Workflow

Demisto-py

Latest version: v3.3.0

Safety actively analyzes 629678 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 22 of 33

18.4.0

Demisto Content Release Notes for version 18.4.0 (8183)
Published on 01 April 2018

Integrations

New Integration
- Coffee Maker
-- Make your perfect coffee with Demisto. Check out our [blog post](http://blog.demisto.com/wake-up-and-smell-the-coffee-with-demistos-latest-integration) for additional details

18.3.3

Demisto Content Release Notes for version 18.3.3 (7971)
Published on 20 March 2018
Playbooks

Improved Playbooks
- QRadar - Get offense correlations
-- Converted playbook to new conventions (playbook inputs, argument-filters, etc.)


Scripts

3 New Scripts
- CloseInvestigationAsDuplicate
-- Close the current investigation as duplicate to other investigation
- ExtractHTMLTables
-- Find tables inside HTML and extract the contents into list
- MarkAsNoteByTag
-- Mark entries as notes if they are tagged with given tag

Improved Scripts
- CheckWhitelist
-- Added check whitelist result to outputs

Integrations

2 New Integrations
- Cylance Protect v2
-- Manage Endpoints using Cylance protect
- AWS - S3
-- AWS - amazon public cloud , S3 service

2 Improved Integrations
- Cybereason
-- Changed string comparison in is-probe-connected command to case insensitive
- EWS - V2
-- Two new commands - 'ews-create-folder' and 'ews-mark-item-as-junk'. Also added informative debug logs when error raised

18.3.2

Demisto Content Release Notes for version 18.3.2 (7777)

Published on 07 March 2018

Playbooks

15 New Playbooks
- Malware Investigation - Generic
-- Investigate a malware using one or more integrations
- Malware Investigation - Generic - Setup
-- Verify file sample and hostname information for the "Malware Investigation - Generic" playbook
- Default Playbook
-- Enrich indicators in incident using one or more integrations
- Phishing Playbook - Automated
-- An automated playbook to investigate suspected Phishing attempts
- Phishing Investigation - Generic
-- Investigate a phishing incident using one or more integrations
- Email Address Enrichment - Generic
-- Get email address reputation using one or more integrations
- Process Email - Generic
-- Add email details into the relevant context entities and handle the case where you have attached original emails
- Extract Indicators - Generic
-- Extract indicators from input data
- DBot Indicator Enrichment - Generic
-- Get indicators internal Dbot score
- Calculate Severity - Generic
-- Calculate incident severity by indicators' reputation and user/endpoint membership in critical groups
- Entity Enrichment - Generic
-- Enrich entities using one or more integrations
- File Enrichment - Generic
-- Get file reputation using one or more integrations
- Search Endpoints By Hash - CrowdStrike
-- Hunt for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host
- Search Endpoints By Hash - TIE
-- Hunt for sightings of MD5, SHA1 and/or SHA256 hashes on endpoints, using McAfee TIE
- Search Endpoints By Hash - Carbon Black Response
-- Hunt for malicious indicators using Carbon Black

Improved Playbooks
- URL Enrichment - Generic
-- Add URL SSL verification


Scripts

2 New Scripts
- URLSSLVerification
-- Verify URL SSL certificate
- getMlFeatures
-- Calculate features for machine learning

2 Improved Scripts
- GetIndicatorDBotScore
-- Support for custom indicator types
- IsMaliciousIndicatorFound
-- Handle 'includeSuspicious' argument properly



Integrations

2 New Integrations
- Remedy AR
-- Professional development environment that leverages the recommendations of the IT Infrastructure Library (ITIL) and provides a foundation for Business Service Management (BSM) solutions
- EWS v2
-- Exchange Web Services and Office 365 - More commands, better outputs structure and more reliable

6 Improved Integrations
- McAfee ESM-v10
-- Support changing organization when editing a case
- Okta
-- Fix issue with unlock action
- Remedy On-Demand
-- Added fetch-incidents support
- ServiceNow
-- Fetch incidents now supports customised tables
- SplunkPy
-- Add command splunk-parse-raw that parse Splunk '_raw' result. Protect Splunk notable events fetch from nil pointer
- Rasterize
-- Forcing white background on emails for better visibility in the dark theme

Depracated
- EWS - use EWS v2 instead

Reputation
- Change IP regex to capture valid IP addresses only

18.3.1

Demisto Content Release Notes for version 18.3.1 (7728)

Published on 06 March 2018

Playbooks

15 New Playbooks
- Malware Investigation - Generic
-- Investigate a malware using one or more integrations
- Malware Investigation - Generic - Setup
-- Verify file sample and hostname information for the "Malware Investigation - Generic" playbook
- Default Playbook
-- Enrich indicators in incident using one or more integrations
- Phishing Playbook - Automated
-- An automated playbook to investigate suspected Phishing attempts
- Phishing Investigation - Generic
-- Investigate a phishing incident using one or more integrations
- Email Address Enrichment - Generic
-- Get email address reputation using one or more integrations
- Process Email - Generic
-- Add email details into the relevant context entities and handle the case where you have attached original emails
- Extract Indicators - Generic
-- Extract indicators from input data
- DBot Indicator Enrichment - Generic
-- Get indicators internal Dbot score
- Calculate Severity - Generic
-- Calculate incident severity by indicators' reputation and user/endpoint membership in critical groups
- Entity Enrichment - Generic
-- Enrich entities using one or more integrations
- File Enrichment - Generic
-- Get file reputation using one or more integrations
- Search Endpoints By Hash - CrowdStrike
-- Hunt for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host
- Search Endpoints By Hash - TIE
-- Hunt for sightings of MD5, SHA1 and/or SHA256 hashes on endpoints, using McAfee TIE
- Search Endpoints By Hash - Carbon Black Response
-- Hunt for malicious indicators using Carbon Black

