Demisto Content Release Notes for version 18.3.2 (7777)
Published on 07 March 2018
Playbooks
15 New Playbooks
- Malware Investigation - Generic
-- Investigate a malware using one or more integrations
- Malware Investigation - Generic - Setup
-- Verify file sample and hostname information for the "Malware Investigation - Generic" playbook
- Default Playbook
-- Enrich indicators in incident using one or more integrations
- Phishing Playbook - Automated
-- An automated playbook to investigate suspected Phishing attempts
- Phishing Investigation - Generic
-- Investigate a phishing incident using one or more integrations
- Email Address Enrichment - Generic
-- Get email address reputation using one or more integrations
- Process Email - Generic
-- Add email details into the relevant context entities and handle the case where you have attached original emails
- Extract Indicators - Generic
-- Extract indicators from input data
- DBot Indicator Enrichment - Generic
-- Get indicators internal Dbot score
- Calculate Severity - Generic
-- Calculate incident severity by indicators' reputation and user/endpoint membership in critical groups
- Entity Enrichment - Generic
-- Enrich entities using one or more integrations
- File Enrichment - Generic
-- Get file reputation using one or more integrations
- Search Endpoints By Hash - CrowdStrike
-- Hunt for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host
- Search Endpoints By Hash - TIE
-- Hunt for sightings of MD5, SHA1 and/or SHA256 hashes on endpoints, using McAfee TIE
- Search Endpoints By Hash - Carbon Black Response
-- Hunt for malicious indicators using Carbon Black
Improved Playbooks
- URL Enrichment - Generic
-- Add URL SSL verification
Scripts
2 New Scripts
- URLSSLVerification
-- Verify URL SSL certificate
- getMlFeatures
-- Calculate features for machine learning
2 Improved Scripts
- GetIndicatorDBotScore
-- Support for custom indicator types
- IsMaliciousIndicatorFound
-- Handle 'includeSuspicious' argument properly
Integrations
2 New Integrations
- Remedy AR
-- Professional development environment that leverages the recommendations of the IT Infrastructure Library (ITIL) and provides a foundation for Business Service Management (BSM) solutions
- EWS v2
-- Exchange Web Services and Office 365 - More commands, better outputs structure and more reliable
6 Improved Integrations
- McAfee ESM-v10
-- Support changing organization when editing a case
- Okta
-- Fix issue with unlock action
- Remedy On-Demand
-- Added fetch-incidents support
- ServiceNow
-- Fetch incidents now supports customised tables
- SplunkPy
-- Add command splunk-parse-raw that parse Splunk '_raw' result. Protect Splunk notable events fetch from nil pointer
- Rasterize
-- Forcing white background on emails for better visibility in the dark theme
Depracated
- EWS - use EWS v2 instead
Reputation
- Change IP regex to capture valid IP addresses only