Expander Release 2.7 (September 2024) - Release Notes - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander Release Notes

Product
Cortex XPANSE
Version
2
Creation date
2024-08-21
Last date published
2025-01-15
Category
Release Notes
Solution
Cloud
Abstract

New Cortex Xpanse features and enhancements in release 2.7 (September 2024).

The table below describes the features and enhancements introduced in the Expander 2.7 (September 2024) release.

Note

Cortex Xpanse typically upgrades customers over a three-week time frame. Contact customer success to find out your specific upgrade date.

Feature

Description

Scanning enhancements

Note

Scanning on 60+ additional protocols will be released by the end of October. Periodic discovery scans on all 65k ports was released in September.

Cortex Xpanse now performs periodic discovery scans across global IPv4 address space for all 65k ports and on 60+ additional protocols. Once a service is found, we scan it daily until it becomes inactive. These enhancements reduce the possibility of important exposures being missed, making it easier for you to secure your attack surface.

Services XQL dataset enhancements

Cortex Xpanse has enhanced the external services XQL dataset to include more detailed CVE data and additional service classification and geolocation information. This enhanced dataset will enable you to configure more targeted custom alerting and more detailed custom dashboards.

Alerts Overview dashboard

The Alerts Overview dashboard (formerly called the Comprehensive Alerts Overview) has been updated to present trends such as alert resolution journey and top ten alerts by type and cloud provider, over a one year period.

QRadar outbound Integration

This new integration forwards Xpanse-discovered risks for correlation and alerting within QRadar.

Active Response Improvements

Enrichment improvements:

  • Support for retrieving the hierarchy of an Azure Compute instance

Increased coverage of remediation for the following attack surface rules:

  • TFTP Server

  • Libssh

  • Insecure Bitvise SSH Server

  • Insecure SFTPGo

Remediation Report

This new report provides detailed information, broken down by business unit, on your security risks, prioritization of those risks, and instructions on how to reduce your overall security risk. Use this report to share detailed risk remediation information with individuals who do not have access to Expander.

Version column added to alerts table

A software version column has been added to the Alerts table, enabling you to export and filter on the detected software version.

New attack surface rules and attack surface tests

Detect and verify new risks with the introduction of more than 30 attack surface rules and 40 attack surface tests.