The following table details the changes that break backward compatibility upon upgrade to Cortex XSOAR v6.5.
Configure the Cortex XSOAR Server to listen on HTTP
For more information, see Configure the Server to Listen on HTTP .
Configure show/hide empty fields per tab
For all Cortex XSOAR objects (incidents/indicators/threat intel reports), you can now configure whether to show/hide empty fields independently for each object tab within the layout. The setting that you configure in the layout becomes the default value seen by the user in the actual object (e.g. in the incident itself). From within the object, users can override the value that was set within the layout builder for that specific tab, or the global default value that was set by the
Installing this version impacts any previous configuration changes that you made to this feature. Check your settings for this configuration and reconfigure as needed.
Default administrators can now view all incidents, including restricted incidents.
By default, the default administrator can view all incidents including those that are marked as restricted, and view modifications to restricted incidents in the Audit Trail.
To prevent the default administrator from viewing these restricted incidents, set the
As of Cortex XSOAR v6.5, distributed database deployments are no longer supported. We recommend transitioning to Elasticsearch as a remote database. For more information, see the Migrate Objects to Elasticsearch for a Distributed Database from a distributed database to Elasticsearch.