Demisto-py

Demisto Content Release Notes for version 18.2.3 (7120)
Published at 10 February 2018

Playbooks
- Phishing Playbook - Automated
-- Supported in 3.1.0

- Detonate file
-- Supported in 3.1.0

Demisto Content Release Notes for version 18.2.2 (7041)
Published at 06 February 2018
Integrations

New Integrations
- VxStream
-- Fully automated malware analysis with unique Hybrid Analysis. (formerly Payload Security VxStream)


1 Improved Integrations
- Zscaler
-- Rename command "zcaler-blacklist-url" to "zscaler-blacklist-url"

Demisto Content Release Notes for version 18.2.0 (7001)
Published 05 February 2018
Playbooks

Improved Playbook
- WildFire - Detonate file
-- Detonating files using the 'detonate-file' command


Integrations

New Integration
- Zscaler
-- Zscaler is a cloud security solution built for performance and flexible scalability

2 Improved Integrations
- GRR
-- Handles CSRF retrieval functionality
- WildFire
-- Added file and remote-file detonation commands

Scripts

New Script
- emailFieldTriggered
-- Sends an email to the incident owner when selected field is triggered

5 Improved Scripts
- AddEvidence
-- Adds evidence with occurred time and tags
- AssignAnalystToIncident
-- Assigns current user as the incident owner
- CheckWhitelist
-- Indicator white list is now the default white list
- ExtractDomain
-- Ignore www. in domains extract and take into account emails for domain extraction
- IsMaliciousIndicatorFound
-- Take into account indicators (from indicators DB) for IsMalicious


Files Reputation
-- Using ParseEmailFiles enhancement script on files

Demisto Content Release Notes for version 18.1.2 (6255)
Published at 23 January 2018


Integrations

New Integration
- VMware
-- Manage virtual machines and ESXi hosts centrally

3 Improved Integrations
- McAfee ESM-v10
-- added support to version 10.2
- MISP
-- Added internal-misp-create-event and internal-misp-add-attribute commands
- SplunkPy
-- Added hostname indicator to splunk search results


Scripts

2 New Scripts
- GeneratePassword
-- Generates a password and allows various parameters to customize the properties of the password
- SendEmailToManager
-- Send an approval email to the manager of the employee with the given email allowing the manager to reply directly into the incident

5 Improved Scripts
- AssignAnalystToIncident
-- Return proper error entry message if script fails
- EmailAskUser
-- Added option to use persistent entitlement to support adding artifacts to the war room by multiple external users
- ExtractDomain
-- Ignore "www." in domains extraction
- SendEmailToManager
-- Added the option to use persistent entitlement to support adding artifacts to the war room by multiple external users
- SlackAskUser
-- Add the option to use persistent entitlement to support adding artifacts to the war room by multiple external users

Demisto Content Release Notes for version 18.1.1 (5676)
Published at 09 January 2018
Playbooks

4 New Playbooks
- Calculate Severity - Generic
-- Calculate incident severity by indicator reputation and user/endpoint membership in critical groups
- Get File Sample From Hash - Generic
-- Returns to the war-room a file sample that corresponds to the hash, using one or more products/services
- Get File Sample From Hash - Carbon Black Enterprise Response
-- Returns to the war-room a file sample that corresponds to an MD5 hash, using Carbon Black Enterprise Response integration
- Get File Sample From Hash - Cylance Protect
-- Returns to the war-room a file sample that corresponds to a SHA256 hash, using Cylance Protect integration


Integrations

3 New Integrations

- Kenna
-- Kenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and re-mediate vulnerabilities
- Joe Security
-- Cloud-based sandbox service
- Check Point Sandblast Appliance
-- Query, upload and download data using Check Point Sandblast

4 Improved Integrations
- Remedy On-Demand
-- Added option to add custom fields to incident creation and perform insecure login
- ArcSight Logger
-- ArcSight events logger
- IntSights
-- Integration can now fetch incidents
- Zendesk
-- Added zendesk-add-user for adding end users. Added zendesk-get-article to get help center article

Scripts

7 New Scripts
- ActiveUsersD2
-- Get active users from a D2 agent and parse them into context
- CrowdStrikeStreamingPreProcessing
-- Pre processing script for CrowdStrike Streaming
- D2ActiveUsers
-- Show local accounts
- D2ExecuteCommand
-- Run a D2 built-in command on a D2 agent
- FetchFileD2
-- Get a file from endpoint using a D2 agent
- ParseWordDoc
-- Takes docx file (entryID) as an input and saves a text file (file entry) with the original file's contents
- UserEnrichAD
-- Enhancement automation for user type indicator, to enrich the user name from Active Directory data

5 Improved Scripts
- ADGetComputer
-- Automation will now create hostname indicator. default argument is now 'name'
- ADGetUser
-- Automation will now create user indicator
- ParseCSV
-- ParseCSV by default will parse the whole csv
- ParseEmailHeaders
-- Support multi values headers (e.g. Received header)
- Set (Set context)
-- If object passed as string, Set will parse the value to JSON then set to context

Reputations
-- Add new user type reputation to use for manual indicator and in automations

Demisto Content Release Notes for version 18.1.0 (5638)
Published at 07 January 2018
Playbooks

4 New Playbooks
- Calculate Severity - Generic
-- Calculate incident severity by indicator reputation and user/endpoint membership in critical groups
- Get File Sample From Hash - Generic
-- Returns to the war-room a file sample that corresponds to the hash, using one or more products/services
- Get File Sample From Hash - Carbon Black Enterprise Response
-- Returns to the war-room a file sample that corresponds to an MD5 hash, using Carbon Black Enterprise Response integration
- Get File Sample From Hash - Cylance Protect
-- Returns to the war-room a file sample that corresponds to a SHA256 hash, using Cylance Protect integration


Integrations

3 New Integrations

- Kenna
-- Kenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and re-mediate vulnerabilities
- Joe Security
-- Cloud-based sandbox service
- Check Point Sandblast Appliance
-- Query, upload and download data using Check Point Sandblast

4 Improved Integrations
- Remedy On-Demand
-- Added option to add custom fields to incident creation and perform insecure login
- ArcSight Logger
-- ArcSight events logger
- IntSights
-- Integration can now fetch incidents
- Zendesk
-- Added zendesk-add-user for adding end users. Added zendesk-get-article to get help center article

Scripts

7 New Scripts
- ActiveUsersD2
-- Get active users from a D2 agent and parse them into context
- CrowdStrikeStreamingPreProcessing
-- Pre processing script for CrowdStrike Streaming
- D2ActiveUsers
-- Show local accounts
- D2ExecuteCommand
-- Run a D2 built-in command on a D2 agent
- FetchFileD2
-- Get a file from endpoint using a D2 agent
- ParseWordDoc
-- Takes docx file (entryID) as an input and saves a text file (file entry) with the original file's contents
- UserEnrichAD
-- Enhancement automation for user type indicator, to enrich the user name from Active Directory data

5 Improved Scripts
- ADGetComputer
-- Automation will now create hostname indicator. default argument is now 'name'
- ADGetUser
-- Automation will now create user indicator
- ParseCSV
-- ParseCSV by default will parse the whole csv
- ParseEmailHeaders
-- Support multi values headers (e.g. Received header)
- Set (Set context)
-- If object passed as string, Set will parse the value to JSON then set to context

Reputations
- Add new user type reputation to use for manual indicator and in automations