Breaking Changes - Release Notes - 6.5 - Cortex XSOAR - Cortex

The following table details the changes that break backward compatibility upon upgrade to Cortex XSOAR v6.5.

Feature	Change
Configure the Cortex XSOAR Server to listen on HTTP	The `-insecure` command line flag has been deprecated. For the Server to listen on an HTTP endpoint there is no longer need to run with the `-insecure` command line flag. The Server now listens on an HTTP endpoint if the following configuration is set in the `demisto.conf` file. `Server.HttpPort` For more information, see Configure the Server to Listen on HTTP .Configure the Server to Listen on HTTP
Configure show/hide empty fields per tab	For all Cortex XSOAR objects (incidents/indicators/threat intel reports), you can now configure whether to show/hide empty fields independently for each object tab within the layout. The setting that you configure in the layout becomes the default value seen by the user in the actual object (e.g. in the incident itself). From within the object, users can override the value that was set within the layout builder for that specific tab, or the global default value that was set by the `UI.summary.page.hide.empty.fields` server configuration. Note Installing this version impacts any previous configuration changes that you made to this feature. Check your settings for this configuration and reconfigure as needed.
Default administrators can now view all incidents, including restricted incidents.	By default, the default administrator can view all incidents including those that are marked as restricted, and view modifications to restricted incidents in the Audit Trail. To prevent the default administrator from viewing these restricted incidents, set the `incident.restrict.default.admin` server configuration to `true`.

Feature

Change

Configure the Cortex XSOAR Server to listen on HTTP

The -insecure command line flag has been deprecated. For the Server to listen on an HTTP endpoint there is no longer need to run with the -insecure command line flag. The Server now listens on an HTTP endpoint if the following configuration is set in the demisto.conf file.

Server.HttpPort

For more information, see Configure the Server to Listen on HTTP .Configure the Server to Listen on HTTP

Configure show/hide empty fields per tab

For all Cortex XSOAR objects (incidents/indicators/threat intel reports), you can now configure whether to show/hide empty fields independently for each object tab within the layout. The setting that you configure in the layout becomes the default value seen by the user in the actual object (e.g. in the incident itself). From within the object, users can override the value that was set within the layout builder for that specific tab, or the global default value that was set by the UI.summary.page.hide.empty.fields server configuration.

Note

Installing this version impacts any previous configuration changes that you made to this feature. Check your settings for this configuration and reconfigure as needed.

Default administrators can now view all incidents, including restricted incidents.

By default, the default administrator can view all incidents including those that are marked as restricted, and view modifications to restricted incidents in the Audit Trail.

To prevent the default administrator from viewing these restricted incidents, set the incident.restrict.default.admin server configuration to true.

EOL Notice

As of Cortex XSOAR v6.5, distributed database deployments are no longer supported. We recommend transitioning to Elasticsearch as a remote database. For more information, see the Migrate Objects to Elasticsearch for a Distributed Database from a distributed database to Elasticsearch.Elasticsearch Overview

Breaking Changes - Release Notes - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Release Notes

Note

EOL Notice