Skip to main content

Cortex XSOAR Content Release Notes for version 22.2.0 (10680451)

Published on 09 February 2022#

New: Azure Key Vault Pack v1.0.0#

Integrations#

Azure Key Vault#

Use the Azure Key Vault integration to safeguard and manage cryptographic keys and secrets used by cloud applications and services.

New: Cado Response Pack v1.0.0 (Partner Supported)#

Integrations#

Cado Response#

Use the Cado Response integration to automate data collection, process data at cloud speed, and analyze the data.

New: Camlytics Pack v1.0.0 (Community Contributed)#

Integrations#

Camlytics#

You can use this integration to automate different Camlytics surveillance analysis actions.

New: Core Alert Fields Pack v1.0.0#

Incident Fields#

  • Agent OS Sub Type
  • App-id
  • CGO CMD
  • CGO MD5
  • CGO name
  • CGO path
  • CGO SHA256
  • CGO signature
  • CGO signer
  • Country
  • Destination Zone Name
  • Domain
  • Email Recipient
  • Email Sender
  • Email Subject
  • FW Name
  • FW Rule Name
  • FW Serial Number
  • File SHA256
  • Host FQDN
  • Host IP
  • Host Mac Address
  • Hostname
  • Initiated By
  • Initiator CMD
  • Initiator MD5
  • Initiator PID
  • Initiator SHA256
  • Initiator signature
  • Initiator signer
  • Initiator TID
  • Initiator path
  • Local IP
  • Local Port
  • Mitre ATT&CK Tactic
  • Mitre ATT&CK Technique
  • Module
  • Process execution signature
  • Process execution signer
  • Remote Host
  • Remote IP
  • Remote Port
  • Source Zone Name
  • Target process CMD
  • Target process name
  • Target process SHA256
  • Timestamp
  • User name
  • App Category
  • appsubcategory
  • App Technology
  • CID
  • Cloud Identity Sub Type
  • Cloud Identity Type
  • Cloud Operation Type
  • Cloud Project
  • Cloud Provider
  • Cloud Referenced Resource
  • Cloud Resource Sub-type
  • Cloud Resource Type
  • Cluster Name
  • Container ID
  • Contains Featured Host
  • Contains Featured IP Address
  • Contains Featured User
  • DNS Query Name
  • Excluded
  • File Macro SHA256
  • FW Rule ID
  • Image Name
  • Is Phishing
  • NGFW Vsys Name
  • OS Parent CMD
  • OS Parent ID
  • OS Parent Name
  • OS Parent PID
  • OS Parent SHA256
  • OS Parent Signature
  • OS Parent Signer
  • OS Parent User Name
  • Registry Data
  • Registry Full Key
  • Rule ID
  • Starred
  • User Agent
  • XFF

New: MAC Vendors Pack v1.0.0 (Community Contributed)#

Integrations#

MAC Vendors#

Query MAC Vendors for vendor names when providing a MAC address. MAC Vendors maintains a list of vendors provided directly from the IEEE Standards Association and is updated multiple times each day. The IEEE is the registration authority and provides data on over 16,500 registered vendors.

New: OpenSourceVulnerabilities Pack v1.0.0 (Community Contributed)#

Integrations#

OSV#

OSV (Open Source Vulnerability) is a vulnerability database for open source projects. For each vulnerability, it performs bisects to determine the exact commit that introduced the bug, as well the exact commit that fixes it. This is cross referenced against upstream repositories to determine the affected tags and commit ranges.

New: Trend Micro Vision One Pack v1.0.0 (Partner Supported)#

Classifiers#

Trend Micro Vision One XDR - Incoming Mapper#

Maps incoming Trend Micro Vision One alerts.

Incident Fields#

  • Trend Micro Vision One XDR Account Count
  • Trend Micro Vision One XDR Desktop Count
  • Trend Micro Vision One XDR Detail
  • Trend Micro Vision One XDR Email Address Count
  • Trend Micro Vision One XDR Impact Scope
  • Trend Micro Vision One XDR Impacted Entities
  • Trend Micro Vision One XDR Indicators
  • Trend Micro Vision One XDR Investigation Status
  • Trend Micro Vision One XDR Priority Score
  • Trend Micro Vision One XDR Server Count
  • Trend Micro Vision One XDR Workbench ID
  • Trend Micro Vision One XDR Workbench Link

Incident Types#

Trend Micro Vision One XDR Incident

Integrations#

Trend Micro Vision One#

Trend Micro Vision One is a threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. It provides deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks. Trend Micro Vision One prevents the majority of attacks with automated protection.

Layouts#

Trend Micro Vision One XDR Incident (Available from Cortex XSOAR 6.2.0)

New: Xsoar_Utils Pack v1.0.0 (Community Contributed)#

Integrations#

Xsoar_Utils#

This is a wrapper on top of Cortex XSOAR API. Can be used to implement commands that call the Cortex XSOAR API in the background. This is mostly to avoid constructing raw JSON strings while calling the Demisto REST API integration.

The first implemented command can be used to create an entry on any investigation (playground by default). An example use-case could be debugging a pre-process script. (Call demisto.execute_command("xsoar-create-entry",{arguments})

The idea is to use the same code to test from a local machine. python3 Xsoar_Utils.py xsoar-create-entry '{"data":"# testapi4","inv_id":"122c7bff-feae-4177-867e-37e2096cd7d9"}'

Review the code to understand more.

ANY.RUN Pack v1.0.8#

Integrations#

ANY.RUN#

Fixed an issue where the anyrun-get-report command would not display screenshots from the API.

AWS - ACM Pack v1.1.8#

Integrations#

AWS - ACM#
  • AWSClient class now supports passing an AWS STS session token as a parameter. This allows for third-party authorization software to provide login credentials to use for building a client session.
  • Updated the Docker image to: demisto/boto3py3:1.0.0.26417.

AWS - CloudWatchLogs Pack v1.2.4#

Integrations#

AWS - CloudWatchLogs#

AWSClient class now supports passing an AWS STS session token as a parameter. This allows for third-party authorization software to provide login credentials to use for building a client session.

