Demisto Content Release Notes for version 18.11.1 (14682)
Published on 18 November 2018
Integrations
5 New Integrations
- __BigFix__
IBM BigFix Patch provides an automated, simplified patching process that is administered from a single console. For more information, see the [IBM BigFix documentation](https://support.demisto.com/hc/en-us/articles/360011403394-BigFix).
- __Google Vault__
Archiving and eDiscovery for G Suite. For more information, see the [Google Vault documentation](https://support.demisto.com/hc/en-us/articles/360010994213).
- __Luminate__
Enrich reports and respond to incidents. For more information, see the [Luminate documentation](https://support.demisto.com/hc/en-us/articles/360011975994).
- __Tenable.io__
A comprehensive asset centric solution to accurately track resources while accommodating dynamic assets such as cloud, mobile devices, containers and web applications. For more information, see the [Tenable.io documentation](https://support.demisto.com/hc/en-us/articles/360011971614).
- __Windows Defender Advanced Threat Protection__
Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. For more information, see the [Windows Defender ATP documentation](https://support.demisto.com/hc/en-us/articles/360011926814).
18 Improved Integrations
- __Carbon Black Enterprise Live Response__
- Improved error messages for the ___session-create-and-wait___ command.
- Improved results for the ___cb-session-close___ command to reflect the actual session status for a CB Response case.
- __Carbon Black Enterprise Response__
- Improved outputs for the command ___cb-binary___ command to display full results for the _Hostname_ field.
- Improved implementation of the ___cb-process-events___ command to prevent failure in case the information returned is partial.
- __CrowdStrike Falcon Intel__
Improved output for DBotScore when an indicator is not found.
- __EWS v2__
Fixed a typo in compliance search methods.
- __Gmail__
Added two commands to implement an email blockage use case. For more information, see the [Gmail documentation](https://support.demisto.com/hc/en-us/articles/360007598794).
- ___gmail-add-delete-filter___
- ___gmail-add-filter___
- __Cylance Protect v2__
Added 5 commands:
- ___cylance-protect-download-threat___
- ___cylance-protect-add-hash-to-list___
- ___cylance-protect-delete-hash-from-lists___
- ___cylance-protect-get-policy-details___
- ___cylance-protect-delete-devices___
- __Mimecast v2__
- Refactored the Mimecast integration. Mimecast v1 is now deprecated.
- Implemented incident fetching.
- Fetch URL logs: Fetches email logs containing malicious URLs
- Fetch attachment logs: Fetches email logs containing malicious attachments
- Fetch impersonation logs: Fetches email logs containing impersonation incidents
- Added 12 commands:
- ___mimecast-list-blocked-sender-policies___
- ___mimecast-create-policy___
- ___mimecast-delete-policy___
- ___mimecast-get-policy___
- ___mimecast-query___
- ___mimecast-url-decode___
- ___mimecast-manage-sender___
- ___mimecast-list-managed-url___
- ___mimecast-create-managed-url___
- ___mimecast-list-messages___
- ___mimecast-get-url-logs___
- ___mimecast-get-impersonation-logs___
- ___mimecast-get-attachment-logs___
- __Palo Alto MineMeld__
Improved implementation of whitelist/blacklist initialization.
- __Rapid7 Nexpose__
Added support to view, stop, pause and resume scans. For more information, see the [Rapid7 Nexpose documentation](https://support.demisto.com/hc/en-us/articles/360006756333).
- __SCADAfence CNM__
Added two commands. For more information, see the [SCADAfence CNM documentation](https://support.demisto.com/hc/en-us/articles/360008899633).
- ___scadafence-getAllConnections___
- ___scadafence-createAlert___
- __SplunkPy__
Added support to fetch notable events using Splunk Time instead of the Demisto server time.
- __VirusTotal - Private API__
Improved the error message when the quota is exceeded.
- __Palo Alto WildFire__
The ___wildfire-upload___ command now supports multiple uploads.
- __McAfee ePO__
- Added two commands.
- ___epo-find-system___
- ___epo-get-version___
- Improved outputs for the ___epo-query-table___ command.
- __Rasterize__
Added rasterize-image command to securely display images in war room.
- __IBM QRadar__
- Fixed incidents fetching bug.
- Added the ___qradar-get-reference-by-name___ command.
- Reimplemented the integration in Python.
- __Cisco Threat Grid__
- Updated the integration to align with changes in Threat Grid API.
- Enhanced outputs for the ___threat-grid-get-analysis-by-id___ command.
- Added two commands:
- ___threat-grid-search-urls___
- ___threat-grid-search-samples___
- __urlscan.io__
- The ___ip___ and ___file___ commands are no longer supported.
- Reformatted context outputs.
- Added the command ___urlscan-search___
---
Scripts
2 New Scripts
- __ExifRead__
Read image files' metadata and provide Exif tags.
- __ParseExcel__
The automation takes an Excel file (entryID) as an input and parses its content to the War Room and context.
6 Improved Scripts
- __ADGetUser__
Improved display formatting of _UserAccountControl_ flags.
- __BlockIP__
The _rulename_ and _ipname_ arguments are now optional, and include improved defaults.
- __CPBlockIP__
The _rulename_ and _ipname_ arguments are now optional, and include improved defaults.
- __PanoramaBlockIP__
The _rulename_ argument is now optional, and includes improved defaults.
- __ProofpointDecodeURL__
Improved handling of error scenarios.
- __ReadPDFFile__
Improved handling PSEOF error.
---
Playbooks
2 New Playbooks
- __QRadarFullSearch__
This playbook runs a QRadar query and returns the query results to the context.
- __Tenable.io Scan__
Run a Tenable.io scan.