Expander Release 2.5 (April 2024) - Release Notes - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander Release Notes

Product: Cortex XPANSE
Version: 2
Creation date: 2024-02-29
Last date published: 2024-05-01
Category: Release Notes
Solution: Cloud

Abstract

New Cortex Xpanse features and enhancements in release 2.5 (April 2024).

The table below describes the features and enhancements introduced in the Expander 2.5 (April 2024) release.

Feature	Description
Attack Surface Testing (GA)	Cortex Xpanse can now confirm the presence of vulnerabilities through customer-authorized, benign Attack Surface Testing. Confirming or disproving the presence of a vulnerability allows Xpanse to prioritize risks with more precision and confidence. Attack surface tests are run daily on services exposed to the public internet and can be configured to automatically include new directly-discovered services. This narrows the automation gap between attackers and defenders and enables you to focus on the most impactful remediations.
ASN data	Gain additional context for investigating alerts with Autonomous System Number (ASN) data filters and details. Xpanse now supports filtering based on ASN data in the Inventory and provides ASN details on the details pane for IPv4 ranges and responsive IPs.
New incident and alert pivots	You can now pivot from an incident or alert to related alerts, services, and websites based on the associated IP address or domain.
New outbound integrations	Rapid7 InsightVM—This integration replicates Attack Surface Management (ASM) assets (IP addresses, domains) within Rapid7 to be used as scan targets.
Active Response enhancement	Building on the XDR enrichment added to Active Response in release 2.4, Cortex Xpanse now supports endpoint-based mitigation playbooks on some ASM alert types, giving defenders flexibility in how they respond to internet-exposed risks.
API Key with multiple roles	Create a single API key with multiple roles allowing you to use dynamic RBAC management, reduce administrative overhead, and improve security by minimizing key proliferation.
Custom incident and alert statuses and resolution types	To help align the incident and alert management process with your organization's security practices, you can now create custom statuses and custom resolution types.
New authentication controls	New authentication control options provide additional security features to help prevent security breaches. Passwordless Authentication You now have the option to require non-password credentials for SSO authentication. If selected, this option requires users to choose intrinsically safer authentication factors, such as biometric authentication, to access Cortex Xpanse. Force Authentication You now have the option to require users to reauthenticate to access the Cortex Xpanse tenant, even if they have already authenticated to access other applications.
Cortex Xpanse API updates	Following are some of the key updates to the Cortex Xpanse API. The following endpoints were introduced: Get Vulnerability Tests Bulk Update Vulnerability Tests Override Business Units for Assets The following fields were added to the Get All Services response: vulnerability test status confirmed_vulnerable_cve_ids confirmed_not_vulnerable_cve_ids The Get Service Details endpoint will now return vulnerability test results from the last 14 days for all the service IDs provided. These results can be found in the vulnerability_test_results fields in the response. The following fields were added to the Get All Assets response: aws_cloud_tags azure_cloud_tags certificate_details certificate_expiry_date creation_time date_added extended_properties external_ips gcp_cloud_tags geo_region hierarchy internal_ips hierarchy, open_ports project_name sub_region vpc_name_id The following filters were added to Get All Assets endpoint: asm_id_list aws_cloud_tags gcs_cloud_tags azure_cloud_tags The following fields were added to the Get Asset Details response: certificate_expiry_date date_added