You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Demisto Content Release Notes for version 20.2.3 (41510)
Published on 18 February 2020
Integrations
2 New Integrations
Lastline v2
Use the Lastline v2 integration to provide the threat analysts and incident response teams with the advanced malware isolation and inspection environment needed to safely execute advanced malware samples, and understand their behavior.
Akamai WAF
Use the Akamai WAF integration to manage common sets of lists used by various Akamai security products and features.
10 Improved Integrations
SplunkPy
Added the app argument to the following commands.
splunk-job-create
splunk-search
SumoLogic
Added the waitForSearchComplete parameter, which causes the search to wait for the query to iterate over all messages before returning results.
Bugfix: wait for the query to complete when fetching incidents as aggregate records.
ZeroFox
Fixed an issue where the same incident was repeatedly fetched.
McAfee Web Gateway
Fixed an issue where the integration parameters were exposed in the log.
Mail Sender (New)
Fixed an issue where in some cases attachments displayed as being empty.
Elasticsearch v2
You can now fetch incidents without specifying the Date Format parameter.
ArcSight ESM v2
Fixed an issue where the output for the as-get-entries command was not in the correct format for results with a large number of objects.
Rasterize
Updated Chromium to version 80.
Added support for specifying a maximum page load time. The default value is 180 seconds.
Changed the default user agent to match the Chrome user agent.
RSA NetWitness v11.1
Fixed an issue with fetch-incidents where setting a Fetch Limit would drop older incidents if the number of the fetched incidents was greater than the limit.
Added the pageNumber argument to the netwitness-get-incidents command. The argument allows the user to get incidents from a specific page and is intended to be used with the limit argument.
Palo Alto Networks PAN-OS
The name argument is now mandatory in the panorama-get-service command.
Added 7 commands.
panorama-download-latest-content-update
panorama-content-update-download-status
panorama-install-latest-content-update
panorama-content-update-install-status
panorama-check-latest-panos-software
panorama-download-panos-version
panorama-download-panos-status
Scripts
New Script
YaraScan
Performs a Yara scan on the specified files.
2 Improved Scripts
ReadPDFFileV2
Fixed a bug where emails were labeled as URLs.
Added Email standard output.
DockerHardeningCheck
Updated the error entry with a detailed explanation of the failure.
Playbooks
5 New Playbooks
NetOps - Upgrade PAN-OS Firewall Device
Network operation playbook that upgrades the firewall. The superuser is required in order to update the PAN-OS version.
NetOps - Firewall Version and Content Upgrade
Network operation playbook that updates the version and the content of the firewall. The superuser is required in order to update the PAN-OS version.
Detonate URL - Lastline v2
Detonates a URL using the Lastline sandbox integration.
Akamai WAF - Activate Network Lists
Activates network lists in Staging or Production on Akamai WAF. The playbook finishes running when the network list is active on the requested environment.
Detonate File - Lastline v2
Detonates a file using the Lastline sandbox.
2 Improved Playbooks
Detonate URL - Generic
Replaced the Detonate URL - Lastline sub-playbook with Detonate URL - Lastline v2.
Detonate File - Generic
Replaced the Detonate File - Lastline sub-playbook with Detonate File - Lastline v2.
Incident Fields
New Incident Field
Target Firewall Version
Version to install on the firewall for PAN-OS, for example: 9.0.5.