Cortex XSIAM 3.4

Product Name	Details
Application Security	Schemas Added - `ApplicationAssetSelectionFilter`: Defines filter criteria to dynamically select application assets. - `ApplicationAssetSelectionFilterValues`: Container for filter values used to match application assets (orgUrl, repositoryId, projectUrl, etc.). - `ManualAndRunCriteriaApplicationAssetSelectionFilter`: Specific filter for manual and run criteria. - `ApplicationMetadataCode`: Metadata for code-based assets, including business owner and criticality. - `BusinessOwnerMetaData`: Enum for business owner types (`organizationOwner`, `projectOwner`, etc.). - `CodeCriteriaConfig`: Configuration for code-based criteria, including unification settings. - `CriteriaDTOCode`: Detailed data transfer object for code criteria. - `IACSecurity`: Configuration for Infrastructure as Code (IaC) security scanners. - `secretsSecurity`: Configuration for secrets security scanners. - `CriteriaType.Code`: Enum for criteria types. Updated Schemas - `ApplicationAssetSelection`: Updated description and properties. - `ApplicationConfigurationSettings`: Added `sla` (Service Level Agreement) configurations for different severity levels (CRITICAL, HIGH, MEDIUM, LOW). - `CreateApplicationRequest`: Updated required fields and added detailed descriptions for owners (DevOps, Dev, Product Manager). - `DetectionRule`: Extensive updates to properties including `detectionMethod`, `frameworks`, and `scanner`. - `ExtendedFields`: Added `unifyAcrossProviders` and `unifyWithinProvider` flags. - `FrameworkName`: Expanded enum with many new values (e.g., `CI_CD_GITHUB_REPO`, `TERRAFORMPLAN`, `OPENAPI`). Paths Added - None Updated Paths - GET `/public_api/appsec/v1/application`: Updated descriptions and added mandatory `Authorization` and `x-xdr-auth-id` headers. - POST `/public_api/appsec/v1/application`: Updated descriptions and added mandatory `Authorization` and `x-xdr-auth-id` headers.
Cloud Onboarding	Updated Schemas - `CreateInstanceTemplateRequestData`: Added `cloud_partition` field (COMMERCIAL/GOV) to `request_data`. - `CreateOutpostTemplateRequestData`: Added `cloud_partition` field (COMMERCIAL/GOV) to `request_data`. - `EditInstanceRequestData`: Added `cloud_partition` field (COMMERCIAL/GOV) to `request_data`. - `ListCloudProviderRegionsRequestData`: Added `cloud_partition` field (COMMERCIAL/GOV) to `request_data`. - `ListCloudProviderRegionsResponse`: Changed `reply` type from `object` to `array` and updated its items to include `name`, `value`, and `type`. Schemas Added - None Paths Added - None Updated Paths - POST `/public_api/v1/cloud_onboarding/create_instance_template`: Updated request body examples to include `cloud_partition`. - POST `/public_api/v1/cloud_onboarding/edit_instance`: Updated request body examples to include `cloud_partition`. - POST `/public_api/v1/cloud_onboarding/get_azure_approved_tenants`: Added `cloud_parition` to the request body schema. - POST `/public_api/v1/cloud_onboarding/get_instance_details`: Updated summary from "Get integration instance details" to "Get cloud instance details" and updated response examples to include `cloud_partition`. Note: The primary change in this version is the introduction of the `cloud_partition` parameter across onboarding APIs to support both `COMMERCIAL` and `GOV` (government) cloud environments.
Compliance	No Changes in this release.
Cortex Cloud Platform	The following new APIs have been added under Endpoint Management: - `POST /public_api/v1/distributions/get_distributions` - `POST /public_api/v1/endpoints/get_profiles` - `POST /public_api/v1/legacy_exceptions/get_modules` - `POST /public_api/v1/legacy_exceptions/fetch` - `POST /public_api/v1/legacy_exceptions/add` - `POST /public_api/v1/legacy_exceptions/edit` - `POST /public_api/v1/legacy_exceptions/delete` Updated Paths - POST /public_api/v1/distributions/create: Updated serverless support
Cloud CIEM	No Changes in this release.
