New Cortex Xpanse Expander features and enhancements released in March 2023.
The table below describes the features and enhancements introduced in the Expander 2.1 release in March 2023.
Feature | Description |
---|---|
Threat Response Center | The Threat Response Center in Cortex Xpanse Expander simplifies and streamlines your response to threat events by aggregating the most important information about a threat and its impact on your organization in one place. From the Threat Response Center, you can:
See Threat Response Center in the Cortex Xpanse Expander User Guide for more information. |
Automation Configuration Wizard | The Automation Configuration Wizard simplifies the automation integration configuration process by providing s a step-by-step, guided experience for installing and configuring the integrations. See Automation Integrations for more information. |
Remediation Path Rules | Cortex Xpanse Active Response automates ASM alert investigation and resolution. You can now create Remediation Path Rules to customize Active Response to automatically respond to alerts with actions that meet your specific business requirements and context. See Remediation Path Rules for more information. |
Remediation Content | The Active Response module has been enhanced to include support for the following:
See the Automated Remediation Capabilities Matrix for more information. |
Web Attack Surface Management Enhancements |
See Websites for details. |
Asset Explainability | Cortex Xpanse provides attribution information about each asset in your asset inventory, so you know at-a-glance why Xpanse believes an asset belongs to your organization. Xpanse displays the following attribution data on the asset details panel and on the assets tab in an incident:
Asset attribution information is provided for all asset types except websites and services. See Asset Attribution for details. |
Risk Scoring | You can now prioritize incidents and quantify your organization's relative risk using Risk Scoring. By default, Expander assigns an Xpanse Risk score to every incident using threat and exploit intelligence relevant to the alerts in the incident. In addition to the Xpanse Risk Score that is assigned to each incident, you can also create custom risk-scoring rules and manually assign risk scores. See the following documents for more information about Xpanse Risk Scoring: |
XSOAR support for Expander 2.x | A new XSOAR Pack has been released to support the new Expander 2.x APIs. This Pack includes the necessary commands and incident fetching capabilities to support Expander 2.x customers who would like to automate the response to Expander findings as well as enrich their incidents with ASM asset and service details. |
Asset Name Changes | The following changes were made to asset names in the Asset Inventory and some dashboards in Expander and the Expander API:
You may still see some references to the old names. These will be updated in the next release. See Asset Inventory for more information about ASM assets. |
Syslog Forwarding for Alerts and Management Audit Logs | Cortex Xpanse now supports the ability to forward alerts and management audit logs to a syslog receiver. See Integrate a Syslog Receiver for details. |
Cortex Xpanse Expander API Reference, 2.x | The Cortex Xpanse API Reference, 2.x, for Expander 2.x is now available. |