The following new features are categorized by product component.
Communication task links in Context Data
When running an Ask or Data Collection task, links are generated to collect the recipients' responses. These links are now available in the incident's context data. You can deliver these links to recipients using a messaging service of your choice, such as ServiceNow or JIRA . To enable adding these links to the Context Data, add the following server configurations (
→ → → ).Task | Key | Value |
---|---|---|
Ask Task |
|
|
Data Collection Task |
|
|
For more information, see Communication Tasks.
Case Management
Feature | Description |
---|---|
Content Security Policy | You can now enable Content Security Policy (CSP), which adds a layer of security including detecting and mitigating certain types of attacks. Use the following server configuration:
|
Quiet Mode for Manual Tasks | You can now turn quiet mode on or off for individual manual tasks in a playbook. |
Display of Dropdown Fields Improved | Dropdown fields containing lengthy text fields can now be viewed in their entirety from the dropdown menu. |
Build Numbers | The build numbers have now changed, so they now start with B17xxx |
Documentation Portal | Documentation for Cortex products including XSOAR can now be accessed at https://docs-cortex.paloaltonetworks.com/. |
Platform
Feature | Description |
---|---|
Indicator bar search | The search bar for the indicators section of an incident page is now hidden by default. To search for indicators, hover over the indicators section. A magnifying glass appears. Clicking on the magnifying glass opens the search bar. |
Incident Fields | When creating or editing an incident field, the Run triggered script after Incident is modified checkbox has changed to Run the field triggered script after the new field value is saved together with the tooltip. You should only check the box to stop the script making changes to the incident (the script still runs). |
System Diagnostics | System Diagnostics now shows the status of the Podman tool or the Docker service. |
Accessibility | Updated keyboard movements for improved accessibility. |
Welcome screens | New welcome screens for the Marketplace and Playbooks page. |
Table views | Improved handling of grid fields allows you to view and edit the fields easily. |
Remote engine upgrades | Security enhancements were implemented for remote engine upgrades. |
Access License Information | You can now log in to the Cortex Gateway to view and download your licenses. |
New Modal Window for Editing | When you select a long text, html, or markdown field for editing, a new modal window opens, providing an improved editing experience. |
Access to Paid Content Packs | The SSO endpoint for Marketplace has been updated. You no longer need to add a server configuration to access Marketplace for paid content packs. |
Customize New/Edit Forms for Indicator Types | You can now use the layout builder to customize the fields available when creating a new indicator or editing an existing indicator, per indicator type. |
Propagation Labels for Incident Fields | (Multi-tenant) When syncing to the tenant, you can now add or remove incident field propagation labels to determine whether incident fields are propagated. |