Cortex XSOAR 8 SaaS FAQs for security.
All communications are TLS-encrypted between Cortex XSOAR components and between Cortex XSOAR and third-party tools.
By default, in GCP, the data is encrypted at Rest:
Passwords and API keys are encrypted when stored at Rest.
Data in Cortex XSOAR is encrypted at Rest through volume encryption.
For more information about security protection in the data centers where Cortex XSOAR data resides, see Google Compliance Center and Default Encryption at Rest.
Based on Google's data deletion process, as described in https://cloud.google.com/docs/security/deletion, Google adheres to a strict disposal policy to achieve compliance with NIST SP 800-88 Revision 1 “Guidelines for Media Sanitization” and DoD 5220.22-M “National Industrial Security Program Operating Manual".
Penetration testing is performed annually, while additional ongoing tests are done as part of the Cortex XSOAR development process.
Cortex XSOAR 8 provides a secure environment by encrypting data at Rest. Each tenant has its own keys, which are created as part of the tenant creation. If you want to BYOK, contact your CS/SA to discuss this option.
Each tenant has a separate virtual network that is not directly accessible by anyone. Access to a customer's environment requires an approval process. Access is granted using GCP IAM permissions.
You can add specific domains and IP addresses you want to allow by going to Settings & Info → Settings → Security Settings → Allowed Sessions. For example, if you want to limit which IP address can connect as an engine to the Cortex XSOAR SaaS tenant, you can enter the engine's IP address.