AWS - EC2 Pack v1.2.9#

Integrations#

AWS - EC2#

AWSClient class now supports passing an AWS STS session token as a parameter. This allows for third-party authorization software to provide login credentials to use for building a client session.

AWS - GuardDuty Pack v1.2.4#

Integrations#

AWS - GuardDuty#

AWSClient class now supports passing an AWS STS session token as a parameter. This allows for third-party authorization software to provide login credentials to use for building a client session.

AWS - IAM Pack v1.1.10#

Integrations#

AWS - Identity and Access Management#

AWSClient class now supports passing an AWS STS session token as a parameter. This allows for third-party authorization software to provide login credentials to use for building a client session.

AWS - Lambda Pack v1.2.9#

Integrations#

AWS - Lambda#
  • AWSClient class now supports passing an AWS STS session token as a parameter. This allows for third-party authorization software to provide login credentials to use for building a client session.
  • Updated the Docker image to: demisto/boto3py3:1.0.0.26417.

AWS - S3 Pack v1.2.1#

Integrations#

AWS - S3#
  • Added the following arguments to the aws-s3-list-objects command:
    • delimiter
    • prefix
  • Added support for pagination to the aws-s3-list-objects command.
  • Added the following commands:
    • aws-s3-put-public-access-block
    • aws-s3-get-public-access-block
  • AWSClient class now supports passing an AWS STS session token as a parameter. This allows for third-party authorization software to provide login credentials to use for building a client session.

AWS - SQS Pack v1.2.5#

Integrations#

AWS - SQS#

AWSClient class now supports passing an AWS STS session token as a parameter. This allows for third-party authorization software to provide login credentials to use for building a client session.

AWS - Security Hub Pack v1.1.9#

Integrations#

AWS - Security Hub#
  • AWSClient class now supports passing an AWS STS session token as a parameter. This allows for third-party authorization software to provide login credentials to use for building a client session.
  • Updated the Docker image to: demisto/boto3py3:1.0.0.26417.

Abuse.ch SSL Blacklist Feed Pack v1.1.13#

Integrations#

abuse.ch SSL Blacklist Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Accenture CTI Pack v3.2.3 (Partner Supported)#

Integrations#

Accenture CTI#

Fixed the integration logo as per the required 120x50 pixel dimensions.

ACTI Feed#

Fixed the integration logo as per the required 120x50 pixel dimensions.

Accenture CTI v2 Pack v1.1.0 (Partner Supported)#

Integrations#

ACTI Indicator Query#
  • Fixed an issue where network indicators without LastSeen details in the ACTI IntelGraph portal returned error.
  • Fixed the integration logo as per the required 120x50 pixel dimensions.
ACTI Vulnerability Query#

Added a new integration where CVE IDs can be queried to get necessary data related to the vulnerability.

Active Directory Query Pack v1.4.5#

Integrations#

Active Directory Query v2#

Updated the Docker image to: demisto/py3-tools:0.0.1.26536.

ActiveMQ Pack v1.0.5#

Integrations#

ActiveMQ#

Updated the Docker image to: demisto/py3-tools:0.0.1.26536.

AlienVault Feed Pack v1.1.13#

Integrations#

AlienVault Reputation Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Amazon DynamoDB Pack v1.0.11#

Integrations#

Amazon DynamoDB#

Updated the Docker image to: demisto/boto3py3:1.0.0.26276.

Anomali ThreatStream Pack v2.0.5#

Integrations#

Anomali ThreatStream v3#

Updated the Docker image to: demisto/py3-tools:0.0.1.26536.

Ansible Microsoft Windows Pack v1.0.3#

Integrations#

Ansible Microsoft Windows#

Updated the expected_return_code default argument for the !win-package command to be 0 instead of an array.

Atlassian Jira Pack v1.4.7#

Incident Fields#

Integrations#

Atlassian Jira v2#

Add the extraFields argument to the jira-issue-query command in order to specify which fields to return.

Attivo Botsink Pack v1.0.6 (Partner Supported)#

Integrations#

Attivo Botsink#

Moved Pack support to Partner.

AutoFocus Pack v2.0.10#

Integrations#

Palo Alto Networks AutoFocus v2#
  • Documentation and metadata improvements.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.
AutoFocus Feed#
  • Improved the classification of URL indicator types.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.
AutoFocus Daily Feed#
  • Improved the classification of URL indicator types.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Azure Active Directory Identity and Access Pack v1.2.2#

Incident Fields#

Integrations#

Azure Active Directory Identity Protection (Beta)#

Documentation improvements.

Azure Feed Pack v1.0.13#

Integrations#

Azure Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Azure Sentinel Pack v1.3.1#

Integrations#

Azure Sentinel#

Fixed an issue where the integration failed with 'JSONDecodeError' in cases of a 'None' type response.

Bambenek Consulting Feed Pack v1.1.13#

Integrations#

Bambenek Consulting Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Base Pack v1.18.6#

Scripts#

CommonServerPython#
  • UrlRegex: Enhanced the URL regex with the following:
    • Added support to IPv6-based IPs.
    • Added support for defanged URLs.
    • Added support for integer-based IPs.
    • Added support for octet-based IPs.
    • Added support for hex-based IPs.
  • Maintenance and stability enhancements.

BeyondTrust Password Safe Pack v1.0.11#

Integrations#

BeyondTrust Password Safe#

Updated the Docker image to: demisto/python3:3.10.1.25933.

BitSight Pack v1.0.12 (Partner Supported)#

Incident Fields#

BitSight Assets - Maintenance and stability enhancements.

BitcoinAbuse Feed Pack v1.0.18#

Integrations#

BitcoinAbuse Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

BlockList DE Feed Pack v1.1.13#

Integrations#

Blocklist_de Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Bmc Helix Remedyforce Pack v1.0.15#

Incident Fields#

Bmc Remedyforce Client Name - Maintenance and stability enhancements.

BruteForce Feed Pack v1.1.13#

Integrations#

BruteForceBlocker Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

CSV Feed Pack v1.1.11#

Integrations#

CSV Feed#

Updated the Docker image to: demisto/py3-tools:0.0.1.26536.

