Demisto-py

Demisto Content Release Notes for version 18.5.2 (8950)
Published on 03 May 2018

Integrations

2 New Integrations
- __FireEye HX__
An integrated solution that detects what others miss and protects endpoint against known and unknown threats.
- __Phish.AI__
Next-Generation Anti-Phishing Platform Powered by AI & Computer Vision.

Demisto Content Release Notes for version 18.5.1 (8902)
Published on 2 May 2018

Integrations

2 New Integrations
- __Centreon__
Centreon is a network, system, applicative supervision, and monitoring tool. The integration provides monitoring enrichment context for hosts and applications.
- __EasyVista__
EasyVista enables you to manage the entire process of designing, managing, and delivering IT services. With the integration, you can obtain a list of incidents and requests, such as service, change, investment, and more.



6 Improved Integrations
- __RSA NetWitness Packets and Logs__
Improved parameter descriptions.
- __Threat Grid__
The _threat-grid-get-html-report-by-id ()_ command displays a report file as a file in the War Room.
- __McAfee ePO__
Enhanced War Room result formatting for _epo-commands_ (Fixed _epo-commands_ issue from version 18.5.0).
- __FireEye iSIGHT__
Fixed the timestamp in request headers, which in some cases resulted in failed authentication.
- __Okta__
Added system log commands.
- __Preempt__
Rephrasing error messages and editing context outputs.
---

Scripts

4 New Scripts
- __AquatoneDiscover__
Locates a target's nameservers and shuffle DNS lookups between them.
- __IndicatorMaliciousRatioCalculation__
Returned indicators appears in resolved incidents and resolved incident IDs.
- __TimeStampToDate (Transformer)__
Converts the UNIX Epoch timestamp to a simplified extended ISO format string. Use it to convert timestamp to the Demisto date field.
- __WhereFieldEquals (Transformer)__
Return all items from the list where the items' 'field' attribute is equal to the 'equalTo' argument.

2 Improved Scripts
- __Urlscan.io__
Encoded the URL parameters for the _submit-url_ command.
- __Ping__
Added Ping results as output and removed verbose argument (this change breaks backward compatibility, best practice is to use outputs over context and raw-response=true for verbose results).

---
New Incident Layouts
- __Incident type 'Access'__
Default Incident Summary and Create/Edit Incident layouts.
---
New Classification & Mapping
SplunkPy classification and mapping for 'Access' incident type. Using the layout and mappings, users can handle Access incident type notables from Splunk ES.

Demisto Content Release Notes for version 18.5.0 (8862)
Published on 1 May 2018

Integrations

3 New Integrations
- __Centreon__
Centreon is a network, system, applicative supervision, and monitoring tool. The integration provides monitoring enrichment context for hosts and applications.
- __EasyVista__
EasyVista enables you to manage the entire process of designing, managing, and delivering IT services. With the integration, you can obtain a list of incidents and requests, such as service, change, investment, and more.
- __Phish.AI__
Next-Generation Anti-Phishing Platform Powered by AI & Computer VIsion.



6 Improved Integrations
- __RSA NetWitness Packets and Logs__
Improved parameter descriptions.
- __Threat Grid__
The _threat-grid-get-html-report-by-id ()_ command displays a report file as a file in the War Room.
- __McAfee ePO__
Enhanced War Room result formatting for _epo-commands_.
- __FireEye iSIGHT__
Fixed the timestamp in request headers, which in some cases resulted in failed authentication.
- __Okta__
Added system log commands.
- __Preempt__
Rephrasing error messages and editing context outputs.
---

Scripts

4 New Scripts
- __AquatoneDiscover__
Locates a target's nameservers and shuffle DNS lookups between them.
- __IndicatorMaliciousRatioCalculation__
Returned indicators appears in resolved incidents and resolved incident IDs.
- __TimeStampToDate (Transformer)__
Converts the UNIX Epoch timestamp to a simplified extended ISO format string. Use it to convert timestamp to the Demisto date field.
- __WhereFieldEquals (Transformer)__
Return all items from the list where the items' 'field' attribute is equal to the 'equalTo' argument.

2 Improved Scripts
- __Urlscan.io__
Encoded the URL parameters for the _submit-url_ command.
- __Ping__
Added Ping results as output and removed verbose argument (this change breaks backward compatibility, best practice is to use outputs over context and raw-response=true for verbose results).

