Cortex XSIAM 3.5

Product Name	Details
Agent Configurations	No Changes in this release.
Application Security (AppSec)	Updated Schemas - `AppsecPolicyTriggersandActions`: Added `ciImage` and `imageRegistry` trigger configurations. - `ConditionOperators`: Added `CONTAINS_IN_LIST`, `JSON_WILDCARD`, `RANGE`, and `RELATIVE_TIMESTAMP`. - `CreateRequest`: Added `enabled`, `suggestionId`, and `userSbac`. - `FindingType`: Updated enum values (e.g., `VULNERABILITY`, `CODE_WEAKNESS`). - `Integration`: Added `scanTypes`, `statusDetails`, and `tenantId`. - `Policy`: Added `overrideIssueSeverity`, `scopeFields`, `suggestionHash`, and `suggestionId`. Schemas Added - `BillingErrorResponse`: Error schema for billing-related endpoints. - `ConditionValue`: Structured value for range and key-value matching. - `EmailOrigin`: Enum for user email sources (`API`, `GIT`). - `IntegrationStatusDetails`: Detailed status for data source components. - `RepositoryUser`: Detailed schema for repository contributors. - `Transporter`: Configuration for secure communication with private data sources. - `UnifiedAction`: Consolidated enum for all possible policy actions. Paths Added - `GET /public_api/appsec/v1/billing/contributors`: Retrieve active contributors for billing. - `POST /public_api/appsec/v1/collectors/{collectorId}`: Upload 3rd party SARIF findings. Updated Paths - `POST /public_api/appsec/v1/policies`: Detailed rules for finding types. Deprecated Paths The following Integrations API endpoints are deprecated: - `GET /public_api/appsec/v1/integrations` - `POST /public_api/appsec/v1/integrations` - `GET /public_api/appsec/v1/integrations/{integrationId}` - `PUT /public_api/appsec/v1/integrations/{integrationId}` - `DELETE /public_api/appsec/v1/integrations/{integrationId}` Note: The deprecated endpoints will continue to function temporarily for backward compatibility. However, they will not receive further enhancements or updates. A formal sunset date will be announced in a future release. Replacement Paths The Integrations APIs are replaced with the following Data Source Instances API endpoints: - `GET /public_api/appsec/v1/data_source_instances` - `POST /public_api/appsec/v1/data_source_instances` - `GET /public_api/appsec/v1/data_source_instances/{id}` - `PUT /public_api/appsec/v1/data_source_instances/{id}` - `DELETE /public_api/appsec/v1/data_source_instances/{id}`
Asset Compliance	No Changes in this release.
CIEM	No Changes in this release.
Cloud Onboarding	Updated Schemas - `CreateInstanceTemplateRequestData`: Added `ALIBABA_CLOUD` and `gcp_workspace`. - `EditInstanceRequestData`: Added `ALIBABA_CLOUD`, `connector_name`, and `gcp_workspace`. - `InstanceAdditionalCapabilities`: Added `automation`, `automation_log_level`, and `kubernetes_security`. Schemas Added - `AccountItem`: Added schema for cloud account items. - `EditOutpostRequest`: Added schema for outpost edit requests. - `EditOutpostRequestData`: Added schema for outpost edit request data. - `InstanceListItem`: Added schema for cloud instance list items. Updated Paths - Terminology shift from "integration instance" to "cloud instance" across all endpoints. - `POST /public_api/v1/cloud_onboarding/edit_outpost`: Updated request/response schemas.
Compliance	No Changes in this release.
Cortex Cloud Platform	Updated Schemas - `ErrorResponse`: Standardized error structure. Schemas Added - `CreateIssueException`: Schema for creating issue exceptions. - `IssueException`: Full object representation for issue exceptions. - `EditPreventionPolicyRequest`: Wrapper for prevention policy edit requests. - `EditPreventionPolicyRequestData`: List of rule edits to apply. - `PreventionPolicyEditParameters`: Parameters for editing prevention rules. - `TargetFilter`: Structured condition tree for targeting endpoints. - `SearchCondition`: Individual filter criteria. - `SuccessResponse`: Simple boolean success indicator. Paths Added - `POST /public_api/v1/issue_exceptions/`: Create issue exceptions. - `POST /public_api/v1/issue_exceptions/disable/`: Disable exceptions. - `POST /public_api/v1/issue_exceptions/search/`: Search exceptions. - `POST /public_api/v1/policies/prevention/edit`: Atomic prevention rule edits. Updated Paths - `POST /public_api/v1/distributions/create`: Added `caas_embedded` package type. Spec reorganization The Issues, Cases, and Issue Exceptions endpoint groups have been relocated out of the platform spec into dedicated standalone specs (`issues-papi.json`, `cases-papi.json`). Operations and contracts are unchanged. See the new "Issues APIs" and "Cases APIs" entries above.
