Expander Release 2.3 (Minor Releases) - Release Notes - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander Release Notes

Creation date
Last date published
Release Notes

New Cortex Xpanse features and enhancements in Expander 2.3 minor releases.

The table below describes the features and enhancements introduced in the Expander 2.3 minor releases.




Incident severity deprecation

Expander no longer supports the concept of incident severity. We encourage customers to use the incident risk score instead, which is a more precise method of prioritization.

  • Incidents now show risk scores in place of severity.

  • Incident severity widgets are no longer supported.

  • The Security Admin and My Overview dashboards have been retired.

December 2023

Updated version information for services and incidents

For each service classification on a service, Expander now shows the 10 most recently observed details about that classification, such as observed software versions and device models.

December 2023

Dynamic incident headlines

Expander updates the incident headline to match the most recent alert that is highest severity and has the status New or In Progress. The headline automatically updates when an alert is resolved or a new alert is created.

December 2023

Reordering of alerts in an incident

On the Overview tab of an incident, alerts are now ordered with the highest severity open alerts at the top of the list.

December 2023

Alerts tab added to the main navigation

An Alerts tab has been added to the main navigation under Incident Response, making it quicker and more intuitive to access the Alerts table.

December 2023

Default filter for Alerts table

The Alerts table is now filtered on Resolution Status by default.

December 2023

Dynamic alert name

Expander updates the alert name to display the software version observed in the latest scan.

December 2023

Improved alert details page

The following improvements make it easier and faster to find details about specific alerts:

  • When you select an alert in the Alerts table, the details now open as a full page on a separate tab in your browser.

  • The alert details page now has a Service/Website tab to make it easier to find service classifications and website technologies.

  • The alert details now has an Assets tab with contextual information that was used to attribute the asset to your organization.

December 2023

Estimated Alert Count field

The Estimated Alert Count field was added to the Attack Surface Rules table. Use this field to see the estimated number of alerts Xpanse will create if the attack surface rule is enabled.

November 2023