Carbon Black Cloud Enterprise EDR Pack v1.1.11#

Integrations#

VMware Carbon Black Enterprise EDR#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Carbon Black Endpoint Standard Pack v3.0.11#

Incident Fields#

  • Carbon Black ES Process Id
  • Carbon Black ES First Event Time
  • Carbon Black ES Process Name

Carbon Black Enterprise Protection Pack v1.0.16#

Integrations#

VMware Carbon Black App Control v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Censys Pack v2.0.2#

Integrations#

Censys v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Chronicle Pack v2.0.13 (Partner Supported)#

Incident Fields#

  • Chronicle Detection Time
  • Chronicle Rule ID
  • Chronicle Detection Window Start Time

CircleCI Pack v1.0.7#

Integrations#

CircleCI#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Cisco ASA Pack v1.0.13#

Integrations#

Cisco ASA#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Cisco Umbrella Enforcement Pack v1.0.8#

Integrations#

Cisco Umbrella Enforcement#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Cloudflare Feed Pack v1.1.13#

Integrations#

Cloudflare Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Code42 Pack v2.0.12 (Partner Supported)#

Incident Fields#

Code42 Username - Maintenance and stability enhancements.

Common Playbooks Pack v2.1.10#

Playbooks#

Block IP - Generic v3#

Maintenance and stability enhancements.

Common Scripts Pack v1.6.32#

Scripts#

SetAndHandleEmpty#

Fixed an issue where the values are appended regardless if append = false when running in sub-playbooks.

ShowLocationOnMap#
  • Improved error handling when no location exists.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.
If-Then-Else#

Fixed an issue where 'No result returned' is displayed when returning an empty value.

ParseEmailFiles#

Fixed an issue that when parsing EML files, the message-id field is not parsed to the correct spelling in the context output.

ConvertFile#

Updated the Docker image to: demisto/office-utils:2.0.0.23094.

New: ParseEmailFilesV2#
  • Parse an email from an EML or MSG file using the parse-emails Cortex XSOAR python package, and populate relevant fields and data into a Cortex XSOAR investigation.
  • The script is being released in Beta mode, after 3 months it will be GA and will officially replace the ParseEmailFiles script.
FormatURL#
  • Improved the script logging.
  • Added the regex extracted original URL from FireEye Safe URL.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Common Types Pack v3.2.15#

Incident Fields#

  • Account Name
  • Agent ID
  • Blocked Action
  • DNS Name
  • Destination Port
  • Device Username
  • Endpoint
  • Sensor Name
  • Source Hostname
  • Source Port
  • Source Username
  • Src Hostname
  • Src User
  • Threat Hunting Detected Hostnames
  • Usernames
  • Hostnames
  • Alert Action
  • Destination IPs
  • Agents ID
  • Src Ports
  • Dst Ports
  • Process Path
  • SHA256
  • Alert Action
  • Source IPs
  • Parent CMD line
  • Parent Process
  • Protocol
  • Protocols
  • Src OS
  • Destination Network
  • Appliance ID
  • Appliance Name
  • File SHA256
  • Country Name
  • Alert Attack Time
  • Process Name
  • Device External IP
  • Technique
  • Detected User
  • Tactic
  • Tactic ID
  • Detected Internal IPs
  • PID
  • Child Process
  • Src
  • CMD
  • Ticket Opened Date
  • Users
  • Dest
  • Detected IPs
  • Destination Hostname
  • Source MAC Address
  • Detected External Hosts
  • Destination MAC Address
  • Source IPV6
  • Dest Hostname
  • Detection Update Time
  • External Addresses
  • Signature
  • Technique ID
  • Threat Hunting Detected IP
  • Source Network
  • OS
  • Dest OS
  • Detected Users
  • Command Line
  • Srcs
  • CMD line
  • Device Local IP
  • High Level Categories
  • Dest NT Domain
  • Src NT Domain
  • Resource ID
  • Application Name
  • Application Id
  • Alert Category
  • OS Version
  • Categories
  • App
  • Country
  • Protocol - Event
  • Event Type

Indicator Fields#

CVSS Vector#

CVSS3

Indicator Types#

  • urlRep
  • ipRep
  • hashRepSHA1
  • hashRep

Compliance Pack v1.0.11#

Incident Fields#

  • Country where the breach took place
  • Company Country

Core Alert Fields Pack v1.0.10#

Incident Fields#

  • Cloud Project
  • Starred
  • appsubcategory
  • Destination Zone Name
  • Contains Featured User
  • Cloud Operation Type
  • NGFW Vsys Name
  • OS Parent Name
  • Cloud Identity Type
  • Mitre ATT&CK Tactic
  • DNS Query Name
  • Contains Featured Host
  • Image Name
  • OS Parent PID
  • Registry Data
  • User Agent
  • Target process CMD
  • Email Sender
  • App Technology
  • CGO signer
  • Initiator signer
  • Process execution signature
  • OS Parent CMD
  • FW Rule ID
  • Excluded
  • Mitre ATT&CK Technique
  • Target process name
  • CGO path
  • Initiator PID
  • Cluster Name
  • Contains Featured IP Address
  • Is Phishing
  • Domain
  • OS Parent Signature
  • Rule ID
  • App Category
  • Country
  • XFF
  • Cloud Resource Sub-type
  • Module
  • Host OS
  • Cloud Identity Sub Type
  • Source Zone Name
  • Event Type
  • Cloud Resource Type
  • Cloud Referenced Resource
  • CGO CMD
  • FW Serial Number
  • Initiator MD5
  • Host FQDN
  • Email Recipient
  • Email Subject
  • App-id
  • Host Mac Address
  • CID
  • Cloud Provider
  • CGO MD5
  • Process execution signer
  • Initiator TID
  • Initiator signature
  • OS Parent Signer
  • File Macro SHA256
  • Host IP
  • CGO name
  • FW Name
  • Agent OS Sub Type
  • CGO signature
  • Registry Full Key
  • OS Parent SHA256
  • Container ID
  • OS Parent User Name
  • OS Parent ID
  • Action
  • File SHA256
  • Remote Host
  • Initiated By
  • Remote IP
  • Local IP
  • Local Port
  • Initiator CMD
  • User name
  • Initiator path
  • Remote Port
  • Timestamp
  • Hostname
  • Country
  • Category
  • FW Rule Name
  • Action

Cortex Xpanse Pack v1.10.6#

Incident Fields#

  • Expanse Port
  • Expanse IP
  • Expanse Category
  • Expanse Protocol
  • Expanse Provider
  • Expanse Domain

Integrations#

Cortex Xpanse#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Expanse Expander Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Create EDL Instance Pack v1.0.1 (Community Contributed)#

Scripts#

CreateEDLInstance#

Added the Port argument to the script, to specify a port to use instead of generating a random value.