Cases APIs	Standalone spec published Cases endpoints now live in a dedicated standalone spec (`cases-papi.json`), separated from the platform spec for cleaner navigation. No contract changes — same operations, schemas, and components. Paths included - `POST /public_api/v1/case/search`: Search and filter cases. - `POST /public_api/v1/case/update/{case-id}`: Update an existing case. - `POST /public_api/v1/case/artifacts/{case-id}/`: Retrieve case artifacts. - `POST /public_api/v1/case/schema`: Retrieve the case field schema. - `POST /public_api/v1/entries/get`: Retrieve case entries. - `POST /public_api/v1/entries/insert`: Add an entry to a case or alert War Room. Schema and description alignments - `Case`: Updated field types, descriptions, and required-field lists to align with current API behavior. - `CaseArtifact`: Updated to reflect the current artifact structure. - `UpdateCase`: Updated request schema for case updates.
Issues APIs	Standalone spec published Issues endpoints now live in a dedicated standalone spec (`issues-papi.json`), separated from the platform spec for cleaner navigation. No contract changes for the relocated endpoints. Paths included - `POST /public_api/v1/issue`: Create a new issue. - `POST /public_api/v1/issue/{issue-id}`: Update an existing issue. - `POST /public_api/v1/issue/search`: Search and filter issues. - `POST /public_api/v1/issue/schema/`: Retrieve the dynamic issue field schema (trailing slash; aligned with current API behavior). - `POST /public_api/v1/issue_exceptions/`: Create an issue exception. - `POST /public_api/v1/issue_exceptions/disable/`: Disable an issue exception. - `POST /public_api/v1/issue_exceptions/search/`: Search issue exceptions. Schema and description alignments The `Issue` schema and `issue/search` response wrapper have been updated to reflect current API behavior: - `Issue`: Added 11 fields previously missing from the documented schema: `action_status`, `agentic_assistant_id`, `agentic_response_conversation_id`, `agentic_response_status`, `asset_cloud_account_names`, `asset_external_provider_ids`, `case_ids`, `exception_expiration`, `exception_ids`, `initial_evidence`, `is_excepted`. - `issue/search` response wrapper: Renamed `total_count → TOTAL_COUNT`, `result_count → FILTER_COUNT`, and `issues → DATA` to match current API behavior. - `issue/schema/` response wrapper: Updated from `reply.data` to `reply.DATA`. - `IssueSchemaField.data_type` example: Expanded to include `TEXT`, `BIGINT`, `INT`, `FLOAT`, `BOOLEAN`, `TIMESTAMP`, `ENUM`, `JSON`, `COMPLEX`, and `ARRAY` representative values returned by the API.
CSPM Policies	No Changes in this release.
CWP	No Changes in this release.
Detection Rules	No Changes in this release.
IAM Platform	No Changes in this release.
UVEM	Bring Your Own Scanner (BYOS) Import vulnerability findings from external scanners into Cortex vulnerability management. Paths Added - `POST /public_api/vulnerability-management/v1/external-scans/assets`: Submit assets and CVE findings from a third-party scanner; returns a `job_id` for async status polling. - `GET /public_api/vulnerability-management/v1/external-scans/assets/jobs/{job_id}`: Poll the status of a BYOS import job. Schemas Added - `VulnerableAssetImportRequest`, `VulnerableAssetImportResponse`, `ImportJobResponse`.
Vulnerability Intelligence	Updated Schemas - `VulnerabilityFinding`: Comprehensive schema for CVE/asset records. Schemas Added - `FilterBlock`: Logical filter block supporting AND/OR connectors. - `FilterTriplet`: Individual filter condition. - `FindingsErrorResponse`: Standardized error response. - `FindingsSortObject`: Sort criteria for findings. - `GetVulnerabilityFindingByIdResponse`: Response for single finding lookups. - `GetVulnerabilityFindingsRequest`: Request for paginated searches. - `GetVulnerabilityFindingsResponse`: Response for paginated searches. - `GetVulnerabilityFindingsSnapshotRequest`: Parameters for bulk snapshot exports. - `TimeframeAbsolute`: Absolute time range schema. Paths Added - `POST /vulnerability-management/v1/vulnerability-finding/search/`: Paginated search. - `POST /vulnerability-management/v1/vulnerability-finding/snapshot/`: Bulk export (NDJSON). - `POST /vulnerability-management/v1/vulnerability-finding/{platform_id}`: Get finding by ID.