Features Released in February 2022 - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Release Notes

Creation date
Last date published
Release Notes

The following table describes the new features in Cortex Xpanse February 2022 releases.



Attack Surface Management for Remote Workers Enhancements

  • A map view has been added to the Workforce Network and Workforce Device detail pages

  • The Remote Attack Surface dashboard was updated to include Network accounts for active networks only

  • The Remote Attack Surface Workforce Networks list page now allows filtering based on status

  • An activity status bar was added to the Workforce Networks and Workforce Devices details pages to indicate whether the asset is active, how many days it has been active, and the date range

  • Provider information has been added to Workforce Networks and Workforce Devices list views and details pages

New Issue Policies

  • Long Validity Certificate policy was updated

  • Insecure Microsoft Exchange Server Policy Update—This policy now identifies insecure versions of Microsoft Exchange 2019 prior to Cumulative Update (CU) 10, Exchange 2016 prior to CU21, and Exchange 2013 prior to CU23. This policy also identifies all End-of-Life (EOL) versions of Microsoft Exchange

  • Insecure PHP

  • Spiceworks

  • Roundcube Webmail

  • Cisco Firepower Device policy added to update Cisco Firepower detection

  • Symantec Messaging Gateway

  • VMware Workspace ONE UEM

  • ISC BIND 9

  • Insecure ISC BIND 9—identifies BIND 9 servers vulnerable to CVE-2021-25219

  • Atlassian Bitbucket

  • Microsoft Azure CycleCloud

  • IBM MQ

  • AppGate SDP

  • Wordpress Server policy updated to add the version extractor

  • Hikvision Device

  • Insecure Atlassian Confluence Servers policy updated to identify versions before 7.4.10 and from 7.5.0 to 7.12.5

  • Insecure OpenSSH

  • Insecure Node.js policy updated to identify versions 12.0.0-12.22.4, 14.0.0-14.17.4, and 16.0.0-16.6.1

Integration Updates

Xpanse TA for Splunk v.4.0.1

In addition to what's new in version 4.0.0, the 4.0.1 release includes a minor fix related to the inputs for the Xpanse TA.

What's new in release 4.0.0:

  • Client Credential support

  • Ability to run multiple inputs within a single Xpanse Splunk TA (available in v3.3.0)

  • Deprecation of behavior data

  • Upgrade to JQuery 3.5

  • Upgrade to latest Splunk SDK

  • Xpanse branding updates

For more information, see the Cortex Xpanse and Splunk TA integration page on the Palo Alto Networks Technology Partners website.

Additional Updates

  • Xpanse login page has been updated.

  • Cloud Resource account names are now included on asset details pages.

  • The Service details page was updated to include detected issues associated with the service.