CreatePlbkDoc Pack v1.1.0 (Community Contributed)#

Scripts#

CreatePlbkDoc#
  • Fixed an issue to get the exact playbook when getting a list of playbooks with a given name.
  • Improved implementation of using dictionaries. Changed square brackets to get method.

CrowdStrike Falcon Pack v1.4.6#

Integrations#

CrowdStrike Falcon#
  • Added the ids argument to the cs-falcon-list-incident-summaries command to filter incidents by IDs.
  • Added the ids argument to the cs-falcon-list-detection-summaries command to filter detections by IDs.
  • Fixed an issue where the endpoint command returned a 'NoneType' error.
  • Improved documentation.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

CrowdStrike Falcon Intel Pack v2.0.14#

Integrations#

CrowdStrike Falcon Intel v2#
  • Fixed an issue where the url command failed to run on a URL that contains a single quote.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

CrowdStrike Malquery Pack v1.0.11#

Integrations#

CrowdStrike Malquery#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Crowdstrike Falcon Intel Feed Pack v2.0.11#

Integrations#

CrowdStrike Indicator Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Cryptocurrency Pack v1.1.13#

Integrations#

Cryptocurrency#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Cyberpion Pack v1.0.5 (Partner Supported)#

Incident Fields#

  • Cyberpion Category
  • Cyberpion Domain

Cylance Protect Pack v1.0.9#

Integrations#

Cylance Protect v2#

Fixed an issue where multiple indicators returned DBotScore objects simultaneously.

DShield Feed Pack v1.1.13#

Integrations#

DShield Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Darktrace Pack v1.0.11 (Partner Supported)#

Incident Fields#

Darktrace Device Hostname - Maintenance and stability enhancements.

DevSecOps Pack v1.0.9 (Community Contributed)#

Incident Fields#

  • DevSecOps App Task Action
  • DevSecOps PR Action

Integrations#

GitLab#
  • Added the gitlab-trigger-pipeline command to trigger a pipeline in Gitlab.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Developer Tools Pack v1.2.14#

Integrations#

CustomIndicatorDemo#

Updated the Docker image to: demisto/python3:3.10.1.25933.

New: Create Test Incidents#

(Available from Cortex XSOAR 6.1.0).

Scripts#

New: WaitAndCompleteTask#

Wait and complete tasks by given status. Used for test playbooks. (Available from Cortex XSOAR 6.1.0).

Digital Guardian Pack v1.0.12 (Partner Supported)#

Incident Fields#

  • Digital Guardian Process Name
  • Digital Guardian Parent Process Name

EWS Pack v1.11.4#

Integrations#

EWS O365#

Added the replyTo argument to the send-mail command, which represents the email addresses used to reply to the message.

Elasticsearch Pack v1.2.5#

Integrations#

Elasticsearch v2#

Updated the Docker image to: demisto/elasticsearch:1.0.0.26509.

Elasticsearch Feed Pack v1.0.15#

Integrations#

Elasticsearch Feed#

Updated the Docker image to: demisto/elasticsearch:1.0.0.26509.

EmailRepIO Pack v1.0.9#

Integrations#

EmailRep.io#

Updated the Docker image to: demisto/python3:3.10.1.25933.

ExtraHop Reveal(x) Pack v1.0.13 (Partner Supported)#

Incident Fields#

ExtraHop Hostname - Maintenance and stability enhancements.

F5 Silverline Pack v1.0.11#

Incident Fields#

  • F5 Silverline Attack Signature Name
  • F5 Silverline Client Port
  • F5 Silverline Translated Source Port
  • F5 Silverline Backend Server IP

F5 firewall Pack v1.2.9#

Integrations#

F5 Application Security Manager (WAF)#

Updated the Docker image to: demisto/python3:3.10.1.25933.

FeodoTracker Feed Pack v1.1.15#

Integrations#

Feodo Tracker IP Blocklist Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

FireEye Central Management Pack v1.1.8#

Integrations#

FireEye Central Management#
  • Fixed an issue where the authorization token was not cached properly.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

FireEye Common Fields Pack v1.0.4#

Incident Fields#

  • FireEye C2 Protocol
  • FireEye Domain Name

FireEye Email Security (EX) Pack v2.0.5#

Integrations#

FireEye Email Security#

Fixed an issue where the authorization token was not cached properly.

FireEye HX Pack v1.1.3#

Integrations#

FireEye HX#

Updated the Docker image to: demisto/python3:3.10.1.25933.

FireEye Network Security (NX) Pack v1.0.11#

Incident Fields#

  • FireEye NX Alert Target MAC Address
  • FireEye NX Alert Victim MAC Address

FortiManager Pack v1.0.5#

Integrations#

FortiManager#

Improved implementation to include details regarding the member objects in the result.

G Suite Admin Pack v1.1.4#

Integrations#

G Suite Admin#

Updated the Docker image to: demisto/googleapi-python3:1.0.0.26208.

G Suite Security Alert Center Pack v1.1.3#

Integrations#

G Suite Security Alert Center#

Updated the Docker image to: demisto/googleapi-python3:1.0.0.26208.

Generic Export Indicators Service Pack v3.0.2#

Integrations#

Generic Export Indicators Service#
  • Fixed an issue that blank lines were mistakenly added at the end of the list.
  • Fixed an issue that prepend and append parameters were not handled.

Playbooks#

PAN-OS EDL Service Configuration#

Deprecated.

