New Cortex Xpanse features and enhancements in release 2.4 (February 2024).
The table below describes the features and enhancements introduced in the Expander 2.4 (February 2024) release.
Feature | Description |
|---|---|
Attack Surface Testing (Closed Beta) | Cortex Xpanse can now confirm the presence of vulnerabilities through customer-authorized, benign Attack Surface Testing. Confirming or disproving the presence of a vulnerability allows Xpanse to prioritize risks with more precision and confidence. Attack surface tests are run daily on services exposed to the public internet and can be configured to automatically include new directly-discovered services. This narrows the automation gap between attackers and defenders and enables you to focus on the most impactful remediations. This is available through a closed Beta. For more information, contact your CS representative. |
User-defined IPv4 addresses and ranges | You can now define IPv4 addresses and IPv4 ranges for more granular business unit allocation. |
MITRE ATT&CK filters | You can now filter alerts by MITRE ATT&CK Techniques and Tactics. |
Incident and Alert PDF Exports | Export individual incidents and alerts in PDF format. These PDF reports contain the most relevant information for the specified incident or alert. |
Advanced Playbook Configuration | Advanced Playbook Configuration enables you to customize the Active Response playbook to better fit your organization's requirements and preferences, including customization of the format and content of automated emails and ticket notifications. You also have the ability to associate the playbook with a JIRA project key. |
Limit Access to Cortex Xpanse API | You can now limit Cortex Xpanse API access to a specific IP address or IP range by adding them to an Allow list.This ensures better data security and control while facilitating integration with third-party systems and applications. |
In-App Help Center | Cortex Xpanse now includes context-specific, in-product documentation that helps you find information about new and existing features, reference material, and common workflows. While you're working in Expander, the documentation will launch relative to your current location in the product. |
New pDNS data source | Cortex Xpanse added another pDNS source for subdomain enumeration. This enhancement will increase coverage for subdomains identified on customer networks. |
Support for customer-provided IPv6 ranges | Cortex Xpanse supports scanning of customer-provided IPv6 ranges, which means that given an IPv6 range we will identify candidates in that range for scanning, continuously discover new likely targets within those ranges, and provide visibility into the services that are running on those hosts. |
Performance improvements |
|
Active Response improvements |
|
Venafi TPP integration | Correlate certificates in the Expander inventory with those in Venafi TTP to help customers understand gaps in their certificate management. |
Cortex Xpanse Link, Third-Party Assess, and MSSP on Expander v2 | Cortex Xpanse Link, Third-Party Assessment, and Cortex Xpanse for MSSP are now supported on Expander v2, which includes Expander v2 features such as Threat Response Center and IPv6 support. For more information on these products, contact your Palo Alto Network sales representative. |
New alert status | Cortex Xpanse has introduced a new alert status called Reopened. The Reopened status is applied to alerts that are observed after having been resolved with one of the following reopenable statuses:
|