New features are available in Cortex XSOAR 8.9, including release highlights and feature enhancements.
This section describes the new features and updates of the Cortex XSOAR 8.9 On-prem release.
Release build: master-8.9.0-8.9.0.155-a9e60d02
Release Highlights
The Cortex XSOAR 8.9 release includes the following highlights:
Feature | Description |
|---|---|
A new look and feel for playbooks | The latest enhancements in user experience improve playbook readability and clarity through an updated look and feel. |
Collapsible playbook sections | The updated collapsible playbook sections enable users to stay focused on the relevant playbook details without distractions, allowing for easier navigation through complex playbooks and increased productivity. |
Unlimited user license for development tenants | With no license limit for users on development tenants, you can build, test, and refine automations at scale. This drives faster innovation, more reliable workflows, and scalable solutions as your organization grows. |
Notifications for deprecated content | New automated user notifications about deprecated playbooks, sub-playbooks, and scripts ensure updated, effective, and accurate security workflows. |
Export and delete incidents | Enhance incident data management by enabling administrators to export and delete incidents for regulatory and storage requirements. This helps minimize data exposure, ensures efficient and secure management of incident data retention, and helps free up disk space to optimize system performance. NoteThis feature is disabled by default. To enable this feature, contact Customer Support. |
Use an authenticated Docker image repository | Use a custom container registry with your authentication credentials to apply custom images created on a private machine. Using your registry enables you to manage access permissions, ensuring only authorized users can pull and use the custom images. This protects sensitive information and enables more secure and controlled deployment of custom images within the Cortex XSOAR environment. |
Feature Enhancements
The Cortex XSOAR 8.9 release includes the following enhancements:
General
Feature | Description |
|---|---|
Support for CIS Level 1 | Cortex XSOAR now follows CIS Level 1 security guidelines. |
Incidents
Feature | Description |
|---|---|
Allow bulk action for Retain/Undo Retain Incidents | You can now Retain and Undo Retain Incidents from the incidents table on all incidents, including closed incidents. This feature lets you keep incidents for compliance or incident management purposes, ensuring critical data is preserved. |
War room filtering | In the War Room, when selecting multiple filters, you can now view the results with any of the selected filters. |
Proxy
Feature | Description |
|---|---|
Bypass the proxy server | Enhance network flexibility and avoid potential connectivity issues by specifying a list of domains, IP addresses, or network ranges in the textual UI to ensure traffic to these destinations is routed directly and not through a proxy. |
Engines
Feature | Description |
|---|---|
Enhanced engine upgrades | Gain greater flexibility and control over the upgrade process by setting upgrade variables, such as NoteYou can use this feature when upgrading engines to Cortex XSOAR 8.10 and later. |
Platform support | Cortex XSOAR now supports the following platforms for engine installation:
|
Remote Repositories
Feature | Description |
|---|---|
Enhanced version compatibility notifications for development and production environments | Receive clear warnings and visual indicators for potential version mismatches when syncing content between development and production, ensuring seamless upgrades. |
Support for the ed25519 algorithm to connect to private content repositories | Cortex XSOAR now supports the high-speed, high-security ed25519 algorithm for SSH connections to content repositories. This aligns with industry best practices, providing a more secure method for access and enhancing your overall security posture. |
High Availability
Feature | Description |
|---|---|
Backup and restore management in the Cortex XSOAR UI | Protect your data by enabling on-demand backup in the Cortex XSOAR UI. Customize backup frequency, restore data, and enable/disable backups from the Cortex XSOAR UI. |
Troubleshooting
Feature | Description |
|---|---|
Analyst actions recorded in audit logs | Audit logs now record commands entered by analysts in the War Room and Playground, which improves visibility into analyst actions taken during the incident response and troubleshooting processes. |
Guard Rails performance-related alerts and warnings | Guard Rails includes new performance-related alerts and warnings that can be used as a guide to detect and prevent actions that may cause performance or instability issues. This ensures a reliable way to maintain a secure and stable environment. |
API
Feature | Description |
|---|---|
New administration APIs | Significantly enhance the management and configuration experience for engines and authentication settings by adding new APIs.
|
Support of additional Cortex APIs | The following data management APIs are now supported:
|
Multi-tenant
Feature | Description |
|---|---|
Upgrade main and child tenants for MSSPs | Improve flexibility when upgrading MSSP tenants:
|
Marketplace Content Changes
This section describes the changes in content (integrations, playbooks, and indicators) from Cortex 8.8 to 8.9.