoint Protection Server Pack v2.0.5#

Integrations#

Proofpoint Protection Server v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Proofpoint TAP Pack v1.1.3#

Integrations#

Proofpoint TAP v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Qualys Pack v1.0.4#

Integrations#

Qualys#

Maintenance and stability enhancements.

New: Qualys v2#

Qualys Vulnerability Management lets you:

  • Create, run, fetch, and manage reports.
  • Launch and manage vulnerability and compliance scans.
  • Manage the host assets you want to scan for vulnerabilities and compliance. (Available from Cortex XSOAR 5.5.0).

Playbooks#

New: Launch And Fetch Remediation Report - Qualys#

Launches a remediation report and fetches the report when it is ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Host Based Findings Report - Qualys#

Launches a host-based report and fetches the report when it is ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch VM Scan - Qualys#

Launches a scan and fetches the scan when it is ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Scheduled Report - Qualys#

Launches a scheduled report and fetches the report when it is ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Compliance Policy Report - Qualys#

Launches a compliance policy report and fetches the report when it is ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Map Report - Qualys#

Launches a map scan report and fetches the report when it is ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Scan Based Findings Report - Qualys#

Launches a scan based report and fetches the report when it is ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch PC Scan - Qualys#

Launches a PC scan and fetches the scan when it is ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Patch Report - Qualys#

Launches a patch report and fetches the report when it is ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Compliance Report - Qualys#

Launches a compliance report and fetches the report when it is ready. (Available from Cortex XSOAR 5.5.0).

New: Vulnerability Management - Qualys (Job) - V2#

Updated the V1 playbook to V2.

Quantum Security Systems Pack v1.0.2 (Partner Supported)#

Integrations#

QSS#

Updated the Docker image to: demisto/python3:3.9.5.21272.

QueryAI Pack v1.0.6 (Partner Supported)#

Integrations#

QueryAI#

Updated the Docker image to: demisto/python3:3.9.5.21272.

RSA Archer Pack v1.1.18#

Integrations#

RSA Archer v2#
  • Fixed an issue where the archer-search-records-by-report command failed to handle a report with only one record.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

RST Threat Feed Pack v1.0.3 (Partner Supported)#

Integrations#

RST Cloud - Threat Feed API#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Rapid Breach Response Pack v1.6.9#

Playbooks#

HAFNIUM - Exchange 0-day exploits#

Removed duplicated playbook tasks related to indicators.

New: CVE-2021-1675 - PrintNightmare#

CVE-2021-1675 is a vulnerability dubbed โ€œPrintNightmareโ€ which allows remote code execution on Windows Print Spooler.

  • Microsoft patched the vulnerability in June, but an exploit proof of concept, and complete technical analysis were made publicly available online.

  • This playbook includes the following tasks:

    • Manual actions to mitigate the exploit.
    • Search vulnerable devices using CVE.
    • Search vulnerable devices using the SIEM.

  • More details on the vulnerability.

  • The playbook will also query the firewall and Cortex XDR to detect malicious activity and compromised hosts.

This is a beta playbook, which lets you implement and test pre-release software. Since the playbook is beta, it might contain bugs.

Updates to the pack during the beta phase might include non-backward compatible features.

We appreciate your feedback on the quality and usability of the pack to help us identify issues, fix them, and continually improve.

Rapid7 InsightIDR Pack v1.0.3#

Integrations#

Rapid7 InsightIDR#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Recorded Future Feed Pack v1.0.11#

Integrations#

Recorded Future RiskList Feed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Red Canary Pack v1.1.2#

Integrations#

Red Canary#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ReplaceMatchGroup Pack v1.0.3#

Scripts#

ReplaceMatchGroup#

Updated the Docker image to: demisto/python3:3.9.5.21272.

RiskIQ Digital Footprint Pack v1.0.8 (Partner Supported)#

Integrations#

RiskIQ Digital Footprint#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Scripts#

RiskIQDigitalFootprintAssetDetailsWidgetScript#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Rubrik Polaris Pack v1.0.3 (Partner Supported)#

Integrations#

Rubrik Radar#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Rundeck Pack v1.0.4#

Integrations#

Rundeck#

Updated the Docker image to: demisto/python3:3.9.5.21272.

SailPoint IdentityNow Pack v1.0.2 (Partner Supported)#

Integrations#

SailPoint IdentityNow#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Securonix Pack v1.1.6#

Integrations#

Securonix#

Support for this pack will move to a partner on or about October 1, 2021.

Sepio Pack v1.0.3 (Partner Supported)#

Integrations#

Sepio#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Server Message Block (SMB) Pack v2.0.3#

Integrations#

Server Message Block (SMB) v2#

Fixed an issue where a request failed when the SMB2 protocol response header contained a bad epoch time.

ServerLogs Pack v1.0.1 (Community Contributed)#

Scripts#

ServerLogs#
  • Added the required dependency for the Remote Access integration.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

ServiceNow Pack v2.1.25#

Integrations#

ServiceNow CMDB#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ServiceNow IAM#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ServiceNow v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Playbooks#

New: ServiceNow CMDB Search#
  • Sub-playbook for finding configuration item records in the ServiceNow CMDB. (Available from Cortex XSOAR 6.0.0).
  • Enriches context with configuration items that match a given query.
  • Prompts analysts to add missing records to their CMDB.