Generic Webhook Pack v1.0.5#

Integrations#

Generic Webhook#

Updated the Docker image to: demisto/fastapi:1.0.0.26308.

GitHub Pack v1.3.14#

Integrations#

GitHub#

Added the following commands to Github integration:

  • GitHub-update-comment
  • Github-delete-comment

Gmail Single User Pack v1.2.0#

Integrations#

Gmail Single User#

Updated the Docker image to: demisto/google-api-py3:1.0.0.26204.

Gmail Single User (Beta)#

Added a new "Send as" parameter that can be used to specify a send as address. If the account has the email alias enabled for this address, it will send as this address instead of the "email" parameter. The "email" parameter is still used as the authenticating user-id.

Google Calendar Pack v1.1.3#

Integrations#

Google Calendar#

Updated the Docker image to: demisto/googleapi-python3:1.0.0.26208.

Google Cloud Functions Pack v1.0.6#

Integrations#

Google Cloud Functions#

Updated the Docker image to: demisto/google-api-py3:1.0.0.26204.

Google Cloud Pub / Sub Pack v1.0.6#

Integrations#

Google Cloud Pub/Sub#

Updated the Docker image to: demisto/googleapi-python3:1.0.0.26208.

Google Cloud SCC Pack v2.0.5 (Partner Supported)#

Incident Fields#

  • GoogleCloudSCC Finding SourceProperties UserAgent
  • GoogleCloudSCC Finding CreateTime
  • GoogleCloudSCC Finding EventTime
  • GoogleCloudSCC Finding SourceProperties LastCountry
  • GoogleCloudSCC Resource ProjectName
  • GoogleCloudSCC Resource Project DisplayName
  • GoogleCloudSCC Finding SourceProperties App
  • GoogleCloudSCC Finding SourceProperties DstCountry
  • GoogleCloudSCC Finding SourceProperties AppCategory
  • GoogleCloudSCC Finding Category
  • GoogleCloudSCC Finding SourceProperties ProjectId

Integrations#

Google Cloud SCC#
  • Added the google-cloud-scc-finding-state-update command.
  • Added support workload identity federation for services running on cloud providers like AWS, Azure.
  • Upgraded the Docker image to: demisto/google-api-py3:1.0.0.25818.

Google Docs Pack v1.0.5#

Integrations#

Google Docs#

Updated the Docker image to: demisto/googleapi-python3:1.0.0.26208.

Google Drive Pack v1.2.4#

Integrations#

Google Drive#

Updated the Docker image to: demisto/googleapi-python3:1.0.0.26208.

Google IP Ranges Feed Pack v2.0.4#

Integrations#

Google IP Ranges Feed#

Updated the Docker image to: demisto/py3-tools:0.0.1.26536.

Google Maps Pack v1.0.6#

Integrations#

Google Maps#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Google Safe Browsing Pack v2.0.10#

Integrations#

Google Safe Browsing v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Google Vision AI Pack v1.0.6#

Integrations#

Google Vision AI#

Updated the Docker image to: demisto/google-vision-api:1.0.0.26419.

Grafana Pack v1.0.1#

Integrations#

Grafana#

Updated the Docker image to: demisto/python3:3.10.1.25933.

GsuiteAuditor Pack v1.0.4#

Integrations#

G Suite Auditor#

Updated the Docker image to: demisto/googleapi-python3:1.0.0.26208.

HPE Aruba Clearpass Pack v1.0.6#

Integrations#

HPE Aruba ClearPass#

Updated the Docker image to: demisto/python3:3.10.1.25933.

HostIo Pack v1.0.7#

Integrations#

HostIo#

Updated the Docker image to: demisto/python3:3.10.1.25933.

IBM QRadar Pack v2.1.34#

Incident Fields#

  • Domain - Offense
  • Type - Offense
  • Destination Network - Offense

Integrations#

IBM QRadar v3#
  • Improved test_module resiliency.
  • Improved assets resiliency when fetching incidents.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.
IBM QRadar v2 (Deprecated)#

Improved code resiliency.

Playbooks#

QRadarFullSearch#

Fixed an issue in the QRadarFullSearch playbook where the generic polling task didn't account for a 'CANCELED' status returning from the qradar-get-search command.

QRadar Indicator Hunting V2#

You can now run the QRadar Indicator Hunting V2 playbook with a QRadar v3 instance.

IBM X-Force Exchange Pack v1.1.12#

Integrations#

IBM X-Force Exchange v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Imperva WAF Pack v1.0.8#

Integrations#

Imperva WAF#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Infinipoint Pack v1.0.8 (Partner Supported)#

Incident Fields#

Infinipoint hostname - Maintenance and stability enhancements.

Ipinfo Pack v2.1.3#

Integrations#

IPinfo v2#

Fixed an issue where the ip command would not present all of the information returned from the API.

ipinfo (Deprecated)#

Restored the ipinfo integration.

IronNet Pack v1.1.13 (Partner Supported)#

Incident Fields#

  • IronDefense First Event Created
  • IronDefense Src Network ID
  • IronDefense Category
  • IronDefense Dst Network ID
  • IronDefense IronDome Category
  • IronDefense Primary App Protocol
  • IronDefense IronDome Category

JSON Feed Pack v1.1.12#

Integrations#

JSON Feed#

Updated the Docker image to: demisto/py3-tools:0.0.1.26536.

Jamf Pack v2.0.5#

Integrations#

JAMF v2#

Updated the Docker image to: demisto/btfl-soup:1.0.1.26429.

Joe Security Pack v1.0.9#

Integrations#

Joe Security#

Documentation and metadata improvements.

JsonWhoIs Pack v1.0.10#

Integrations#

JsonWhoIs#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Kenna Pack v1.1.8#

Integrations#

Kenna v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Lockpath Keylight Pack v1.1.8#

Integrations#

Lockpath KeyLight v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

LogRhythmRest Pack v2.0.4#

Integrations#

LogRhythmRest v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

MISP Feed Pack v1.0.6#

Integrations#

MISP Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Mail Listener Pack v1.0.10#

Integrations#

Mail Listener v2#

Updated the Docker image to: demisto/py3-tools:0.0.1.26536.

