This release introduces two new integrations and several updates to integrations and related playbooks.
Integrationsβ
- [New] Atlassian Opsgenie
- [New] Druva
- [Updated] Atlassian Jira
- [Updated] Basic Tools
- [Updated] Microsoft EWS Daemon
- [Updated] ServiceNow V2
- [Updated] Slack
- [Updated] Sumo Logic Cloud SIEM
- [Updated] Sumo Logic Cloud SIEM Internal
- [Updated] Sumo Logic Log Analytics
- [Updated] Sumo Logic Log Analytics Internal
- [Updated] VirusTotal
Playbooksβ
- [Updated] 501 - Send Insight AWS SNS Notification
- [Updated] 502 - Send Insight Email Notification
- [Updated] 503 - Enrich Entity with CrowdStrike Falcon Intelligence
- [Updated] 504 - Enrich Entity with DomainTools
- [Updated] 505 - Enrich IP with Geolocation from MaxMind
- [Updated] 506 - Recommend Insight Response
- [Updated] 507 - Create PagerDuty Incident for Insight
- [Updated] 508 - Enrich Entity with PowerShell GreyNoise
- [Updated] 509 - Enrich Entity with PowerShell SentinelOne
- [Updated] 510 - Enrich Entity with PowerShell User Query
- [Updated] 511 - Enrich Entity with PowerShell CrowdStrike
- [Updated] 512 - Enrich Entity with PowerShell CarbonBlack
- [Updated] 513 - Enrich Entity with PowerShell Whois
- [Updated] 514 - Enrich Entity with PowerShell nslookup
- [Updated] 515 - Enrich Entity with Recorded Future
- [Updated] 516 - Enrich Hash with SentinelOne
- [Updated] 517 - Create ServiceNow Ticket for Insight
- [Updated] 518 - Update ServiceNow Ticket for Insight
- [Updated] 519 - Send Insight Slack Notification
- [Updated] 520 - Enrich Entity with Log Search
- [Updated] 521 - Update Match List
- [Updated] 522 - Create Jira Issue for Insight
- [Updated] 523 - Update Jira Issue for Insight
- [Updated] 524 - Enrich IP Address with GreyNoise
- [Updated] 525 - Enrich Entity with Jamf
- [Updated] 526 - Send Insight Teams Notification
- [Updated] 527 - Enrich Entity with VirusTotal
- [Updated] 528 - Create ZenDesk Ticket for Insight
- [Updated] 529 - Update ZenDesk Ticket for Insight
- [Updated] 530 - Get Mitre Mitigations for Insight
- [Updated] 531 - Example Insight full Enrichment
- [Updated] 532 - Example Entity full Enrichment
- [Updated] 533 - Example Involved Entities full Enrichment
- [Updated] 534 - Enrich Entity with AlienVault OTX
- [Updated] 535 - Application Latency Playbook
- [Updated] 536 - Unresolved Alert Notification
- [Updated] 537 - Amazon GuardDuty BruteForce finding
- [Updated] 538 - Admin Privileges Granted
- [Updated] 539 - Amazon GuardDuty InstanceCredentialExfiltration finding
- [Updated] 540 - EC2 instance accessed from malicious IP