---
New Incident Layouts
- __Incident type 'Access'__
Default Incident Summary and Create/Edit Incident layouts.
---
New Classification & Mapping
SplunkPy classification and mapping for 'Access' incident type. Using the layout and mappings, users can handle Access incident type notables from Splunk ES.

Demisto Content Release Notes for version 18.4.3 (8539)
Published on 16 April 2018

Integrations

New Integrations
- Skyformation
-- Provides cloud application security for business organizations, forwards security events to the organization security tools and enables covering their cloud activity

Improved Integrations
- RSA NetWitness Packets and Logs
-- Outputs were added

Scripts

2 Improved Scripts
- ADGetUser
-- Added escaping for brackets in filter's parameters
- ExtractURL
-- Support extraction of escaped urls


Widgets


Improved Widgets
- My Tasks
-- Widget now do not display skipped tasks


Dashboards

2 New Dashboards
- My Dashboard
- System Health


Reputations
- Support for unescaped URLs extraction

Demisto Content Release Notes for version 18.4.2 (8476)
Published on 12 April 2018

Integrations

4 New Integrations
- Carbon Black Enterprise Live Response
-- Collect information and take action on remote endpoints in real time
- RSA NetWitness v11.1
-- Systems logs, network and endpoint visibility for real-time collection, detection and automated response
- Symantec Messaging Gateway
-- Protect against spam, malware, targeted attacks and provide advanced content filtering, data loss prevention and email encryption
- TruSTAR
-- Threat intelligence platform that enriches every stage of security operations workflows from the trusted and relevant data sources

6 Improved Integrations
- SplunkPy
-- Fetch notable events by index time (instead of event time)
- Cybereason
-- Added isolate and un-isolate machines commands
- Cylance Protect v2
-- Added fetch incidents support and fixed Cylance score translation
- EWS v2
-- Fixed ews-search-mailboxes command
- Salesforce
-- Added outputs and improved war-room results for all commands
- Zscaler
-- Added commands - lookup, whitelist, undo-whitelist, undo-blacklist for URLs and IP addresses


Scripts

New Scripts
- JoinIfSingleElementOnly
-- A transformer that returns a single element in case the array has only one element in it, otherwise return the whole array

Improved Scripts
- ParseEmailFiles
-- Better handling of non-UTF characters

Reports

2 Improved Reports
- Daily incidents
-- Removed open duration as it is not set for open incident
- Investigation Summary
-- Added linked incidents section

Utilities
- JavaScript
-- Added 'fixUrl', 'endsWith' and 'startsWith' functions to string type
- Python
-- escaped special characters used in 'tableToMarkdown'

Demisto Content Release Notes for version 18.4.1 (8197)
Published on 03 April 2018

Playbooks

2 New Playbooks
- Close incident if duplicate found
-- Find and close duplicate incidents for the current incident
- Packetsled
-- Enumerate the packetsled entities with incidents, and query each entity for artifacts

Integrations

3 New Integrations
- Intezer
-- Malware detection and analysis based on code reuse
- Packetsled
-- Packetsled Network Security API commands
- Preempt
-- Preempt Behavioral Firewall - Detection and enforcement based on user identity

Improved Integrations
- SplunkPy
-- Support Splunk fetch incident to extract custom fields from _raw of notable events

Reputations
- Support escaped IPs in format x[.]x[.]x[.]x (e.g. 192[.]168[.]0[.]1)


Scripts

2 New Scripts
- FindSimilarIncidents
-- Find similar incidents by common incident keys, labels, custom fields or context keys
- UnEscapeIPs
-- Remove escaping chars from IP (e.g. 127[.]0[.]0[.]1 -> 127.0.0.1)

Filters & Operations Example Scripts

The following are examples for scripts that can be use as filters or operations with playbook inputs (see image bellow*)
- InRange (filter)
-- Checks if left side is in range of right side
- StripChars (operation)
-- Strip set of characters from prefix and/or suffix
- ReverseList (operation, entire-list)
-- Reverse a given list. An entire-list transformer - it operates the argument as a list (note the "entirelist" tag)

*Filters & Operations usage