Demisto Content Release Notes for version 19.4.0 (20832)
Published on 02 April 2019
Integrations
6 New Integrations
- __CrowdStrike Falcon__
The CrowdStrike Falcon OAuth 2 API integration (formerly Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.
- __ExtraHop__
ExtraHop performs real-time stream analysis of the packets that carry data across a network.
- __Signal Sciences WAF__
Protect your web application using Signal Sciences.
- __Snowflake__
Analytic data warehouse provided as Software-as-a-Service.
- __Tufin__
Retrieve and analyze network access controls across Tufin-managed firewalls, SDN, and public cloud to identify vulnerable access paths of an attack.
- __Vertica__
Analytic database management software.
23 Improved Integrations
- __Active Directory Query v2__
- Added the _context-output_ argument to the ___ad-search___ command. If the argument is set to _no_, the command will not output results.
- Improved functionality of the _size-limit_ argument in the ___ad-search___ command.
- __ArcSight ESM v2__
Added an integration instance parameter that limits the number of incidents that are fetched each time.
- __Azure Compute__
Fixed an issue with the ___azure-vm-create-instance___ command.
- __Palo Alto AutoFocus__
- Fixed an issue with entry tables.
- Improved handling of HTTP errors.
- __Centreon__
Fixed proxy logic.
- __Cisco Umbrella Investigate__
Added a threshold parameter to the integration instance configuration, which can override the default malicious score.
- __CrowdStrike Falcon Sandbox__
Improved how URLs are submitted to CrowdStrike.
- __Cyber Triage__
Added support for Cyber Triage 2.6.
- __DUO Admin__
Renamed the _1_minutes_ago_ argument to _1_minute_ago_.
- __McAfee ESM-v10__
- Improved how incidents are fetched.
- Added support for ESM timezone.
- The ___esm-get-cases-list___ command now supports filtering by time range.
- Added the time format parameter.
- __Endgame__
Improved descriptions for the _endgame-deploy_ argument.
- __HashiCorp Vault__
- Improved integration test error messages.
- Fixed several issues with fetching credentials.
- The ___list-secrets___ command now supports KV1 engines.
- __LogRhythm__
Added several outputs and updated context.
- __Mail Sender (New)__
- Improved error handling and messaging.
- Added the FQDN parameter to the integration instance configuration.
- __McAfee Advanced Threat Defense__
Improved error messages for incorrect username, incorrect password, and incorrect header.
- __Palo Alto Minemeld__
- Added validation of deleting indictors from miners of type localDB.
- Added default values to the threat intel commands.
- __Palo Alto Networks Cortex__
Implemented OAuth2 authentication.
- __Palo Alto Firewall and Panorama__
- Added the ___panorama-get-pcap___ and ___panorama-list-pcaps___ commands.
- Improved error messages, handling of invalid inputs, catch move-rule errors and display them as message.
- __Server Message Block (SMB)__
- Added the ___smb-upload___ command.
- Added option to print out the contents of a file instead of downloading it.
- __urlscan.io__
- Add RediredctedURLs and EffectiveURL data from the ___!url___ command to context.
- Added the threshold parameter to the integration instance configuration.
- __VirusTotal - Private API__
- The ___vt-private-get-url-report___ command now supports multiple URLs.
- Fixed an issue with the API.
- Added context for the ___get-url___, ___file___, and ___domain-report___ commands.
- Fixed DBot score in the ___ip-report___ command.
- Added the __Preferred Vendors List__ and __Preferred Vendors Threshold__ parameters, which help determine if files and URLs are malicious.
- __Zscaler__
Fixed an issue with the rate limit error. Now several requests in short interval will produce a retry in case of failure.
---
Scripts
New Script
- __FindSimilarIncidents__
Find similar incidents by common incident keys, labels, custom fields, or context keys.
We recommend using incident keys if possible, for example: "type" for the same incident type.
For performance reasons, we recommend avoid using context keys if possible, for example, if the value also appears in the label key, use "label".
7 Improved Scripts
- __CheckDockerImageAvailable__
Checks if a Docker image is accessible for ___pull___ commands.
- __CommonServerPython__
Added proxy handling method.
- __FilterByList__
Updated the context when the list is empty.
- __IsMaliciousIndicatorFound__
Fix to only depend on DBotScore.Score.
- __ReadFile__
Fixing unicode parsing error.
- __ReadPDFFile__
Improved the error message when the script fails on reading encrypted files.
- __StixParser__
Added support for STIX2.0.
---
Playbooks
2 Improved Playbooks
- __Extract Indicators From File - Generic__
Improved the _Is there a PDF file task_, which checks if _file.type_ and _file.info_ contains pdf.
- __Process Email - Generic__
Improved detection of attachments that are emails.
---
Reports
12 Improved Reports
- __Critical and High incidents__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Daily incidents__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Critical and High incidents__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Daily incidents__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Investigation Summary__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Open Incidents__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Investigation Summary__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Last 24 hours incidents__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Last 30 days incidents__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Last 7 days incidents__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Open Incidents__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
- __Unknown severity incidents__
Changed the occurred default date format in the decoder, which enables selecting an individual time format for each field.
---
Widgets
Improved Widget
- __Mentions__
Only unread messages are now displayed.
---
Incident Layouts
4 Improved Incident Layouts
- __Access - Summary__
Applied incident source fields.
- __Malware - Summary__
Applied incident source fields.
- __Phishing - Summary__
Removed 'Email Body HTML' from default Phishing incident type summary layout.
- __Vulnerability - Summary__
Applied incident source fields.