The following table describes the new features in Cortex Xpanse February 2022 releases.
Attack Surface Management for Remote Workers Enhancements
A map view has been added to the Workforce Network and Workforce Device detail pages
The Remote Attack Surface dashboard was updated to include Network accounts for active networks only
The Remote Attack Surface Workforce Networks list page now allows filtering based on status
An activity status bar was added to the Workforce Networks and Workforce Devices details pages to indicate whether the asset is active, how many days it has been active, and the date range
Provider information has been added to Workforce Networks and Workforce Devices list views and details pages
New Issue Policies
Long Validity Certificate policy was updated
Insecure Microsoft Exchange Server Policy Update—This policy now identifies insecure versions of Microsoft Exchange 2019 prior to Cumulative Update (CU) 10, Exchange 2016 prior to CU21, and Exchange 2013 prior to CU23. This policy also identifies all End-of-Life (EOL) versions of Microsoft Exchange
Cisco Firepower Device policy added to update Cisco Firepower detection
Symantec Messaging Gateway
VMware Workspace ONE UEM
ISC BIND 9
Insecure ISC BIND 9—identifies BIND 9 servers vulnerable to CVE-2021-25219
Microsoft Azure CycleCloud
Wordpress Server policy updated to add the version extractor
Insecure Atlassian Confluence Servers policy updated to identify versions before 7.4.10 and from 7.5.0 to 7.12.5
Insecure Node.js policy updated to identify versions 12.0.0-12.22.4, 14.0.0-14.17.4, and 16.0.0-16.6.1
Xpanse TA for Splunk v.4.0.1
In addition to what's new in version 4.0.0, the 4.0.1 release includes a minor fix related to the inputs for the Xpanse TA.
What's new in release 4.0.0:
Client Credential support
Ability to run multiple inputs within a single Xpanse Splunk TA (available in v3.3.0)
Deprecation of behavior data
Upgrade to JQuery 3.5
Upgrade to latest Splunk SDK
Xpanse branding updates
For more information, see the Cortex Xpanse and Splunk TA integration page on the Palo Alto Networks Technology Partners website.
Xpanse login page has been updated.
Cloud Resource account names are now included on asset details pages.
The Service details page was updated to include detected issues associated with the service.