Shift Management Pack v1.2.4#

Scripts#

GetNumberOfUsersOnCall#

Updated the Docker image to: demisto/python3:3.9.5.21272.

GetOnCallHoursPerUser#

Updated the Docker image to: demisto/python3:3.9.5.21272.

GetRolesPerShift#

Updated the Docker image to: demisto/python3:3.9.5.21272.

GetShiftsPerUser#

Updated the Docker image to: demisto/python3:3.9.5.21272.

GetUsersOOO#

Updated the Docker image to: demisto/python3:3.9.5.21272.

GetUsersOnCall#

Updated the Docker image to: demisto/python3:3.9.5.21272.

TimeToNextShift#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Silverfort Pack v1.0.5 (Partner Supported)#

Integrations#

Silverfort#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Sixgill Darkfeed - Annual Subscription Pack v2.0.2 (Partner Supported)#

Scripts#

SixgillSearchIndicators#

Updated the Docker image to: demisto/python3:3.9.5.21272.

SlashNext Phishing Incident Response - Annual Subscription (Direct Subscription) Pack v1.2.2 (Partner Supported)#

Integrations#

SlashNext Phishing Incident Response#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Sophos XG Firewall Pack v1.0.4#

Integrations#

Sophos Firewall#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Sumo Logic Cloud SIEM Pack v1.0.2 (Partner Supported)#

Integrations#

Sumo Logic Cloud SIEM#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Symantec Endpoint Protection Pack v1.0.3#

Integrations#

Symantec Endpoint Protection v2#

Improved the error message that is returned when an invalid request is sent within all of the integration's commands.

Symantec Management Center Pack v1.0.4#

Integrations#

Symantec Management Center#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Syslog Sender Pack v1.0.3#

Integrations#

Syslog Sender#

Updated the Docker image to: demisto/python3:3.9.5.21272.

TAXII Server Pack v1.0.8#

Integrations#

TAXII Server#

Updated the Docker image to: demisto/taxii-server:1.0.0.21219.

TOPdesk Pack v1.0.3#

Integrations#

TOPdesk#
  • Maintenance and stability enhancements.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

Talos Feed Pack v1.0.3 (Community Contributed)#

Integrations#

Talos Feed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Tanium Pack v1.0.7#

Integrations#

Tanium v2#
  • Updated the authentication process of the integration to support both OAuth 2.0 and basic authentication.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

Threat Intelligence Management Pack v1.0.4#

Scripts#

ThreatIntelManagementGetIncidentsPerFeed#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ThreatExchange Pack v2.0.2#

Integrations#

ThreatExchange v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ThreatQ Pack v1.0.9 (Partner Supported)#

Integrations#

ThreatQ v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Tidy Pack v1.0.6#

Integrations#

Tidy#

Updated the Docker image to: demisto/tidy:1.0.0.22176.

Trello Pack v1.0.3 (Community Contributed)#

Integrations#

Trello#

Updated the Docker image to: demisto/python3]:3.9.5.21272.

Trend Micro Apex One Pack v2.0.1#

Integrations#

Trend Micro Apex One#
  • Documentation and metadata improvements.
  • Updated the Docker image to: demisto/pycef:1.0.0.19330.

Tripwire Pack v1.0.3#

Integrations#

Tripwire#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Troubleshoot Pack v2.0.2#

Scripts#

TroubleshootExecuteCommand#
  • Maintenance and stability enhancements.
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

TrustwaveSEG Pack v1.0.2#

Integrations#

Trustwave Secure Email Gateway#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Twinwave Pack v1.0.3 (Partner Supported)#

Integrations#

Twinwave#
  • Fixed an issue where the proxy parameter did not work as expected.
  • You can now pass multiple values to the engines argument in the following commands:
    • twinwave-submit-url
    • twinwave-submit-file
  • Updated the Docker image to: demisto/python3:3.9.5.21272.

URLhaus Pack v1.0.5#

Integrations#

URLhaus#

Updated the Docker image to: demisto/python3:3.9.5.21272.

VMRay Pack v1.0.4#

Integrations#

VMRay#

Fixed an issue where the vmray-upload-sample command failed for file entry IDs whose names included backslashes.

Vectra Pack v1.0.2#

Integrations#

Vectra v2#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Windows Forensics Pack v1.0.1#

Playbooks#

PS Remote Get File Sample From Path#

Maintenance and stability enhancements.

WootCloud Pack v1.0.5 (Partner Supported)#

Integrations#

WootCloud#

Updated the Docker image to: demisto/python3:3.9.5.21272.

X509Certificate Pack v1.0.6#

Scripts#

CertificateReputation#

Updated the Docker image to: demisto/python3:3.9.5.21272.

XSOAR Mirroring Pack v2.0.3#

Integrations#

XSOAR Mirroring#

Updated the Docker image to: demisto/python3:3.9.5.21272.

ZeroFox Pack v1.0.2#

Integrations#

ZeroFox#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Zimperium Pack v1.0.8#

Integrations#

Zimperium#

Updated the Docker image to: demisto/python3:3.9.5.21272.

iLert Pack v1.0.2 (Partner Supported)#

Integrations#

iLert#

Updated the Docker image to: demisto/python3:3.9.5.21272.

xMatters Pack v1.0.2 (Partner Supported)#

Integrations#

xMatters#

Updated the Docker image to: demisto/python3:3.9.5.21272.

Assets#

Edit this page
Report an Issue