Compute(CWP)	The following new APIs have been added: - `POST /public_api/v1/cwp/registry_onboarding/instances` - `GET /public_api/v1/cwp/registry_onboarding/instances/{connectorID}` - `PUT /public_api/v1/cwp/registry_onboarding/instances/{connectorID}` - `DELETE /public_api/v1/cwp/registry_onboarding/instances/{connectorID}`
Detection Rules Management	The following new APIs have been added: - `POST /public_api/v1/rule` - `POST /public_api/v1/rule/search` - `GET /public_api/v1/rule/{id}` - `PATCH /public_api/v1/rule/{id}` - `DELETE /public_api/v1/rule/{id}`
Disable Prevention Rule	The following new APIs have been added: - `POST /public_api/v1/disable_prevention/get_modules` - `POST /public_api/v1/disable_prevention/fetch` - `POST /public_api/v1/disable_prevention/edit` - `POST /public_api/v1/disable_prevention/add` - `POST /public_api/v1/disable_prevention/delete`
Disable Injection and Prevention Rules	The following new APIs have been added: - `POST /public_api/v1/disable_injection_prevention_rules/fetch` - `POST /public_api/v1/disable_injection_prevention_rules/add` - `POST /public_api/v1/disable_injection_prevention_rules/disable`
DSPM	No Changes in this release.
IAM Platform	Schemas Added - `AssetGroup` - `AssetsScope` - `AssetsScopeRequest` - `CasesIssuesScope` - `CasesIssuesScopeRequest` - `DatasetFilter` - `DatasetsRowsScope` - `EndpointGroupsScope` - `EndpointGroupsScopeRequest` - `EndpointTagsScope` - `EndpointTagsScopeRequest` - `EndpointsScope` - `EndpointsScopeRequest` - `Role` - `Tag` Updated Schemas - `UnauthorizedImproperPermissions`: Updated example and properties for the `reply` object; added `data` and `reply` to required fields. - `ApiKeyEditRequest`: Updated descriptions for `comment`, `roles`, and `security_level`. - `RoleCreateRequest`: Updated description for `request_data`. - `ScopeEditRequest`: Added `request_data` properties including `assets`, `cases_issues`, `datasets_rows`, `endpoints`, `tagless_scope`, and `tags_scope`. - `UserEditRequest`: Updated descriptions for `is_hidden`, `phone_number`, `role_id`, `status`, `user_first_name`, `user_groups`, and `user_last_name`. - `UserGroupCreateRequest`: Updated descriptions for `description`, `group_name`, `idp_groups`, `nested_group_ids`, `role_id`, and `users`. - `UserGroupEditRequest`: Updated descriptions for `description`, `group_name`, `idp_groups`, `nested_group_ids`, `role_id`, and `users`. Paths Added - None Updated Paths - `/platform/iam/v1/api-key/{api_key_id}`: Updated GET response schema and PUT request body description. - `/platform/iam/v1/role`: Updated GET response schema (now uses `Role` schema) and POST request body description. - `/platform/iam/v1/role/permission-config`: Updated GET response schema. - `/platform/iam/v1/scope/{entity_type}/{entity_id}`: Updated GET response schema and PUT request body description. - `/platform/iam/v1/user`: Updated GET response schema. - `/platform/iam/v1/user-group`: Updated GET response schema and POST request body description. - `/platform/iam/v1/user-group/{group_id}`: Updated GET response schema and PUT request body description.
Managed Services	The following new APIs have been added: - `POST /public_api/v1/mth/child/add_comment` - `POST /public_api/v1/mth/child/get_comments` - `POST /public_api/v1/mth/child/report/update/assign` - `POST /public_api/v1/mth/child/get_reports_by_source_id` - `POST /public_api/v1/mth/child/get_reports_by_incident_id`
Platform External Application	The following new APIs have been added: - `GET /platform/integration/v1/external-application` - `GET /platform/integration/v1/external-application/{application_id}` - `DELETE /platform/integration/v1/external-application/{application_type}/id/{application_id}`
Platform Notifications	The following new APIs have been added: - `GET /platform/notifications/v1/list-rules` - `POST /platform/notifications/v1/rule` - `GET /platform/notifications/v1/rule/{rule_uuid}` - `PUT /platform/notifications/v1/update-rule-status/{rule_uuid}`
Trusted Images	No Changes in this release.
UVEM	Schemas Added - `ScanRequest`: Request model for triggering a vulnerability scan. - `ScanResponse`: Response model for scan trigger operation. - `ScannerType`: Enum for vulnerability scanner types (`CORTEX_NETWORK_SCANNER`, `CORTEX_XDR_AGENT`, `CORTEX_XDR_AGENTLESS`). Updated Schemas - `CreatePolicy`: Refined property definitions for `policy_type`, `severity`, and `status` using `allOf`. - `Filter-Input`: Refined `paging` property definition using `allOf`. - `PolicyView`: Refined `POLICY_TYPE` and `SEVERITY` property definitions using `allOf`. Paths Added - POST `/public_api/vulnerability-management/v1/scan` Updated Paths - `/public_api/uvm_public/v1/create_policy`: Added description to `requestBody`. - `/public_api/uvm_public/v1/list_policies`: Added description to `requestBody`. - `/public_api/uvm_public/v1/update_policy/{id}`: Added description to `requestBody`.
Vulnerability	No Changes in this release.