New features available in Cortex XSOAR 8.6, including release highlights and feature enhancements.
This section describes the new features and updates of the Cortex XSOAR 8.6 release.
The Cortex XSOAR 8.6 release includes the following highlights:
Feature | Description |
---|---|
Multi-Role API Keys | You can now create API keys with multiple roles to improve operational efficiency and allow dynamic RBAC management of API keys. The API key permissions have the aggregated permissions of the roles associated with it. |
Enhanced role-based access control for dashboards | The Administrator can now restrict access to specific dashboards for designated users through role assignment. Customized access control provides users with a more focused and efficient investigation and response. This prevents user confusion caused by excessive numbers of displayed dashboards and can also improve system performance. For more information, see Dashboard actions.Dashboard actions |
New endpoint for managing API keys using the API | Cortex XSOAR now has an API endpoint for GET, CREATE, UPDATE, and DELETE for API keys. You can also delete API keys in bulk. This makes it easier to automate onboarding new child tenants or retrieve information on all existing API keys. For more information, see the API documentation. |
Cortex XSOAR Cluster High Availability | Cortex XSOAR On-prem cluster, with three or more nodes, includes high availability capabilities to improve reliability for critical security operations. For more information, see High Availability for Cortex XSOAR.High Availability for Cortex XSOAR |
Customize the favicon color | Users often work on several Cortex XSOAR tenants at the same time within the same browser. To avoid confusion and to save time, you can now change the color of the favicon for each tenant. This allows you to identify which tenant is being used in each tab at a glance. |
The Cortex XSOAR 8.6 release includes the following enhancements:
Authentication
Feature | Description |
---|---|
New Authentication Controls | New authentication control options provide additional security features to help prevent security breaches.
For more information, see Advanced settings in Authenticate users using SSO.Authenticate users using SSO |
Logs
Feature | Description |
---|---|
Add integration logs for non-python scripts and integrations | Integration logs now support non-Python scripts and integrations, enhancing troubleshooting capabilities for non-Python content and implementation issues. |
This section describes the content changes from Cortex XSOAR 8.5 to 8.6.
Content | Description | Change type |
---|---|---|
Cortex XDR Malicious Pod Response Playbook | This new playbook helps you quickly and effectively respond to malicious activity in pods. It includes a master playbook and a sub-playbook for agent and agentless environments. The playbook automates the creation of a Lambda function, handles container registry and image verification, and integrates threat intelligence and image scanning to provide comprehensive security measures. For more information, see Cortex XDR - Malicious Pod Response. | New |
Zoom Mail integration | The new Zoom Mail integration allows for email creation and deletion, user management, and streamlining message handling with attachment extraction. For more information, see Zoom Mail. | New |
Rapid7 InsightVM integration | The integration now supports creating, updating, deleting, and retrieving tags and their associations with assets and groups. It also includes commands for managing site targets and groups. For more information, see Rapid7 InsightVM Cloud. | Update |
GitHub Feed | A new feed was added, which fetches indicators from GitHub repositories. For more information, see Github Feed. | New |
AWS EKS integration | The new AWS EKS integration enables the management and operation of Amazon Elastic Kubernetes Service (EKS) clusters. For more information, see AWS-EKS. | New |
Yara Rule indicator | Added a new indicator type, which is part of the Yara content pack. For more information, see the Yara content pack. | New |
Generic Webhook integration | This integration has been enhanced to support the creation of multiple incidents in a single request. For more information, see Generic Webhook. | Updated |