New Cortex Xpanse features and enhancements in release 2.5 (April 2024).
The table below describes the features and enhancements introduced in the Expander 2.5 (April 2024) release.
Feature | Description |
---|---|
Attack Surface Testing (GA) | Cortex Xpanse can now confirm the presence of vulnerabilities through customer-authorized, benign Attack Surface Testing. Confirming or disproving the presence of a vulnerability allows Xpanse to prioritize risks with more precision and confidence. Attack surface tests are run daily on services exposed to the public internet and can be configured to automatically include new directly-discovered services. This narrows the automation gap between attackers and defenders and enables you to focus on the most impactful remediations. |
ASN data | Gain additional context for investigating alerts with Autonomous System Number (ASN) data filters and details. Xpanse now supports filtering based on ASN data in the Inventory and provides ASN details on the details pane for IPv4 ranges and responsive IPs. |
New incident and alert pivots | You can now pivot from an incident or alert to related alerts, services, and websites based on the associated IP address or domain. |
New outbound integrations |
|
Active Response enhancement | Building on the XDR enrichment added to Active Response in release 2.4, Cortex Xpanse now supports endpoint-based mitigation playbooks on some ASM alert types, giving defenders flexibility in how they respond to internet-exposed risks. |
API Key with multiple roles | Create a single API key with multiple roles allowing you to use dynamic RBAC management, reduce administrative overhead, and improve security by minimizing key proliferation. |
Custom incident and alert statuses and resolution types | To help align the incident and alert management process with your organization's security practices, you can now create custom statuses and custom resolution types. |
New authentication controls | New authentication control options provide additional security features to help prevent security breaches.
|
Cortex Xpanse API updates | Following are some of the key updates to the Cortex Xpanse API. The following endpoints were introduced:
The following fields were added to the Get All Services response:
The Get Service Details endpoint will now return vulnerability test results from the last 14 days for all the service IDs provided. These results can be found in the vulnerability_test_results fields in the response. The following fields were added to the Get All Assets response:
The following filters were added to Get All Assets endpoint:
The following fields were added to the Get Asset Details response:
|