Maltiverse Pack v1.0.13#

Integrations#

Maltiverse#

Updated the Docker image to: demisto/python3:3.10.1.25933.

MalwareBazaar Pack v1.0.3#

Integrations#

MalwareBazaar#

Updated the Docker image to: demisto/python3:3.10.1.25933.

MalwareBazaar Feed Pack v1.0.4#

Integrations#

MalwareBazaar Feed#

Updated the Docker image to: demisto/py3-tools:0.0.1.26536.

Manage Engine Service Desk Plus Pack v2.0.7#

Integrations#

Service Desk Plus#

Updated the Docker image to: demisto/python3:3.10.1.25933.

McAfee ESM Pack v1.1.15#

Integrations#

McAfee ESM v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

McAfee Threat Intelligence Exchange Pack v1.0.4#

Integrations#

McAfee Threat Intelligence Exchange#

Fixed an issue where the file command failed for hashes for which there was no analysis.

McAfee ePO Pack v2.0.3#

Integrations#

McAfee ePO v2#
  • Fixed an issue in the epo-advanced-command command where ePO would return a plain text response when a JSON was expected.
  • Maintenance and stability enhancements.

Microsoft 365 Defender Pack v3.0.1#

Incident Fields#

Microsoft 365 Defender Users - Maintenance and stability enhancements.

Microsoft Azure AD Connect Health Feed Pack v1.0.6#

Integrations#

Azure AD Connect Health Feed#

Updated the Docker image to: demisto/btfl-soup:1.0.1.26429.

Microsoft Cloud App Security Pack v1.0.26#

Integrations#

Microsoft Cloud App Security#
  • Documentation and metadata improvements.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Microsoft Graph Mail Pack v1.1.11#

Integrations#

O365 Outlook Mail (Using Graph API)#
  • Added the option to add attachments when sending an email reply with the msgraph-mail-reply-to command.
  • Added the replyTo argument to the send-mail command, which represents the email addresses used to reply to the message.

Microsoft Graph Mail Single User Pack v1.0.24#

Integrations#

O365 Outlook Mail Single User (Using Graph API)#
  • Added the option to add attachments when sending an email reply with the msgraph-mail-reply-to command.
  • Added the replyTo argument to the send-mail command, which represents the email addresses used to reply to the message.

Microsoft Intune Feed Pack v1.0.6#

Integrations#

Microsoft Intune Feed#

Updated the Docker image to: demisto/btfl-soup:1.0.1.26429.

Microsoft Teams Pack v1.1.20#

Integrations#

Microsoft Teams Management#

Updated the Docker image to: demisto/crypto:1.0.0.24380.

MongoDB Pack v1.2.4#

Integrations#

MongoDB#

Updated the Docker image to: demisto/py3-tools:0.0.1.26536.

Netcraft Pack v1.0.8#

Integrations#

Netcraft#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Netscout Arbor Edge Defense - AED Pack v1.0.9#

Integrations#

Netscout Arbor Edge Defense#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Netscout Arbor Sightline Pack v1.0.7#

Integrations#

Netscout Arbor Sightline (Peakflow)#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Nutanix Hypervisor Pack v1.0.8#

Integrations#

Nutanix Hypervisor#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Office 365 Feed Pack v1.1.15#

Integrations#

Office 365 Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Okta Pack v2.2.11#

Integrations#

Okta IAM#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Okta v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

OpsGenie Pack v2.0.3#

Integrations#

OpsGenie v3#
  • Fixed an issue where commands failed with a 404 error. Now using polling in this case.
  • Added the opsgenie-get-request command.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

PAN-OS Pack v1.8.7#

Scripts#

PanoramaSecurityPolicyMatchWrapper#
  • Fixed an issue where the default value of the limit argument was not set correctly.
  • Fixed an issue where the rules outputs were not in the expected format.

PAN-OS Policy Optimizer Pack v1.0.4#

Integrations#

PAN-OS Policy Optimizer#
  • Fixed an issue where no rules were retrieved for Panorama instances.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Palo Alto Networks Cortex XDR - Investigation and Response Pack v4.2.17#

Integrations#

Palo Alto Networks Cortex XDR - Investigation and Response#
  • Fixed an incorrect autocomplete option in the type argument of the xdr-get-audit-management-logs command.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.
Cortex XDR - IOC#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Cortex XDR - XQL Query Engine#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Palo Alto Networks IoT Pack v1.0.11#

Integrations#

Palo Alto Networks IoT#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Palo Alto Networks Threat Vault Pack v1.0.12#

Integrations#

Palo Alto Networks Threat Vault#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Palo Alto Networks Traps (Deprecated) Pack v1.0.9#

Incident Fields#

Integrations#

Palo Alto Networks Traps#

Maintenance and stability enhancements.

Palo Alto Networks WildFire Pack v2.0.6#

Integrations#

Palo Alto Networks WildFire v2#

Fixed an issue where 'status' is referenced before assignment.

Perch Pack v1.0.9#

Integrations#

Perch#

Updated the Docker image to: demisto/python3:3.10.1.25933.

PhishLabs Pack v1.1.6#

Integrations#

PhishLabs IOC#

Updated the Docker image to: demisto/python3:3.10.1.25933.

PhishLabs IOC EIR#

Updated the Docker image to: demisto/python3:3.10.1.25933.

PhishTank Pack v2.0.13#

Integrations#

PhishTank v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Phishing Pack v3.1.2#

Incident Fields#

  • Email To
  • Email From
  • Email Subject

Plain Text Feed Pack v1.1.11#

Integrations#

Plain Text Feed#

Updated the Docker image to: demisto/py3-tools:0.0.1.26536.

