Demisto-py

Integrations
- LightCyber
- Mimecast
- Checkpoint Sandblast Threat Emulation Sandbox
- Algosec BusinessFlow (ABF), Firewall Analyzer (AFA) and FireFlow (AFF)
- Giphy

Playbooks
- Enhanced Automated Phishing investigation playbook
- McAfee playbooks enhanced with automated tasks
- Default playbook enhanced with clearer steps to classify email alerts
- Classifier playbook centralizes the logic that picks the correct incident type for incoming incidents
- Tanium example playbook that demonstrates interaction with Tanium

Scripts
- ADExpirePassword - Set an AD user's password as expired
- ADSetNewPassword - Set a new password for an AD user
- TaniumShowPendingActions - Show actions pending approval (if four-eyes rule is configured)
- TaniumApprovePendingActions - Approve only actions which use the specified packages.
- MimecastFindEmail - Use Mimecast to search for an email across all mailboxes.
- TaniumAskQuestion - default timeout behavior fixed
- ADUserLogonInfo bugfix
- Slack Mirroring - new feature to mirror War Room activity into Slack
- SandboxDetonateFile now supports Sandblast
- SandboxDetonateFile now supports explicitly picking which sandboxes to use by specifying "using-brand" argument
- ScheduleCommand - Schedule recurring execution of a command. Can be used inside playbooks.
- Background reputation checks for URLs and IP addresses now include PassiveTotal (if configured).
- IncidentSet now updates context after modifying incident metadata
- StixParser script for incoming Threat Intel

Integrations
- Amazon Web Services
- Vectra
- Okta
- Box
- Imperva Skyfence
- Imperva Incapsula

Playbooks
- Rapid IOC Hunting playbook - Takes an incoming CSV with new IPs and MD5s and reacts rapidly to search and block them using a variety of security integrations.
- Symantec Endpoint Compliance playbook - Use Symantec Endpoint Protection to check the latest AV Definitions from Symantec Cloud and verify AV Definitions versions in endpoints. If any outdated endpoints are found open a ticket and send an email alert.
- McAfee ePO Repository compliance - Ensures that ePO servers are updated to the latest McAfee published AV signatures (DAT file version).
- McAfee ePO Endpoint compliance - Discover endpoints that are not using the latest McAfee AV Signatures.
- McAfee ePO Endpoint Connectivity Diagnostics playbook - Perform a check on ePO endpoints to see if any endpoints are unmanaged or lost connectivity with ePO and take steps to return to valid state.
- Checkpoint Firewall Configuration Backup playbook - Connects to several Checkpoint firewall appliances using SSH and triggers a backup task, then pulls the resulting backup file to Demisto using SCP, while generating a report to show whether any firewalls failed to trigger the backup task.

Scripts
- VolJson and VolMalfindDump are now server scripts using RemotExec (ssh through a RemoteAccess integration instance) to run volatility without running a d2 agent
- CheckSenderDomainDistance - may now receive a comma-separated list of domains as an argument. It will check if the sender's email address uses a domain that is close to any of the domains supplied. This is useful in case your organization has several domains being used for employee email addresses e.g. both acmemail.com and acme.com
- CBFindIP and CBFindHash - use Carbon Black to search your enterprise quickly for an IP or Hash.
- CBLiveGetFile - Use Carbon Black to open a Live shell on an endpoint and pull the designated file
- CBPBanHash - Now supports banning multiple hashes at once (comma-separated) using Carbon Black Protection (Bit9)
- CBPCatalogFindHash - Look up a hash in the Bit9 file catalog
- PWFindEvents - Takes several IP addresses and finds all events involving at least one of them.
- Elasticsearch
- SearchIncidents - search for other existing incidents within Demisto

demisto-py 1.x is officially in maintenance-mode only. This means we only respond to CVE-level tickets. All of our efforts are being allocated towards the development of demisto-py 2.x. Technical contributions are welcome!

demisto-py 1.x is officially in maintenance-mode only. This means we only respond to CVE-level tickets. All of our efforts are being allocated towards the development of demisto-py 2.x. Technical contributions are welcome!