February 2025 - Release Notes - Cortex XDR - Cortex

This section describes the new features and updates of the Cortex XDR 3.13 release.

Release Highlights

The Cortex XDR 3.13 release includes the following highlights:

FEATURE	DESCRIPTION
Enhanced investigation experience	Causality Forensics Highlights are now enriched with MITRE ATT&CK tactics, techniques, and procedures (TTPs) as well as additional data points such as URL verdicts, WildFire reports and Threat Context. This streamlines your investigations and provides immediate, actionable insights into security alerts and the related artifacts in the causality chain.
Integrating forensics data in causality cards	Enriching the causality card with data from forensic collections such as OS system data, volatile and memory data, and application forensic data. This allows you to explore different layers of the investigation, simultaneously, within the same workflow.
Protection against security bypass techniques	Enhanced protection for Windows-based endpoints ensures your organization is safeguarded against malicious actors attempting to bypass Windows built-in security controls. This protects endpoints from the latest malicious tactics, empowering your team to focus on what truly matters without disruption.
Extended file type coverage for Windows	Strengthen your defense against advanced threats by using XDR to analyze ASP and ASPX files on Windows servers. This allows you to detect and prevent malicious files from being written to your endpoints’ file system.
Prisma Access Browser integration	Integrating Prisma Access Browser data into Cortex XDR expands the attack context to include browser activity. This allows you to query Prisma Access Browser data directly within Cortex and generate detection and correlation rules.
Enhanced visibility and auditing for Broker VM	Cortex XDR now provides enhanced error visibility and auditing for Broker VM applets. This enables you to quickly identify and resolve application, connectivity, and processing errors, simplifying troubleshooting and ensuring your critical workflows remain uninterrupted.
Flexible compute unit (CU) consumption	The new annual consumption plan allows you the flexibility to scale up during critical investigations or intensive periods and scale back during routine operations for predictable resource management.

Feature Enhancements

The Cortex XDR 3.13 release includes the following enhancements:

General

FEATURE	DESCRIPTION
Fields added to forwarded alert email body	Cortex XDR has added the following alert fields to the body of the email sent for alert notification: Name, Description, Severity, File path, and Timestamp.
Adding installation tags during package creation	Streamline the deployment process by defining Endpoint tags during the creation of an agent installation package. Any tags you define will be automatically applied to all new agents deployed using the installer.

FEATURE

DESCRIPTION

Fields added to forwarded alert email body

Cortex XDR has added the following alert fields to the body of the email sent for alert notification: Name, Description, Severity, File path, and Timestamp.

Adding installation tags during package creation

Streamline the deployment process by defining Endpoint tags during the creation of an agent installation package. Any tags you define will be automatically applied to all new agents deployed using the installer.

Detection rules

FEATURE	DESCRIPTION
Analytics tags highlights	Cortex XDR has introduced new advanced Analytics detection suites for emerging threats on MacOS: Credentials grabbing: Detects anomalous activities associated with credential grabbing. Sensitive information stealing: Detects anomalous activities associated with stealing sensitive personal and organizational information. AppleScript: Detects anomalous AppleScript operations carried out by malicious threat actors. Cortex XDR now includes new analytics detections over a new data source for Microsoft Graph Activity logs: Microsoft Graph Activity logs: Detects anomalous activities in utilizing Microsoft Graph activity logs.
New rule tag in alerts	Enhanced visibility into new content updates. Content version tags are added to new alerts that were generated as a result of new BTP rules introduced in a content update.

FEATURE

DESCRIPTION

Analytics tags highlights

Cortex XDR has introduced new advanced Analytics detection suites for emerging threats on MacOS:
- Credentials grabbing: Detects anomalous activities associated with credential grabbing.
- Sensitive information stealing: Detects anomalous activities associated with stealing sensitive personal and organizational information.
- AppleScript: Detects anomalous AppleScript operations carried out by malicious threat actors.
Cortex XDR now includes new analytics detections over a new data source for Microsoft Graph Activity logs:
- Microsoft Graph Activity logs: Detects anomalous activities in utilizing Microsoft Graph activity logs.

New rule tag in alerts

Enhanced visibility into new content updates. Content version tags are added to new alerts that were generated as a result of new BTP rules introduced in a content update.

Endpoint security

FEATURE	DESCRIPTION
Protection against malicious ASP and ASPX files	For Windows-based endpoints, you can now configure Cortex XDR to analyze ASP and ASPX files, and prevent malicious ones from being written to your endpoints’ file system.
Visibility of CVEs without a CVSS score	Cortex XDR now includes CVEs identified by the Enhanced Vulnerability Assessment (VA) scanner that have not yet received an official CVSS score. This enhancement provides better visibility into emerging threats, enabling proactive security measures.

FEATURE

DESCRIPTION

Protection against malicious ASP and ASPX files

For Windows-based endpoints, you can now configure Cortex XDR to analyze ASP and ASPX files, and prevent malicious ones from being written to your endpoints’ file system.

Visibility of CVEs without a CVSS score

Cortex XDR now includes CVEs identified by the Enhanced Vulnerability Assessment (VA) scanner that have not yet received an official CVSS score. This enhancement provides better visibility into emerging threats, enabling proactive security measures.

XDR Collectors

Windows 1.4.2.1373 and Linux 1.4.2.1302

For more information on maintenance releases, see Maintenance Releases.

FEATURE	DESCRIPTION
XDR Collectors 1.4.2	This release includes performance improvements and bug fixes.

Broker VM

Version 26.0.116 (reboot required)

For more information on maintenance releases, see Maintenance Releases.

FEATURE	DESCRIPTION
Broker VM 26.0.116	This release includes performance improvements and bug fixes.

API

FEATURE	DESCRIPTION
New API capabilities	Significantly enhance the management and configuration experience for syslog and authentication settings by adding new APIs. Facilitate easier management of syslog servers at scale. Configure IdP and SSO, enabling administrators greater control and efficiency in enforcing and managing access control.
Delete Cortex XDR agent installation packages	Cortex XDR has expanded our public API to include a new endpoint for deleting specific Cortex XDR agent installation packages.

FEATURE

DESCRIPTION

New API capabilities

Significantly enhance the management and configuration experience for syslog and authentication settings by adding new APIs.

Facilitate easier management of syslog servers at scale.
Configure IdP and SSO, enabling administrators greater control and efficiency in enforcing and managing access control.

Delete Cortex XDR agent installation packages

Cortex XDR has expanded our public API to include a new endpoint for deleting specific Cortex XDR agent installation packages.

February 2025 - Release Notes - Cortex XDR - Cortex - Security Operations

Cortex XDR Release Notes

Release Highlights

Feature Enhancements

General

Detection rules

Endpoint security

XDR Collectors

Broker VM

API