Features Released in March 2021 - Release Notes - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Release Notes

Creation date
Last date published
Release Notes

New Features in the Cortex Xpanse March 2021 Release.

The following table describes new features in the Cortex Xpanse March 2021 release.



New Issue Policies

  • Insecure Node.js—Node.js is an open source server environment that uses JavaScript on the server. Node.js server-side JavaScript allows developers to work on both frontend and backend, code in the same language and build fast scalable web applications. This issue identifies Node.js servers running Express, Koa, and Sails web frameworks, and flags version ranges 15.0.0-15.2.0, 14.0.0-14.15.0, and 12.0.0-12.19.0. Compromise of a Node.js application with affected versions could allow an attacker to trigger a Denial of Service. This is fixed in 15.2.1, 14.15.1, and 12.19.1.

  • VMware vCenter Admin Page—This policy identifies an administrative login page for VMware vCenter, which is critical network infrastructure.

  • Fortinet Device—This policy identifies a variety of Fortinet devices that are exposed to the internet. It is not available by default for all customers.

  • F5 BIG-IQ Server—This issue enumerates the F5 BIG-IQ login portal. F5 BIG-IQ Centralized Management provides a unified point of visibility and control to manage policies, licenses, SSL certificates, images, and configurations for F5’s BIG-IP family of products.

  • F5 BIG-IP TMUI—Updates to the existing policy.

  • HPE ProLiant Server—This policy detects HPE ProLiant Servers. It is off by default.

  • Insecure SIP Server—This is a new policy specifically to detect insecure SIP servers. It is a subset of the previously existing SIP Server policy. It is off by default

  • Microsoft Exchange, OWA—We improved detection of our existing Microsoft Exchange and Outlook Web Access (OWA) policies.

  • Insecure Microsoft Exchange Server—This issue flags on-premises Microsoft Exchange Servers that are vulnerable to the zero-day exploits described by Microsoft in March 2021 and used by the Hafnium threat actor (HAFNIUM targeting Exchange Servers with 0-day exploits – Microsoft Security). The vulnerabilities identified by Microsoft are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. It is on by default.

Dashboards: Services Count and Providers Chart Now Include Drill-through

Users can now click on the summary Services count or the Go to... link in the Providers chart in the Attack Surface Overview dashboard in order to review more details about the relevant Services within the List View.

Update to Issues List view

Based on user feedback that the First Added column was occasionally confusing, we have replaced it with the column First Observed.

Dashboards: Y-axis adjustments

Updated the Y-Axis of all trend widgets on both the Issues Overview and Attack Surface Overview dashboards to better emphasize the actual trend and changes in data.

Dashboards: Map View

Released the Map view on the Issues Overview Dashboard.

IP Details Page

The new IP Details page has shipped. This page allows users to pivot around a single device (IP address) and look for all the related issues, services, certificates, domains, etc.