Prisma Cloud Pack v2.0.7#

Integrations#

Prisma Cloud (RedLock)#
  • Added the following new commands:
    • redlock-search-network
    • redlock-search-event
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Prisma Cloud Compute Pack v1.2.6#

Incident Fields#

  • Prisma Cloud Compute Category
  • Prisma Cloud Compute AppID
  • Prisma Cloud Compute Container
  • Prisma Cloud Compute Provider
  • Prisma Cloud Compute Project

Qualys Pack v1.0.16#

Integrations#

Qualys v2#

Added 9 commands:

  • qualys-host-list-detection
  • qualys-host-update
  • qualys-asset-group-add
  • qualys-asset-group-edit
  • qualys-asset-group-delete
  • qualys-schedule-scan-create
  • qualys-schedule-scan-update
  • qualys-schedule-scan-delete
  • qualys-time-zone-code

Quest Kace Pack v1.0.9#

Integrations#

Quest KACE Systems Management Appliance (Beta)#

Updated the Docker image to: demisto/python3:3.10.1.25933.

RSA NetWitness Pack v2.0.1#

Integrations#

RSANetWitnessv115 (Beta)#

Fixed an issue where the rsa-nw-files-list command returned a 'NoneType' error.

RSS Feed Pack v1.0.2#

Playbooks#

Extract and Create Relationships#

Removed indicators manual enrichment.

Rapid7 InsightIDR Pack v1.0.9#

Integrations#

Rapid7 InsightIDR#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Rasterize Pack v1.0.18#

Integrations#

Rasterize#

Updated the Docker image to: demisto/chromium:1.0.0.26112.

Recorded Future Feed Pack v1.0.21#

Integrations#

Recorded Future RiskList Feed#
  • Added the CVE(vulnerability) type to the Indicator Type parameter.
  • Added the IOC Risk Score Threshold parameter which will be used to filter out the ingested indicators, and only indicators with equivalent or higher risk scores are ingested into Cortex XSOAR.
  • Added the vulnerability type to the indicator_type argument in the rf-feed-get-risk-rules command.
  • Added the vulnerability type to the indicator_type argument in the rf-feed-get-indicators command.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Remote Access Pack v1.0.1#

Integrations#

RemoteAccess v2#

Fixed an issue where the copy-from command failed to copy PDF files.

Rubrik Polaris Pack v1.0.7 (Partner Supported)#

Incident Fields#

  • Rubrik CDM Cluster Name
  • Rubrik Polaris CDM Cluster Name

Rundeck Pack v1.0.9#

Integrations#

Rundeck#

Updated the Docker image to: demisto/python3:3.10.1.25933.

SaaS Security (Beta) Pack v1.2.8#

Incident Fields#

  • Saas Security Asset ID
  • Saas Security Asset Name
  • Saas Security Asset Owner
  • Saas Security Asset Owner Email
  • Saas Security Remediation Type
  • Saas Security Remove Inherited Sharing
  • Saas Security Category
  • Saas Security Status
  • Saas Security Incident Id
  • Saas Security Incident Severity Level
  • Saas Security State
  • Saas Security Assigned To
  • Saas Security Resolved By
  • Saas Security Assigned To
  • Saas Security Asset URL

Incident Types#

Saas Security Incident

Integrations#

SaasSecurity (Beta)#
  • Fixed an issue where incidents were not closed while mirroring was enabled.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.
SaaS Security#
  • Set the beta flag to true.
  • Changed the icon image.
SaaS Security (Beta)#

Updated the instruction and description text.

Layouts#

Saas Security Layout

  • Added the following fields:
    • SaaS Security Asset Owner
    • SaaS Security Asset Owner Email
    • SaaS Security Incident Severity Level
  • Removed the following fields:
    • Item Owner
    • Severity
    • Item Owner Email

Mappers#

Saas Security - Outgoing Mapper#

Edited the formatting.

Saas Security - Incoming Mapper#

Added the following fields:

  • SaaS Security Asset Owner Email
  • SaaS Security Incident Severity Level

Playbooks#

Saas Security - Incident Processor#
  • Fixed a typo.
  • Updated the text.
Saas Security - Take Action on the Incident#

Updated the text.

SafeBreach - Breach and Attack Simulation platform Pack v1.1.13 (Partner Supported)#

Incident Fields#

SafeBreach Remediation Action - Maintenance and stability enhancements.

Salesforce Indicators Pack v1.0.5 (Community Contributed)#

Integrations#

Salesforce Indicators#
  • Added a last run to ensure that only indicators that were modified since the last run are collected.
  • Changed the initial query to pull from the last modified date rather than the created date.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

SecurityScorecard Pack v1.0.2 (Partner Supported)#

Incident Fields#

SecurityScorecard Username - Maintenance and stability enhancements.

Sepio Pack v1.0.6 (Partner Supported)#

Integrations#

Demisto - Sepio#

Released a new plug-in version to fix lost events - changed fromTimeStamp to fromEventId.

Server Message Block (SMB) Pack v2.0.6#

Integrations#

Server Message Block (SMB) v2#

Updated the Docker image to: demisto/smbprotocol:1.0.0.26484.

ServiceNow Pack v2.3.1#

Classifiers#

ServiceNow Classifier#

Added support for the ServiceNow SIR Incident incident type.

Incident Fields#

  • ServiceNow SIR Category
  • ServiceNow Attack Vector
  • ServiceNow SIR State
  • ServiceNow Business Impact

Incident Types#

ServiceNow SIR Incident

Integrations#

ServiceNow v2#
  • Fixed an issue where the servicenow-get-ticket command failed to get attachments when using OAuth Login.
  • Fixed an issue where the incoming mirror failed when an invalid user was assigned to the ticket.
  • Added ability to fetch and mirror SIR incidents.
  • Added ability to create and modify SIR incidents.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Layouts#

  • Added the ServiceNow SIR Incident layout.
  • Added support for the ServiceNow SIR Incident incident type.

Mappers#

ServiceNow - Outgoing Mapper#

Added support for the ServiceNow SIR Incident incident type.

ServiceNow - Incoming Mapper#

Added support for the ServiceNow SIR Incident incident type.

Playbooks#

Create ServiceNow Ticket#

Fixed the description for the AdditionalPollingCommandName argument where the allowed word was listed as "Using" instead of "using".

ServiceNow Ticket State Polling#

Fixed the description for the AdditionalPollingCommandName argument where the allowed word was listed as "Using" instead of "using".

