Demisto Content Release Notes for version 19.1.1 (16961)
Published on 13 January 2019
Integrations
2 New Integrations
- __CIRCL__
CIRCL Passive DNS is a database storing historical DNS records from various resources.
CIRCL Passive SSL is a database storing historical X.509 certificates seen per IP address. The Passive SSL historical data is indexed per IP address. For more information, see the [CIRCL documentation](https://support.demisto.com/hc/en-us/articles/360015114294).
- __MISP V2__
Malware information sharing platform and threat sharing.
This integration replaces the __MISP (Deprecated)__ integration.
10 Improved Integrations
- __Pwned__
Fixed an issue in the ___email___ command that affected backward compatibility.
- __AbuseIPDB__
- Fixed context issues.
- Added the ___AbuseIPDB-PopulateIndicators___ script.
- __Cybereason__
- Improved implementation of malop fetching as incidents.
- Added 5 new commands:
- ___cybereason-prevent-file___
- ___cybereason-unprevent-file___
- ___cybereason-query-file___
- ___cybereason-query-domain___
- ___cybereason-query-user___
For more information, see the [Cybereason documentation](https://support.demisto.com/hc/en-us/articles/360007903594).
- __Google Vault__
- Added 4 new commands:
- ___gvault-get-drive-results___
- ___gvault-get-mail-results___
- ___gvault-get-groups-results___
- ___gvault-download-results___
- Added 4 new Google Vault playbooks:
- ___Google Vault - Search Mail___
- ___Google Vault - Search Drive___
- ___Google Vault - Search Groups___
- ___Google Vault - Display results___
- In context, Export objects were moved into matching Matter objects (this change is not backward compatible).
For more information, see the [Google Vault documentation](https://support.demisto.com/hc/en-us/articles/360010994213).
- __IntSights__
- The ___get_alerts___ command now retrieves all alert details.
- Added the ___time-delta___ argument, which retrieves alerts based on a given time delta (in days).
For more information, see the [IntSights documentation](https://demisto.zendesk.com/hc/en-us/articles/360010956714).
- __ServiceNow__
Improved handling of empty responses and missing fields.
- __Cisco Threat Grid__
You can now submit a file that has unicode characters in the name.
- __TruSTAR__
Added 4 new commands:
- ___file___
- ___url___
- ___ip___
- ___domain___
For more information, see the [TruSTAR documentation](https://support.demisto.com/hc/en-us/articles/360005445133).
- __Have I Been Pwned?__
Added DBot score.
- ThreatConnect
- Added context and markdown to existing commands.
- Added new commands.
---
Scripts
7 New Scripts
- __AbuseIPDBPopulateIndicators__
Extracts blacklisted IP addresses from AbuseIPDB, and populates indicators accordingly.
- __ChangeRemediationSLAOnSevChange__
Changes the remediation SLA when a change in incident severity occurs.
- __CopyContextToField__
Copy a context key to an incident field to multiple number of incidents, based on a query.
- __CybereasonPreProcessingExample__
Run this preprocessing script when fetching Cybereason malops. The script checks if a malop was already fetched, and will then update the existing incident, otherwise it will create a new incident.
- __DT__
This automation allows the usage of DT scripts within playbook transformers.
- __LinkIncidentsWithRetry__
Running multiple link incidents simultaneously can cause DB version errors. Use the ___LinkIncidentsWithRetry___ script to avoid this error.
- __StopTimeToAssignOnOwnerChange__
Stops the _Time To Assign_ timer when the incident owner changes.
6 Improved Scripts
- __cveReputation__
Added a fixed number of retries to execute the ___cve-search___ command when a 404 error is returned.
- __ProofpointDecodeURL__
Added a helpful error description when a URL is not found in the query.
- __SSDeepReputation__
You can now use this script as an indicator reputation script.
- __SplunkPySearch__
- Fixed 'Missing headers param' bug.
- Added error validation for the command result.
Deprecated Scripts
- __misp_download_sample__
Script is deprecated, use the ___misp-download-sample___ command in the MISP V2 integration instead.
- __misp_upload_sample__
Script is deprecated, use the ___misp-upload-sample___ command in the in MISP V2 integration instead.
---
Playbooks
4 New Playbooks
- __Google Vault - Display Results__
Queues and displays Google Vault search results.
- __Google Vault - Search Drive__
Performs Google Vault searches in Drive accounts, and displays the results.
- __Google Vault - Search Groups__
Performs Google Vault searches in Groups, and displays the results.
- __Google Vault - Search Mail__
Performs Google Vault searches in Mail accounts, and displays the results.
---
Widgets
1 Improved Widget
- __MTTR by Type__
MTTR is now in the timeline widget.
---