Expander Release 2.3 (October 2023) - Release Notes - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander Release Notes

Creation date
Last date published
Release Notes

New Cortex Xpanse Expander features and enhancements in release 2.3 (October 2023).

The table below describes the features and enhancements introduced in the Expander 2.3 (October 2023) release.



Business Unit Management

You can now modify business unit assignments in Expander for IPv4 ranges, owned responsive IPs, domains, and certificates. These modifications will propagate to their respective alerts, incidents, websites, and services. In-product business unit management enables quick reallocation of assets across your organization.

GeoIP Data

Expander now displays GeoIP data on services, alerts, and incidents pages, enabling you to filter by location.

Embedded AI Service Owner Discovery

The new service owner discovery capabilities in Active Response use embedded AI to improve the discovery of service and asset owners through integrations and to provide ranking and categorization of owners. This new AI enhancement simplifies the remediation of attack surface risks by automating the often challenging requirement to identify owners.

NGFW Remediation

Using engines to connect to Pan-OS within your network, Active Response can now access enrichment details and take remediation action using NGFW logging.

New Outbound Integrations

Tenable.io—You can now forward the relevant assets that Xpanse discovers to Tenable.io for more detailed assessment and central vulnerability tracking. This integration is hosted by Palo Alto Networks, so there’s nothing to install on your network.

Qualys VMDR—Automatically import Xpanse assets as new asset groups in Qualys VMDR for scanning.

Jira Server—This new integration enables you to automatically forward new alerts along with guidance and related context from Expander to Jira as new tasks.

ASM Overview Report

The ASM Overview Report is a new, out-of-the-box monthly or quarterly report that provides an overview of your organization's attack surface and key trends.

Dashboard Filtering by BU and Tag

Filter your dashboards by business unit and tag to get customized views of the attack surface for specific entities in your organization.

Other Usability Enhancements

Unresponsive IP Filtering—Filter for specific IP addresses on the Owned IP Ranges page

Top Incidents widget—Top Incidents that Need Your Input widget has been added to the Home dashboard, so you can see at-a-glance which incidents require input.