New Cortex Xpanse features and enhancements in release 2.6 (June 2024).
The table below describes the features and enhancements introduced in the Expander 2.6 (June 2024) release.
Note
Cortex Xpanse typically upgrades customers over a three-week time frame. Contact customer success to find out your specific upgrade date.
Feature | Description |
---|---|
Inventory Tag Rules | Automate the tagging of assets with Inventory Tag Rules (formerly called asset tag rules). Inventory Tag Rules enable you to define custom tags and custom rules for assigning tags automatically to IPv4 addresses, domains, certificates, and Prisma Cloud resources. |
New Inventory Fields | Gain additional context for investigating assets with new domain and certificate identifier fields that have been added to the Inventory. |
New Alerts Fields | New fields have been added to the Alerts table to help you more easily investigate and remediate alerts, including Remediation Guidance and Certificate Subject Organization. |
Cortex Xpanse API updates | New and updated API endpoints:
|
Threat Reports | You can now generate reports on new zero-day threats and impacted assets per business unit. These reports highlight the problem, provide remediation recommendations, and list affected assets in the selected business unit. |
SBAC Support for the Threat Response Center | The Threat Response Center now works with scope-based access control (SBAC), which means that scoped users will see all the widgets in the Threat Response Center. |
Active Response Improvements | Notifications:
Remediation:
|
Cortex Xpanse XSOAR pack enhancements | Enhancements to the Cortex Xpanse pack for Cortex XSOAR include:
|
Some high-impact attack surface rules will be enabled for all customers | Cortex Xpanse will be enabling additional attack surface rules for all customers during the Expander 2.6 upgrade. Many of the rules to be enabled are related to the Internet of Things (IoT) and operational technology (OT), in addition to other impactful but uncommon rules. Due to the low prevalence of these applications on the public internet, we anticipate this change having minimal impact for most customers while providing faster visibility into critical risks. Additionally, we will be disabling the Insecure PHP rule by default. These rule changes will not override any customer-applied changes to the enablement status or severity for attack surface rules. |