Features released for Cortex XSOAR On-prem in April 2024
This section describes the main features of this Cortex XSOAR 8.5 On-prem release.
Cortex XSOAR 8 On-Prem is now released. Cortex XSOAR 8 has been redesigned to deliver improved performance and reliability. It is now highly scalable, based on the revamped architecture. While based on Cortex XSOAR 6, there are changes from that version that are detailed in Cortex XSOAR 8 Feature Changes.Cortex XSOAR 8 Feature Changes
Cortex XSOAR 8 On-prem is deployed as a virtual appliance on your data centers, which brings the advanced new platform and features of Cortex XSOAR 8 to customers who cannot use Cortex XSOAR 8 Cloud due to internal policies or external regulations. For more information about Cortex XSOAR requirements and migration, see Cortex XSOAR On-prem FAQs.
Cortex XSOAR 8 On-prem includes the following features:
Integration into the Cortex platform:
Unified look and feel
Simplified deployment and onboarding
Improved performance and reliability
High scalability based on a revamped architecture
User-friendly installation with an easy-to-follow step-by-step TUI to install Cortex XSOAR and configure:
Tenant network and IP settings
Proxy settings
Cluster settings
Scale size
For more information about installation and system requirements, see Step 1. Install Cortex XSOAR.Step 1. Install Cortex XSOAR
Note
This release does not support MSSP SKU and related features. It also does not support high availability, disaster recovery, and air-gapped deployment.
Feature | Description |
---|---|
System diagnostics | The system diagnostic page enables you to monitor resources on an ongoing basis and identify potential issues before they lead to system instability. |
One-click update | Cortex XSOAR On-prem automatically checks for new updates. Once a new version is identified you can update your Cortex XSOAR tenant through one click. |
User management | Create users locally by inviting users to log into Cortex XSOAR using a username and password, giving you full control and privacy of users’ data. Full management of users including creating and managing SSO users. |
Password policy | Set up and configure a secure password policy, to comply with your organization's security requirements. |
Scale-up | Using the Cortex XSOAR TUI menu, you can easily scale up your Cortex XSOAR environment, based on your organizational and XSOAR usage growth. |
Guard Rails page | Helps to keep your environment stable and prevent actions that can cause major performance degradation or instability. |
This Cortex XSOAR 8.5 release includes the following features:
Release Highlights
Feature | Description |
---|---|
Keep retained incidents | You can choose to permanently retain up to 1000 specific incidents, which ensures seamless availability of data and provides you with a reliable and efficient platform. |
Content repository improvements | It is now easier to configure and manage your content repository in Cortex Gateway and Cortex XSOAR, enabling better control over content management. You can switch between repository types as well as choose the initial synchronization setup, enabling you to develop and maintain Cortex XSOAR content that is aligned with your development processes. |
Feature Enhancements
This Cortex XSOAR 8.5 release includes the following enhancements:
General
Feature | Description |
---|---|
Customize system emails | Customize a wide range of system emails sent to users, including notifications that a user is mentioned, a task is assigned or completed, an integration failed to fetch incidents, an engine is disconnected, and more. Customized emails provide flexibility when communicating with users, allowing you to include specific details about incidents, relevant data, and other information needed for prompt incident response. |
Playbooks
Feature | Description |
---|---|
Group playbook inputs and outputs | Group playbook inputs and outputs, making it easier for security analysts to manage and understand the inputs required for different stages of the playbook. Grouping enhances the playbook's clarity, reduces the likelihood of errors, and facilitates a more streamlined and efficient incident response workflow. |
Users and roles
Feature | Description |
---|---|
Add support for user phone numbers | Administrators can add phone numbers for users on the User Preferences page, which enables playbooks and scripts to trigger direct analyst communication, ensuring seamless collaboration during urgent situations and security incidents. |
Incidents
Feature | Description |
---|---|
Improved incident navigation | For SOC analysts working on multiple incidents, next/previous incident navigation buttons provide the ability to navigate between incidents without returning to the Incidents page, saving time and increasing analyst efficiency. |