Cortex XSOAR 8.5 - Release Notes - 8.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Release Notes

Product
Cortex XSOAR
Version
8.6
Creation date
2024-04-11
Last date published
2024-12-16
Category
Release Notes
Solution
On-prem
Abstract

Features released for Cortex XSOAR On-prem in April 2024

This section describes the main features of this Cortex XSOAR 8.5 On-prem release.

Cortex XSOAR 8 On-Prem is now released. Cortex XSOAR 8 has been redesigned to deliver improved performance and reliability. It is now highly scalable, based on the revamped architecture. While based on Cortex XSOAR 6, there are changes from that version that are detailed in Cortex XSOAR 8 Feature Changes.Cortex XSOAR 8 Feature Changes

Cortex XSOAR 8 On-prem is deployed as a virtual appliance on your data centers, which brings the advanced new platform and features of Cortex XSOAR 8 to customers who cannot use Cortex XSOAR 8 Cloud due to internal policies or external regulations. For more information about Cortex XSOAR requirements and migration, see Cortex XSOAR On-prem FAQs.

Cortex XSOAR 8 On-prem includes the following features:

  • Integration into the Cortex platform:

    • Unified look and feel

    • Simplified deployment and onboarding

  • Improved performance and reliability

  • High scalability based on a revamped architecture

  • User-friendly installation with an easy-to-follow step-by-step TUI to install Cortex XSOAR and configure:

    • Tenant network and IP settings

    • Proxy settings

    • Cluster settings

    • Scale size

    For more information about installation and system requirements, see Step 1. Install Cortex XSOAR.Step 1. Install Cortex XSOAR

Note

This release does not support MSSP SKU and related features. It also does not support high availability, disaster recovery, and air-gapped deployment.

Feature

Description

System diagnostics

The system diagnostic page enables you to monitor resources on an ongoing basis and identify potential issues before they lead to system instability.

One-click update

Cortex XSOAR On-prem automatically checks for new updates. Once a new version is identified you can update your Cortex XSOAR tenant through one click.

User management

Create users locally by inviting users to log into Cortex XSOAR using a username and password, giving you full control and privacy of users’ data. Full management of users including creating and managing SSO users.

Password policy

Set up and configure a secure password policy, to comply with your organization's security requirements.

Scale-up

Using the Cortex XSOAR TUI menu, you can easily scale up your Cortex XSOAR environment, based on your organizational and XSOAR usage growth.

Guard Rails page

Helps to keep your environment stable and prevent actions that can cause major performance degradation or instability.

This Cortex XSOAR 8.5 release includes the following features:

Release Highlights

Feature

Description

Keep retained incidents

You can choose to permanently retain up to 1000 specific incidents, which ensures seamless availability of data and provides you with a reliable and efficient platform.

Content repository improvements

It is now easier to configure and manage your content repository in Cortex Gateway and Cortex XSOAR, enabling better control over content management. You can switch between repository types as well as choose the initial synchronization setup, enabling you to develop and maintain Cortex XSOAR content that is aligned with your development processes.

Feature Enhancements

This Cortex XSOAR 8.5 release includes the following enhancements:

General

Feature

Description

Customize system emails

Customize a wide range of system emails sent to users, including notifications that a user is mentioned, a task is assigned or completed, an integration failed to fetch incidents, an engine is disconnected, and more. Customized emails provide flexibility when communicating with users, allowing you to include specific details about incidents, relevant data, and other information needed for prompt incident response.

Playbooks

Feature

Description

Group playbook inputs and outputs

Group playbook inputs and outputs, making it easier for security analysts to manage and understand the inputs required for different stages of the playbook. Grouping enhances the playbook's clarity, reduces the likelihood of errors, and facilitates a more streamlined and efficient incident response workflow.

Users and roles

Feature

Description

Add support for user phone numbers

Administrators can add phone numbers for users on the User Preferences page, which enables playbooks and scripts to trigger direct analyst communication, ensuring seamless collaboration during urgent situations and security incidents.

Incidents

Feature

Description

Improved incident navigation

For SOC analysts working on multiple incidents, next/previous incident navigation buttons provide the ability to navigate between incidents without returning to the Incidents page, saving time and increasing analyst efficiency.