Demisto Content Release Notes for version 18.1.1 (5676)
Published at 09 January 2018
Playbooks
4 New Playbooks
- Calculate Severity - Generic
-- Calculate incident severity by indicator reputation and user/endpoint membership in critical groups
- Get File Sample From Hash - Generic
-- Returns to the war-room a file sample that corresponds to the hash, using one or more products/services
- Get File Sample From Hash - Carbon Black Enterprise Response
-- Returns to the war-room a file sample that corresponds to an MD5 hash, using Carbon Black Enterprise Response integration
- Get File Sample From Hash - Cylance Protect
-- Returns to the war-room a file sample that corresponds to a SHA256 hash, using Cylance Protect integration
Integrations
3 New Integrations
- Kenna
-- Kenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and re-mediate vulnerabilities
- Joe Security
-- Cloud-based sandbox service
- Check Point Sandblast Appliance
-- Query, upload and download data using Check Point Sandblast
4 Improved Integrations
- Remedy On-Demand
-- Added option to add custom fields to incident creation and perform insecure login
- ArcSight Logger
-- ArcSight events logger
- IntSights
-- Integration can now fetch incidents
- Zendesk
-- Added zendesk-add-user for adding end users. Added zendesk-get-article to get help center article
Scripts
7 New Scripts
- ActiveUsersD2
-- Get active users from a D2 agent and parse them into context
- CrowdStrikeStreamingPreProcessing
-- Pre processing script for CrowdStrike Streaming
- D2ActiveUsers
-- Show local accounts
- D2ExecuteCommand
-- Run a D2 built-in command on a D2 agent
- FetchFileD2
-- Get a file from endpoint using a D2 agent
- ParseWordDoc
-- Takes docx file (entryID) as an input and saves a text file (file entry) with the original file's contents
- UserEnrichAD
-- Enhancement automation for user type indicator, to enrich the user name from Active Directory data
5 Improved Scripts
- ADGetComputer
-- Automation will now create hostname indicator. default argument is now 'name'
- ADGetUser
-- Automation will now create user indicator
- ParseCSV
-- ParseCSV by default will parse the whole csv
- ParseEmailHeaders
-- Support multi values headers (e.g. Received header)
- Set (Set context)
-- If object passed as string, Set will parse the value to JSON then set to context
Reputations
-- Add new user type reputation to use for manual indicator and in automations