Demisto Content Release Notes for version 18.6.0 (9870)
Published on 13 June 2018
Integrations
7 New Integrations
- __IBM Resilient Systems__
Case management that enables visibility across your tools for continual IR improvement. For more information, see the [IBM Resilient Systems documentation](https://support.demisto.com/hc/en-us/articles/360005831053).
- __Dell SecureWorks__
Handle tickets in SecureWorks. For more information, see the [Dell SecureWorks documentation](https://support.demisto.com/hc/en-us/articles/360004106474).
- __AWS - EC2__
Amazon Web Services Elastic Compute Cloud (EC2). For more information, see the [AWS EC2 documentation](https://demisto.zendesk.com/hc/en-us/articles/360005580234).
- __AWS - GuardDuty__
Amazon Web Services Guard Duty Service (gd). For more information, see the [AWS GuardDuty documentation](https://support.demisto.com/hc/en-us/articles/360005817333).
- __AWS - IAM__
Amazon Web Services Identity and Access Management (IAM). For more information, see the [AWS IAM documentation](https://demisto.zendesk.com/hc/en-us/articles/360005507193).
- __AWS - Route53__
Amazon Web Services Managed Cloud DNS Service. For more information, see the [AWS Route 53 documentation](https://support.demisto.com/hc/en-us/articles/360005419254).
- __AWS - SQS__
Amazon Web Services Simple Queuing Service (SQS). For more information, see the [AWS SQS documentation](https://support.demisto.com/hc/en-us/articles/360004122933).
5 Improved Integrations
- __EWS Mail Sender__
Solved the ___error_message not defined___ issue.
- __AWS - S3__
Changed authentication method to STS assumerole. For more information, see the [AWS S3 documentation](https://support.demisto.com/hc/en-us/articles/360001941113).
- __EWS v2__
This integration can now handle errors when moving an item between mailboxes using impersonation. For more information, see the [EWS Mail Sender documentation](https://support.demisto.com/hc/en-us/articles/360002253814-EWSv2).
- __Rasterize__
Improved __Test__ button functionality.
- __Cisco Umbrella Investigate__
Fixed categorization false positive.
---
Scripts
2 New Scripts
- __CrowdStrikeUrlParse__
Parse a CrowdStrike alert URL, extract the Agent ID, and pass to the ___cs-device-details___ command to return device details.
- __DecodeMimeHeader__
Decode MIME base64 headers.
12 Improved Scripts
- __BuildEWSQuery__
- Converted to Python.
- Added output context.
- Added support for query limitation.
- __EmailAskUserResponse__
This script can now handle BR tags in an HTML response.
- __FindSimilarIncidents__
This script can now:
- Handle exceptions for empty results.
- Support more than one incident key.
- Support multiple date formats.
- __ParseEmailFiles__
You can now print both text and HTML body parts in a War Room entry.
- __Strings__
Improved handling of text files.
- __SetDateField__
Changed the ___SetDateField___ time format, to correctly include year.
- __IncidentSet__
Deprecated - use the ___setIncident___ command instead.
Better error handling for:
- __DomainReputation__
- __EmailReputation__
- __FileReputation__
- __IPReputation__
- __URLReputation__
---
Playbooks
6 New Playbooks
- __Calculate Severity - 3rd-party integrations__
Calculates the incident severity level according to the methodology of a 3rd-party integration.
- __Calculate Severity - Critical assets__
Determines if a critical asset is associated with the investigation. The playbook returns a severity level of ___Critical___ if a critical asset is associated with the investigation.
- __Calculate Severity - Indicators DBotScore__
Calculates the incident severity level according to the highest indicator DBotScore.
- __Search And Delete Emails - EWS__
This playbook searches EWS to identify and delete emails with similar attributes of a malicious email.
- __Search And Delete Emails - Generic__
This playbook searches and deletes emails with similar attributes of a malicious email.
2 Improved Playbooks
- __Calculate Severity - Generic__
Separated playbook logic into sub-playbooks, and improved documentation.
- __Phishing Investigation - Generic__
Added a response section, including support for search and delete malicious emails.
---
Incident Layouts
New Incident Layouts
- __Malware__
New Summary and New/Edit layout for malware.
---
Classification & Mapping
New Classification & Mapping
- __crowdstrike-streaming-api__
Added Malware mapping for CrowdStrike Mapping.
Improved Classification & Mapping
- __SplunkPy__
Added Malware mapping.