Cortex XSOAR 8.6 - Release Notes - 8.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Release Notes

Product
Cortex XSOAR
Version
8.6
Creation date
2024-04-11
Last date published
2024-12-16
Category
Release Notes
Solution
On-prem
Abstract

New features available in Cortex XSOAR 8.6, including release highlights and feature enhancements.

This section describes the new features and updates of the Cortex XSOAR 8.6 release.

The Cortex XSOAR 8.6 release includes the following highlights:

Feature

Description

Multi-Role API Keys

You can now create API keys with multiple roles to improve operational efficiency and allow dynamic RBAC management of API keys. The API key permissions have the aggregated permissions of the roles associated with it.

Enhanced role-based access control for dashboards

The Administrator can now restrict access to specific dashboards for designated users through role assignment. Customized access control provides users with a more focused and efficient investigation and response. This prevents user confusion caused by excessive numbers of displayed dashboards and can also improve system performance. For more information, see Dashboard actions.Dashboard actions

New endpoint for managing API keys using the API

Cortex XSOAR now has an API endpoint for GET, CREATE, UPDATE, and DELETE for API keys. You can also delete API keys in bulk. This makes it easier to automate onboarding new child tenants or retrieve information on all existing API keys. For more information, see the API documentation.

Cortex XSOAR Cluster High Availability

Cortex XSOAR On-prem cluster, with three or more nodes, includes high availability capabilities to improve reliability for critical security operations. For more information, see High Availability for Cortex XSOAR.High Availability for Cortex XSOAR

Customize the favicon color

Users often work on several Cortex XSOAR tenants at the same time within the same browser. To avoid confusion and to save time, you can now change the color of the favicon for each tenant. This allows you to identify which tenant is being used in each tab at a glance.

The Cortex XSOAR 8.6 release includes the following enhancements:

Authentication

Feature

Description

New Authentication Controls

New authentication control options provide additional security features to help prevent security breaches.

  • Passwordless Authentication

    You now have the option to require non-password credentials for SSO authentication. If selected, this option requires users to choose intrinsically safer authentication factors, such as biometric authentication, to access Cortex XSOAR.

  • Force Authentication

    You now have the option to require users to reauthenticate to access the Cortex XSOAR tenant, even if they have already authenticated to access other applications.

For more information, see Advanced settings in Authenticate users using SSO.Authenticate users using SSO

Logs

Feature

Description

Add integration logs for non-python scripts and integrations

Integration logs now support non-Python scripts and integrations, enhancing troubleshooting capabilities for non-Python content and implementation issues.

This section describes the content changes from Cortex XSOAR 8.5 to 8.6.

Content

Description

Change type

Cortex XDR Malicious Pod Response Playbook

This new playbook helps you quickly and effectively respond to malicious activity in pods. It includes a master playbook and a sub-playbook for agent and agentless environments. The playbook automates the creation of a Lambda function, handles container registry and image verification, and integrates threat intelligence and image scanning to provide comprehensive security measures. For more information, see Cortex XDR - Malicious Pod Response.

New

Zoom Mail integration

The new Zoom Mail integration allows for email creation and deletion, user management, and streamlining message handling with attachment extraction. For more information, see Zoom Mail.

New

Rapid7 InsightVM integration

The integration now supports creating, updating, deleting, and retrieving tags and their associations with assets and groups. It also includes commands for managing site targets and groups. For more information, see Rapid7 InsightVM Cloud.

Update

GitHub Feed

A new feed was added, which fetches indicators from GitHub repositories. For more information, see Github Feed.

New

AWS EKS integration

The new AWS EKS integration enables the management and operation of Amazon Elastic Kubernetes Service (EKS) clusters. For more information, see AWS-EKS.

New

Yara Rule indicator

Added a new indicator type, which is part of the Yara content pack. For more information, see the Yara content pack.

New

Generic Webhook integration

This integration has been enhanced to support the creation of multiple incidents in a single request. For more information, see Generic Webhook.

Updated