Demisto Content Update 2.0.0 - 22Jan2017

Release Notes for version 2.0.0

Integrations

• Trend Micro DSM
• RSA Security Analytics
• RSA Netwitness Packets and Logs (Decoder, Concentrator and Broker)
• Koodous
• OSQuery

Playbooks

• Phishing playbook enhancements
  • Added steps to find emails in all mailboxes that contain them, and use Mimecast if available
  • Separate tasks for finding emails and deleting them, allowing for human review and approval.
  • Separate tasks for extracting entities from html and text parts of the email.
• TrendMicro Alert Example playbook

Scripts

• Autoruns script now saves MD5s of startup modules in context
• IsIpInRanges - Script to check whether an IP address belongs to a range, e.g. to check internal vs. external in playbooks
• RunSqlQuery (For MSSQL and MySQL)
• OSQuery - foundation scripts for querying processes, users, sockets, etc.
• ExchangeSearch script improved and delete action moved to separate script to enable human approval if desired and more modular usability in playbooks.
• ADGetEmailForAllUsers - Get a full list of mailboxes for all AD users
• SendEmail - Now able to send textual entry in email body by giving a noteEntryID
• CheckWhitelist - see whether an item is in the named whitelist
• ADGetUser and ADGetComputer - display chosen attributes of a computer/user from AD
• BinaryReputationPy - ability to do X retries if hit rate limit for free virustotal key
• Cuckoo scripts enhanced with better output formatting, parameters for detonation, and more
• CuckooGetScreenshot - retrieve screenshots from Cuckoo execution into war room
• SendEmail - ability to send a text entry as an email by entryid