Improved Playbooks
- URL Enrichment - Generic
-- Add URL SSL verification


Scripts

2 New Scripts
- URLSSLVerification
-- Verify URL SSL certificate
- getMlFeatures
-- Calculate features for machine learning

2 Improved Scripts
- GetIndicatorDBotScore
-- Support for custom indicator types
- IsMaliciousIndicatorFound
-- Handle 'includeSuspicious' argument properly



Integrations

2 New Integrations
- Remedy AR
-- Professional development environment that leverages the recommendations of the IT Infrastructure Library (ITIL) and provides a foundation for Business Service Management (BSM) solutions
- EWS v2
-- Exchange Web Services and Office 365 - More commands, better outputs structure and more reliable

6 Improved Integrations
- McAfee ESM-v10
-- Support changing organization when editing a case
- Okta
-- Fix issue with unlock action
- Remedy On-Demand
-- Added fetch-incidents support
- ServiceNow
-- Fetch incidents now supports customised tables
- SplunkPy
-- Add command splunk-parse-raw that parse Splunk '_raw' result. Protect Splunk notable events fetch from nil pointer
- Rasterize
-- Forcing white background on emails for better visibility in the dark theme

Depracated
- EWS - use EWS v2 instead

Reputation
- Change IP regex to capture valid IP addresses only

18.3.0

Demisto Content Release Notes for version 18.3.0 (7763)

Published on 06 March 2018

Playbooks

15 New Playbooks
- Malware Investigation - Generic
-- Investigate a malware using one or more integrations
- Malware Investigation - Generic - Setup
-- Verify file sample and hostname information for the "Malware Investigation - Generic" playbook
- Default Playbook
-- Enrich indicators in incident using one or more integrations
- Phishing Playbook - Automated
-- An automated playbook to investigate suspected Phishing attempts
- Phishing Investigation - Generic
-- Investigate a phishing incident using one or more integrations
- Email Address Enrichment - Generic
-- Get email address reputation using one or more integrations
- Process Email - Generic
-- Add email details into the relevant context entities and handle the case where you have attached original emails
- Extract Indicators - Generic
-- Extract indicators from input data
- DBot Indicator Enrichment - Generic
-- Get indicators internal Dbot score
- Calculate Severity - Generic
-- Calculate incident severity by indicators' reputation and user/endpoint membership in critical groups
- Entity Enrichment - Generic
-- Enrich entities using one or more integrations
- File Enrichment - Generic
-- Get file reputation using one or more integrations
- Search Endpoints By Hash - CrowdStrike
-- Hunt for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host
- Search Endpoints By Hash - TIE
-- Hunt for sightings of MD5, SHA1 and/or SHA256 hashes on endpoints, using McAfee TIE
- Search Endpoints By Hash - Carbon Black Response
-- Hunt for malicious indicators using Carbon Black

Improved Playbooks
- URL Enrichment - Generic
-- Add URL SSL verification


Scripts

2 New Scripts
- URLSSLVerification
-- Verify URL SSL certificate
- getMlFeatures
-- Calculate features for machine learning

2 Improved Scripts
- GetIndicatorDBotScore
-- Support for custom indicator types
- IsMaliciousIndicatorFound
-- Handle 'includeSuspicious' argument properly



Integrations

2 New Integrations
- Remedy AR
-- Professional development environment that leverages the recommendations of the IT Infrastructure Library (ITIL) and provides a foundation for Business Service Management (BSM) solutions
- pyEWS
-- Exchange Web Services and Office 365

6 Improved Integrations
- McAfee ESM-v10
-- Support changing organization when editing a case
- Okta
-- Fix issue with unlock action
- Remedy On-Demand
-- Added fetch-incidents support
- ServiceNow
-- Fetch incidents now supports customised tables
- SplunkPy
-- Add command splunk-parse-raw that parse Splunk '_raw' result. Protect Splunk notable events fetch from nil pointer
- Rasterize
-- Forcing white background on emails for better visibility in the dark theme

Reputation
- Change IP regex to capture valid IP addresses only

18.2.4

Demisto Content Release Notes for version 18.2.4 (7342)
Published on 20 February 2018
Playbooks

2 Improved Playbooks
- Domain Enrichment - Generic
-- Run enrichment only if available modules exists and are enabled
- URL Enrichment - Generic
-- Added input flag for screenshots

Integrations

8 Improved Integrations
- RSA Archer
-- Login method now communicates using SOAP protocol
- McAfee ESM-v10
-- Remove unneeded log line that caused an issue with Fetch incidents
- OpenPhish
-- Added DBotScore 0 when there is no score from OpenPhish
- Symantec Endpoint Protection
-- Added option to filter endpoints info by computer-name, os, last-updated and page-size
- VirusTotal
-- Added DBotScore 0 to file when there is no score from VirusTotal
- WildFire
-- Added WildFire report details to the context output
- McAfee ePO
-- Better handling of string-type outputs
- McAfeeDAM
-- Improved war-room result appearance
- General
-- Grouped Data enrichment & Threat intelligence categories together
-- Rearranged integration categories



Scripts

2 Improved Scripts
- AddEvidence
-- Handle case where 'occurred' or 'tags' arguments are not supplied
- IncidentSet
-- Can now set unknown incident severity set

Deprecated Scripts
- BinaryReputationPy
-- Please use ExtractHash to extract data, and use 'file' command to get reputation

Page 22 of 33

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.