Release Notes for version 3.0.1 (3674)
Playbooks
New Playbooks
- McAfeeESMTest
Modified Playbooks
- Phishing Playbook - Automated
-- Fix default display name in email message
Integrations
New Integrations
- AlienValut OTX
-- Query IOCs in AlienVault
- RSA Archer
-- The RSA Archer GRC Platform provides a common foundation for managing policies, controls, risks, assessments and deficiencies across lines of business.
- Cisco Spark
-- Send messages, create rooms and more, via the Cisco Spark API.
- Cybereason
-- Gets processes/connections using the Cybereason API.
- DomainTools
-- Domain name, DNS and Internet OSINT-based cyber threat intelligence and cybercrime forensics products and data
- Endgame
-- Endpoint protection built to stop advanced attacks before damage and loss occurs
- Service Manager
-- Service Manager By Micro Focus (Formerly HPE Software).
- MISP
-- Malware Information Sharing Platform and Threat Sharing
- malwr
-- Analyze files using the malwr sandbox
- PacketMail
-- Intel look up for IPS
- Panorama
-- Manage Palo Alto Networks firewalls via the Panorama management interface
- Phishme Intelligence
-- Human-vetted, Phishing-specific Threat Intelligence from Phishme.
- SumoLogic
-- Cloud-based service for logs & metrics management
- Symantec Advanced Threat Protection
-- Advanced protection capabilities from Symantec
- urlscan.io
-- Urlscan.io reputation
- Verodin
-- Verodin simulations and topology
- fireeye
-- Perform malware dynamic analysis
- jamf
-- Jamf device management
Modified Integrations
- Cisco Umbrella Investigate
-- Fix response in non-existing domains/ip
- Cisco CloudLock
-- Added Demisto side filtering of results
- Cylance Protect
-- Better error notifications
- McAfee ESM-v10
-- Added Support for case management and fetch incidents of cases
- Incapsula
-- Added proxy setting support
- LightCyber Magna
-- Added the commands lcm-host-autoruns, lcm-host-processes-internet-connections, lcm-host-loaded-modules, lcm-host-processes, lcm-host-processes, lcm-host-suspicious-artifacts, lcm-host-opened-ports
- LogRhythm
-- Support exporting incident full JSON
- EWS
-- Support get attachment of an item(mail)
- ProtectWise
-- Consolidated command names. Upgraded with outputs. Can fetch incidents from Protectwise events with filtering on event names. Timestamps presented in human readble format.
- QRadar
-- Support exporting incident full JSON
- RSA NetWitness Packets and Logs
-- Add last minutes functionality
- RSA NetWitness Security Analytics
-- Upgrade to new format. Added human readable format and some command fixes
- SplunkPy
-- First fetch to bring last 10 minutes notable events
- ThreatConnect
-- Fix proxy condition in TC, add threshold, and fix various issues, support Dbot score and context update, change no results outputs
- Threat Grid
-- Fixed file return bug
- Vectra
-- Support exporting incident full JSON
- Venafi
-- Context creation by Venafi search and new serach arguments
- jira
-- Merging Ticket entity by Id
- McAfeeDAM
-- Support exporting incident full JSON
- Rasterize
-- Added proxy settings
- Trend Micro
-- Support exporting incident full JSON
Reports
Scripts
New Scripts
- DataDomainReputation
-- Evaluate reputation of a URL and Domain and return a score between 0 and 3 (0 - unknown, 1 - known good, 2 - suspicious, 3 - known bad). If the indicator reputation was manually set, the manual value will be returned.
- EmailAskUserResponse
-- Extract user's response from EmailAskUser reply. Returns the first textual response line of the provided entry that contains the reply body. Use ${lastCompletedTaskEntries} to analyze the previous playbook task containing the user's reply.
- ExtractDomain
-- Extract Domains from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON.
- ExtractDomainFromURL
-- Extract Domain from a URL. Domain will include sub-domain as well
- ExtractDomain
-- Extract Domains from the given text and place them both as output and in the context of a playbook. If given an object, will convert to JSON.
- HTTPListRedirects
-- List the redirects for a given URL
- IsValueInArray
-- Look for value in an array
- MatchRegex
-- Extract regex data from given text - supports groups as well
- PanoramaDynamicAddressGroup
- ResolveShortenedURL
-- Resolve the original URL from the given shortened URL and place it in both as output and in the context of a playbook. (https://unshorten.me/api)
- ToTable
-- Convert an array to a nice table display. Usually, from the context.
- URLNumberOfAds
- isError
-- Check whether given entry/entries returned an error. Use ${lastCompletedTaskEntries} to check the previous task entries. If array is provided, will return yes if one of the entries returned an error.
- misp_download_sample
-- Download malicious file sample from MISP
- misp_upload_sample
-- Upload malicious file sample to MISP
Modified Scripts
- ADGetAllUsersEmail
-- Deprecated
- ADGetComputer
-- Split Groups in context into array
- ADGetGroupMembers
-- Split Groups in context into array
- ADGetUser
-- Added limit param and set default size limit
- AreValuesEqual
-- Arguments are not mandatory anymore. If either of the arguments are missing, no is returned.
- CommonServer
-- Added createdEntry function and dqQueryBuilder
- CommonServerPython
-- added html to formats
- DataHashReputation
-- Manually set value of indicator reputation will now superceed threat intel sites
- DataIPReputation
-- Manually set value of indicator reputation will now superceed threat intel sites
- DataURLReputation
-- Manually set value of indicator reputation will now superceed threat intel sites
- EmailAskUser
-- Options in HTML email are clickable links that open a new email with the selected option
- ExposeList
-- Deprecated
- ExposeUsers
-- Deprecated - 'getUsers' builtin command should be used
- ExtractURL
-- The ability to extract urls from query string
- FileCreateAndUpload
-- Converted to JS. Added the ability to take entry ID for storing its content to file.
- IsMaliciousIndicatorFound
-- Added the ability to check suspicious indicators as well
- LoadJSON
-- Add outputs and save in context
- NessusCreateScan
-- deprecated. Use integration command
- NessusGetReport
-- deprecated. Use integration command
- NessusHostDetails
-- deprecated. Use integration command
- NessusLaunchScan
-- deprecated. Use integration command
- NessusListScans
-- deprecated. Use integration command
- NessusScanDetails
-- deprecated. Use integration command
- NessusScanStatus
-- deprecated. Use integration command
- NessusShowEditorTemplates
-- deprecated. Use integration command
- NotInContextVerification
-- removed spaces from cmdArgs
- ParseEmailFiles
-- Adding support for mixed CR/LF in fileType. Support utf-8 chars.
- StringContains
-- Support looking for one substring out of a list
- VerifyContext
-- removed spaces from field names
Removed Scripts
- SendURLDetailsByEmail