Shadow IT Pack v1.0.3#

Incident Fields#

  • Shadow IT Port
  • Shadow IT IP

Shodan Pack v1.0.8#

Integrations#

Shodan v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Slack Pack v2.4.4#

Integrations#

Slack v3#
  • Fixed an issue in the long-running command where a custom session was used for all connections.
  • Slack Ask questions are now updated when a reply is given.
  • Answers to questions are now formatted when given a user and response.
  • Fixed an issue where an email for a user responding to a question was not successfully retrieved.

Scripts#

SlackAskV2#
  • Added new channel_id input to the SlackAskV2 script.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Sophos XG Firewall Pack v1.0.9#

Integrations#

Sophos Firewall#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Spamhaus Feed Pack v1.1.13#

Integrations#

Spamhaus Feed#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Syslog Pack v2.0.2#

Integrations#

Syslog Sender#

Updated the Docker image to: demisto/python3:3.10.1.25933.

TAXII Server Pack v2.0.2#

Integrations#

TAXII2 Server#

Added a feature to convert STIX Cyber Observable Objects to 'indicator' STIX Domain Objects so that the Microsoft Azure Sentinel TAXII Connector can feed indicators.

Tanium Pack v1.0.16#

Integrations#

Tanium v2#
  • Add the tn-get-action-result command that allows you to get device action results by ID.
  • Maintenance and stability enhancements.
  • Updated the Docker image to: demisto/python:3:3.10.1.25933.

Tanium Threat Response Pack v2.0.10#

Incident Fields#

Integrations#

Tanium Threat Response#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Tanium Threat Response v2#
  • Added the tanium-tr-start-quick-scan command.
  • Added the tanium-tr-intel-doc-delete command.

Thales SafeNet Trusted Access Pack v2.0.2 (Partner Supported)#

Incident Fields#

SafeNet Trusted Access - Username - Maintenance and stability enhancements.

TheHive Project Pack v1.1.7#

Integrations#

TheHive Project#

Updated the Docker image to: demisto/python3:3.10.1.25933.

ThreatExchange Pack v2.0.7#

Integrations#

ThreatExchange v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

ThreatQ Pack v1.0.16#

Integrations#

ThreatQ v2#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Trend Micro Cloud App Security Pack v1.0.7#

Integrations#

Trend Micro Cloud App Security#
  • Documentation and metadata improvements.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Trend Micro Deep Discovery Analyzer Pack v1.0.7#

Integrations#

Trend Micro Deep Discovery Analyzer (Beta)#
  • Fixed an issue where the trendmicro-dda-get-report command failed on a KeyError exception.
  • Maintenance and stability enhancements.

Tripwire Pack v1.0.9#

Integrations#

Tripwire#

Updated the Docker image to: demisto/python3:3.10.1.25933.

URLScan.io Pack v1.1.15 (Partner Supported)#

Integrations#

urlscan.io#

Fixed the operation of the continue_on_blacklisted_urls argument for the url command. This setting had been rendered ineffectual by a change in the urlscan API, but now functions again as expected.

URLhaus Pack v1.0.12#

Integrations#

URLhaus#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Unit42 v2 Feed Pack v1.0.10#

Integrations#

Unit 42 ATOMs Feed#
  • Added the indicators_type argument to the unit42-get-indicators command.
  • Fixed an issue in the fetch-indicators command where the fetched indicators were created with an unknown verdict.

WhatIsMyBrowser Pack v1.0.6#

Integrations#

WhatIsMyBrowser#

Updated the Docker image to: demisto/python3:3.10.1.25933.

WhisperGate & CVE-2021-32648 Pack v1.0.2#

Playbooks#

WhisperGate & CVE-2021-32648#
  • Added an Xpanse issues search.
  • Added a Unit42 blog link.

Whois Pack v1.2.10#

Integrations#

Whois#
  • Fixed an issue where the WHOIS server host of the 'ph' extension was missing.
  • Fixed an issue where the whois command returned an error in a case where a call to a referral server failed, instead of returning the response of the servers that hadn't failed.

Wiz Pack v1.0.1 (Partner Supported)#

Incident Fields#

  • Wiz Resource Type - Modified field to have Wiz resource type. Example: VIRTUAL_MACHINE.
  • Wiz Resource Native Type - New field with cloud resource native type. Example: Microsoft.Compute/virtualMachineScaleSets/virtualMachines,

Integrations#

Wiz#
  • Added additional checks to the test button in the integration settings page.
  • Updated the Docker image to: demisto/python3:3.10.1.25933.

Mappers#

Wiz Mapper Webhook#

Updated the mapper to match the field type changes.

Wiz Mapper#

Updated the mapper to match the field type changes.

XM Cyber Pack v1.0.13 (Partner Supported)#

Incident Fields#

  • Technique Mitre
  • Entity IP Address
  • Technique Name
  • Technique Name

XSOAR CI/CD Pack v1.0.13#

Scripts#

CustomPackInstaller#
  • Added the skip_verify argument to skip pack signature validation. Available from server version 6.5.0 .
  • Added the skip_validation argument to skip all pack validations. This argument should be used only when migrating from custom content entities to custom content packs. Available from server version 6.6.0.
  • Updated the Docker image to: demisto/xsoar-tools:1.0.0.26178.

XSOAR Content Update Notifications Pack v1.0.3 (Community Contributed)#

Incident Fields#

  • Content Updates Auto Install - This filed allows a default value to be set on whether to auto-upgrade packs.
  • Demisto REST API Name - This field is required to specify which instance of the Cortex XSOAR REST API to use to check for content updates.

Layouts#

Content Update Manager Layout - Layout updated to include the following fields:

  • Content Updates Auto Install
  • Demisto REST API Name

Playbooks#

Content Update Manager#

Updated the playbook to set a default value of "All" when no packs are provided for the Content Pack Selection field.

Check For Content Installation#

Updated an invalid script input.

Scripts#

GetLatestReleaseNotes#

Updated a bug that assumes a list input when it can be a JSON dictionary.

Zimperium Pack v1.1.2#

Integrations#

Zimperium#

Updated the Docker image to: demisto/python3:3.10.1.25933.

Assets#

Edit this page
Report an Issue