New features available in Cortex XSOAR 6.11, including improvements to threat intel, case management and the Cortex XSOAR platform.
The following new features are categorized by product component.
Improved Upgrade Process for Multi-Tenant Deployments
Case Management
Platform
Improved Upgrade Process for Multi-Tenant Deployments
You can now upgrade a multi-tenant deployment in stages, to limit downtime. Previously, after upgrading the main server, all host servers had to be upgraded before the main server could be restarted and functionality restored. From this version, after upgrading the main server, you can upgrade all of the host servers or leave one or more host servers one version behind, temporarily. The main server can be restarted before you upgrade the host servers, limiting downtime.
Limited functionality is supported if the host server is one version behind the main server. For example, you can continue to use Cortex XSOAR if the main server is Cortex XSOAR v6.11 and some or all of the host servers are still running Cortex XSOAR v6.10.
During this period, when host servers are one version behind, you can still manage incidents and indicators and use dashboards. You can’t create accounts or move accounts on a host that is not running the same version as the main server. You also can’t propagate any content from the main server to host servers that are not running the same Cortex XSOAR version. This includes:
Playbooks
Scripts
Integrations
Indicator fields
Incident fields
Evidence fields
Indicator types
Incident types
Pre-process rules
Lists
Widgets
Dashboards
Incident layouts
Indicator layouts
For more information, see Upgrade Your Multi-Tenant Deployment.
Case Management
Feature | Description |
---|---|
Remove Users Data | After deleting a user, you can now clear the user's data from content, such as active incidents and investigations, automations, etc., by doing one of the following:
For more information, see Remove a User. |
Playbook Performance | Substantial improvements of playbook performance including context operations, indicator extraction and playbook execution. |
Deleting an Account | (Multi-tenant) In an Elasticsearch environment, after deleting an account, the Elasticsearch indices for the account are now closed and the data is retained. If you want to create a new account with the same name as the deleted account, you must first either reopen the closed indices (to use the existing data for the new account) or delete the closed indices. NoteYou cannot create a new account with the same name until you delete or open the closed indices. |
RHEL v9.1 | Cortex XSOAR now supports RHEL v9.1. |
Platform
Feature | Description |
---|---|
New Menu Navigation | The following menu items have been moved:
|
Role Permissions | Role permissions have been updated for more granular control. You can now do the following:
|
Wrap Labels for Fields | You can now choose to wrap the label text for incident and indicator fields when displayed in a layout. When creating or editing a section of fields, Edit section settings and select Wrap the labels. |
Engines Table "last seen" Timestamp | A "last seen" timestamp has been added to the engines table, which represents the last time the engine connected successfully. |
Prevent Duplicate File Names | You can now automatically append a timestamp to a file name for each file uploaded to an incident, by adding the following server configuration: Key: Value: This prevents the possibility of duplicate file names. |