Minor Releases - Release Notes - 6.11 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Release Notes

Product
Cortex XSOAR
Version
6.11
Creation date
2022-12-12
Last date published
2024-07-30
End_of_Life
EoL
Category
Release Notes
Abstract

Cortex XSOAR 6.11 minor release, maintenance release.

Cortex XSOAR Minor Release

Release Date

Cortex XSOAR 6.11.0 (B443478)

August 7, 2023

For details on how to download and install the latest version, see Upgrade Your Installation.Upgrade Your Installation

Cortex XSOAR 6.11.0 (B443478)

Cortex XSOAR 6.11.0 (B443478) is a maintenance release that delivers the following new features and bug fixes:

New Features

Feature

Description

Attach/Detach lists

You can now edit a list installed from a content pack by detaching it. Detaching a list enables you to edit and save without having to duplicate the list.

Tab list separator supported in server configurations

The list.<listName>.separator and list.separator server configurations now support tabs as list separators, using \t.

New argument for addEntries command

The reputationCalcAsync argument is now available for the addEntries command. This argument enables you to disable or enable synchronous reputation calculation, and can be used to avoid script timeout issues.

RHEL

Cortex XSOAR now supports RHEL 8.8 and 9.0.

Opensearch

Cortex XSOAR now supports Opensearch 2.6.0 and 2.9.0.

Fixed Issues

Category

Description

General

  • When pasting text into the middle of a note and the markdown toolbar was present, the text would be pasted in the right place, but the cursor would jump to the end of the note.

  • When editing a markdown field, pressing the tab key closed the edit modal without saving the changes.

  • When using a low resolution screen setting and viewing a layout, the date field's calendar modal was cut off at the bottom, preventing confirmation of the selected date.

  • In some cases, the setIncident command did not work.

  • When calling demisto.SetLastMirrorRun from the Demisto API during a mirroring flow, a false-positive JSONDecodeError was raised, even though the update succeeded.

High Availability

  • An error occurred when sharing Docker images between app servers, if one or more app servers were unavailable.

  • In a high availability environment, in some cases, the !taskAssign command did not work.

Incidents

  • When creating a pre-process rule, there was no option for removing a filter.

  • When a markdown field contained an indicator, the markdown field did not display in incident layouts.

  • Re-opened linked incidents did not close with a custom post processing script.

  • In some cases, incidents were not fetched due to an issue with the drop and update rule during pre-processing.

  • In the Incident Layout Builder, the display filter pane did not show a vertical scroll bar.

  • Users with roles not including integration Read permissions sometimes got an error when accessing incident dashboards and layouts.

  • When viewing incidents, incorrect data was displayed if you used the  Calendar days ago  option in the Relative time range to filter incidents

  • When exporting a group of incidents to Excel from the Incidents page, some of the exported incident IDs were blank.

  • Running the CORE API command to delete an incident deleted the incident, but also reported an output error.

Indicators

  • In the Canvas, when you expanded an indicator that had relationships, the indicators in the relationship did not appear.

  • When running the command !CreateIndicatorRelationship inside an automation, no relationships were created.

  • In the incident page, selecting a query with a line break (\n) caused an error.

  • A script in a dynamic indicator display section showed data from a previously viewed indicator that used the same script.

Integrations

  • Running integrations were interrupted and needed their Docker containers unlinked to resume.

  • Integrations with expired credentials sometimes did not get updated credentials upon refresh.

  • Fetch errors were not cleared when disabling an integration instance.

  • When there were more than 500 integrations instances configured on the server, the web socket updated causing huge memory spikes and could sometime lead to a crash. To prevent this from occurring, the ws.commands.update.limit server configuration (default 100) has been added, which limits web socket updates relating to integrations. To change the default, you need to update the key value.

    If an additional instance is created (such as the 101th instance), this update does not propagate to all the logged in users. Instead, they will have to refresh the web client.

Jobs

  • In some cases, jobs showed as Running, when they were already complete.

  • When the job to expire indicators ran, it caused system performance issues.

  • Sometimes when creating or editing a recurring job using the Cron scheduler and then removing or modifying the start date, the Invalid scheduler configuration error message appeared.

Lists

  • Tabs were saved as spaces in the Lists editor.

Live Backup

  • Improved Live Backup stability and performance, including faster recovery and resource optimization. Recovery error messages in the UI may differ slightly.

  • In some cases, when using Live Backup, the backup server would fail to accept specific actions.

Multi-tenant

  • When creating a new tenant, user notification settings were not propagated from the Main account.

  • An error was generated when trying to change or add new server configurations at the host level.

Playbooks

  • In the War Room, the Mapping playbook task created an error entry for null incident values instead of a warning.

  • When adding tasks to a playbook, they were placed in random, hard to find locations.

  • When viewing the Work Plan tab in an incident, if you clicked to view a sub-playbook and then navigated out of the incident to a different incident when you returned to the original incident and clicked on the Work Plan tab, instead of displaying the main playbook, it would display the sub-playbook that you looked at before.

  • When mapping outputs in a playbook task, if an output value was empty, the task was in an error state, which stopped the playbook running. The task is now assigned a warning state, which allows the playbook to continue running.

  • If a sub-playbook with a loop completed its run and then was reopened and run again, it did not execute for all input values.

  • When defining filters in playbook conditional and data collection tasks, the filter pop up window was cut off.

  • If you ran a playbook while editing the playbook, generated artifacts could not be downloaded.

Reports

  • When a report was exported to PDF format, detailed information about timer fields was missing from the report.

  • In some cases, scheduled reports ran more often than they were scheduled.

  • When generating an incident summary report, even if you have updated the reports.time.zone or the reports.time.format server configurations, for some fields, the time zone or format did not change and daylight saving time was not taken into account.

System Diagnostics

The System Diagnostics page took a long time to load.

Users and Roles

  • Old pre-set queries that were marked as default but were expected to be removed from the system, still appeared.

  • Following a change as to which roles could run integration commands for specific integrations, the integrations were reverting to their previous configuration.

War Room

  • In some cases, after applying a tag to a War Room entry, the tag appeared in the War Room filter selector, but the tagged entry did not appear in the War Room.

  • In the War Room, no auto-suggestions appeared when accessing using and using-brand parameters. However, when switching to the Settings page and then to the Playground, the auto-suggestions appeared.

  • If you manually added indicators from the text in the War Room, the case notes that included that indicator would not show after you saved the indicator.

  • After copying notes from the War Room of one investigation to another, the link to those copied notes was broken and the notes could not be downloaded.

  • In rare cases, there was no response in the UI when executing a command in the War Room.

Widgets

  • When editing a table widget, if the query returned no results, the column settings option under the settings button did not work.

  • If you created or edited a widget that used a custom date range, and then saved and reopened the widget, an error displayed if you tried to select a date range again.

Installation file hash: 34b7f4c435ffaee8617e25de680fcc772e60a68b38a7aae794da1d066447a3fc