Cortex XSOAR 8.8 - New features available in Cortex XSOAR 8.8, including release highlights and feature enhancements. - Release Notes - 8.13 - Cortex XSOAR - Cortex

Abstract

New features available in Cortex XSOAR 8.8, including release highlights and feature enhancements.

This section describes the new features and updates of the Cortex XSOAR 8.8 On-prem release.

Release Highlights

The Cortex XSOAR 8.8 release includes the following highlights:

Feature	Description
Cortex XSOAR Multi-Tenant	Cortex XSOAR 8 On-prem now offers the following: Multi-tenant for Managed Security Service Providers (MSSP) Multi-tenant for Enterprises The following licenses are associated with this release: MSSP: PAN-CORTEX-MSSP, PAN-DEMISTO-MSSP Enterprise: PAN-XSOAR-ENT-MT, PAN-XSOAR-SOAR-ENT-MT, PAN-XSOAR-TIM-ENT-MT In the main tenant, you can centrally manage resources and reporting, push custom content to several tenants, search incidents, and run commands across multiple tenants, without exposing any data across tenants. For more information, see Cortex XSOAR Multi-Tenant.What is Cortex XSOAR multi-tenant?
Backup and restore of configurations and data	Continuous and efficient operation of your Cortex XSOAR tenant by periodically backing up your Cortex XSOAR tenant, which enables you to recover data, configurations, and settings. This minimizes downtime, prevents data loss, and helps you to recover it in case of failure, corruption, or rollback. For more information, see Set up backup and restore in Cortex XSOAR.
Canvas - Multilayer Indicator/Incident Relationship Graph	SOC analysts can now create and share dynamic attack diagrams or static snapshots with IR, forensics, and threat-hunting teams. This enables them to visualize and link key security incidents and IOCs, for faster and more streamlined investigation. For more information, see Investigate an incident using the canvas.

Feature

Description

Cortex XSOAR Multi-Tenant

Cortex XSOAR 8 On-prem now offers the following:

Multi-tenant for Managed Security Service Providers (MSSP)
Multi-tenant for Enterprises

The following licenses are associated with this release:

MSSP: PAN-CORTEX-MSSP, PAN-DEMISTO-MSSP
Enterprise: PAN-XSOAR-ENT-MT, PAN-XSOAR-SOAR-ENT-MT, PAN-XSOAR-TIM-ENT-MT

In the main tenant, you can centrally manage resources and reporting, push custom content to several tenants, search incidents, and run commands across multiple tenants, without exposing any data across tenants.

For more information, see Cortex XSOAR Multi-Tenant.What is Cortex XSOAR multi-tenant?

Backup and restore of configurations and data

Continuous and efficient operation of your Cortex XSOAR tenant by periodically backing up your Cortex XSOAR tenant, which enables you to recover data, configurations, and settings. This minimizes downtime, prevents data loss, and helps you to recover it in case of failure, corruption, or rollback.

For more information, see Set up backup and restore in Cortex XSOAR.

Canvas - Multilayer Indicator/Incident Relationship Graph

SOC analysts can now create and share dynamic attack diagrams or static snapshots with IR, forensics, and threat-hunting teams. This enables them to visualize and link key security incidents and IOCs, for faster and more streamlined investigation. For more information, see Investigate an incident using the canvas.

Feature Enhancements

The Cortex XSOAR 8.8 release includes the following enhancements:

General

Feature	Description
Settings page - search field	A new search field on the Settings page provides a fast and easy search of your configuration options.
Audit logs	Audit log coverage is expanded to capture detailed records of incident edits, including the modified fields. This improvement ensures a comprehensive record of all changes, significantly enhancing the ability to trace the incident's history and evolution.
Cortex XSOAR On-prem installation supports the extra small hardware scale	Optimize your hardware resource allocation, by using the extra-small scale for installation, which helps you avoid over-provisioning, and improve performance. For more information, see Hardware requirements.Hardware requirements

Feature

Description

Settings page - search field

A new search field on the Settings page provides a fast and easy search of your configuration options.

Audit logs

Audit log coverage is expanded to capture detailed records of incident edits, including the modified fields. This improvement ensures a comprehensive record of all changes, significantly enhancing the ability to trace the incident's history and evolution.

Cortex XSOAR On-prem installation supports the extra small hardware scale

Optimize your hardware resource allocation, by using the extra-small scale for installation, which helps you avoid over-provisioning, and improve performance.

For more information, see Hardware requirements.Hardware requirements

Indicators

Feature	Description
Exclude enrichment of indicators	Indicators can now be marked as Enrichment Excluded in Cortex XSOAR, ensuring they will not be enriched. This gives you better control over your Indicators and the ability to optimize system performance by managing the indicator enrichment process. For each indicator of type: IP, Domain, Email, URL, and File you can select whether to enable or disable enrichment calls. This allows you to conserve system resources when dealing with known indicators. Specific feeds ("Allow list" feeds) can be set as an enrichment excluded feed through its instance parameters, which excludes all of the indicators ingested by it, from being enriched. For more information, see Exclude indicators from enrichment.Exclude indicators from enrichment

Feature

Description

Exclude enrichment of indicators

Indicators can now be marked as Enrichment Excluded in Cortex XSOAR, ensuring they will not be enriched. This gives you better control over your Indicators and the ability to optimize system performance by managing the indicator enrichment process.

For each indicator of type: IP, Domain, Email, URL, and File you can select whether to enable or disable enrichment calls. This allows you to conserve system resources when dealing with known indicators. Specific feeds ("Allow list" feeds) can be set as an enrichment excluded feed through its instance parameters, which excludes all of the indicators ingested by it, from being enriched.

For more information, see Exclude indicators from enrichment.Exclude indicators from enrichment

Engines

Feature	Description
RHEL	Cortex XSOAR now supports RHEL 8.10 and 9.4 (for engine installation).

Marketplace Content Changes

This section describes the changes in content (integrations, playbooks, and indicators) from Cortex 8.7 to 8.8.

Content	Description	Change Type
Symantec Email Security Cloud integration	Introduced a new integration to enhance email filtering and blocking capabilities directly from Cortex XSOAR. For more information, see Symantec Email Security Cloud.	New
Command and Scripting Interpreter playbook for Crowdstrike Falcon	Introduced a new playbook to handle alerts based on the T1059 technique, which addresses potential threats that an attacker may exploit to execute commands, scripts, and binaries. For more information, see CrowdStrike Falcon.	New
Splunk PY integration	Added multiple events support to the `splunk-submit-event-hec` command, which improves performance for high-volume event collection and leverages batch submission supported by Splunk HEC API. For more information, see Splunk-PY.	Update
Prisma Cloud Compute Integration	Added the `prisma-cloud-compute-custom-feeds-ip-remove` integration, which removes a list of IP addresses from the system's block list. For more information, see Palo Alto Networks - Prisma Cloud Compute.	Update

Cortex XSOAR 8.8 - New features available in Cortex XSOAR 8.8, including release highlights and feature enhancements. - Release Notes - 8.13 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Release Notes

Release Highlights

Feature Enhancements

Marketplace Content Changes