Compare features between Cortex XSOAR 6 and 8.
Cortex XSOAR 8 delivers the same leading SOC security and operations solution as Cortex XSOAR 6, with a different architecture that is more robust. The following table describes the main changes in Cortex XSOAR 8.
Note
This comparison is between Cortex XSOAR 8 and the latest Cortex XSOAR 6x version.
Feature | Section | Description | Change Type | Cloud/On-prem |
---|---|---|---|---|
Access Management | Adding users | Users are defined and managed from the Cortex Gateway and are shared by all Cortex products. For more information about the changes, see New Features for Users and Roles in Cortex XSOAR 8 | Changed | Cloud |
Role Management | A single role can be assigned directly to a user. Additional permissions can be granted as part of a User Group assignment. | Changed | Both | |
Role Management | Users' permissions are no longer available. | Removed | Cloud | |
Role Management | In a multi-tenant environment, roles are not propagated from the main account to child tenants. Roles can be propagated from the Cortex Gateway to all tenants. NoteCortex XSOAR On-prem does not yet support Multi-tenant. | Changed | Both | |
Single sign-on | Now under → → → . | Moved | Both | |
Self Service Read-only users | Self Service Read only users are not supported. | Removed | Both | |
Admin | Preferences | Easier theme switching: Change themes (Cohesive light/dark) by selecting the icon next to Settings & Info. | Changed | Both |
Authentication | Multiple SSO | Now under → → → . | Changed | Both |
LDAP authentication | Removed | Both | ||
Data Retention | N/a | Data retention is 180 days and can be extended through SKU retention. | Changed | Cloud |
Docker | Docker images and commands | Docker commands that derive from a script can be used for an engine, such as:
All other Docker commands do not work in Cortex XSOAR 8. | Removed/Changed | Both |
Incidents | Incident investigation | Canvas was removed from Cortex XSOAR 8 On-prem. | Removed | On-prem |
The Related Incidents tab was removed from Cortex XSOAR 8. | Removed | Both | ||
The Summary tab was removed from Cortex XSOAR 8. | Removed | Both | ||
When generating a report from an incident, you can only select PDF format (Word is not supported). | Removed | Both | ||
In an investigation, images from external links will not appear, as they are restricted due to security issues. To use an image, either upload the image using base64 or upload it using markdown in the War Room. | Changed | Both | ||
War Room | Some War Room filters have been removed. | Limited | Both | |
Look & feel | N/a | Cortex XSOAR's look and feel align with other Cortex products, such as XDR, XSIAM, and XPANSE. | Changed | Both |
Multi-tenant | N/a | Now managed from the Cortex Gateway NoteCortex XSOAR On-prem does not yet support Multi-tenant. | Changed | Cloud |
Mail Sender | N/a | Provided by default using the SMTP server on the tenant. | Changed | Cloud |
Marketplace | Upload content packs | In Marketplace, unsigned content packs are not supported when selecting Upload Content Packs. If you want to upload unsigned content packs, do one of the following:
| Changed | Both |
Settings (Integrations) | Integrations | Now under → → .Unless otherwise specified, the same features as XSOAR 6 | Moved | Both |
Integration logs | You can now access integration logs by going to → → → . | Moved | Both | |
Agent tools | Agent Tools was removed from Cortex XSOAR 8. | Removed | Both | |
External dynamic List | You can configure an External Dynamic List to share a list of Cortex XSOAR indicators with other products in your network, such as a firewall or SIEM. For more information, see Export indicators using the Generic Export Indicators integration. | Added | Both | |
Syslog server | You can send audit notifications to your Syslog server. For more information, see Configure management audit notification forwarding | Changed | Both | |
Syslog |
| Changed | Both | |
API keys | Now under → → .In Cortex XSOAR 8, API keys are not bound to users and can have their own RBAC settings. Generating API Keys is also available in Cortex XSOAR 6 | Moved/changed | Both | |
API functions | The set of API calls available in Cortex XSOAR 6 and Cortex XSOAR 8 are different. The endpoints supported in Cortex XSOAR 8 can be found in the API documentation. To report missing API functionality, contact customer support | Limited | Both | |
API structure | The API Structure was changed. For more information, see Cortex XSOAR 8 API Changes | Changed | Both | |
Settings (Advanced) | Audit Trail | Now under → → → . | Moved | Both |
Backups | Backups are not managed as part of a Cortex XSOAR tenant. | Removed | Both | |
Backup Management | Handled by Palo Alto Networks. The Cortex XSOAR 8 tenant's data has full regional redundancy and relies on our cloud provider's controls to keep the data available. Cortex teams are frequently backing up all configuration data and the restore process is tested regularly. | Changed | Cloud | |
Content Repository | When setting up a remote repository you can select an in-built or private repository. Cortex XSOAR supports both single and multiple git branches. NoteCortex XSOAR On-prem supports a private repository only. | Changed | Both | |
Exclusion List | Now under → → → .For more information, see Export indicators using the Generic Export Indicators integration. | Moved | Both | |
ML Models | ML Models were removed from Cortex XSOAR 8. Cortex XSOAR 6 customers with at least one model will have the module added. New customers for Cortex XSOAR 8 won’t have that page. | Removed | Both | |
Password Policy | Password policy was removed from Cortex XSOAR 8 Cloud. | Removed | Cloud | |
App Servers | App Servers were removed from Cortex XSOAR 8. | Removed | Both | |
Settings (About) | Version | Now under → . | Moved | Both |
License | Go to → → . | Moved | Both | |
License Management | Managed by Cortex's DevOps team. | Removed | Cloud | |
License - Customer Name | Removed in Cortex XSOAR 8. Will be added soon. | Temporarily removed | Both | |
Troubleshooting Page | Now under → → → .Login message, logo, and import and export content remain the same. | Removed | Both | |
→ | Logs (including log level and download) | Removed | Cloud | |
Downloading a log bundle is done from the System Diagnostics page. | Changed | On-prem | ||
→ | Server Configurations: Select from a dropdown list. Some server configurations have been removed. | Limited | Both | |
→ | Timezone and format can be set from user preferences. | Changed | Both | |
→ | Telemetry settings are removed from Cortex XSOAR 8. | Removed | Both | |
System Diagnostics | System Diagnostics was removed from Cortex XSOAR 8. | Removed | Cloud | |
Settings (USERS AND ROLES) | Users | There is no Default Admin in Cortex XSOAR 8. Some permissions granted to Default Admins in Cortex XSOAR 6 are now granted only to users with Instance Administrator or Account Admin roles. This includes access to:
| Changed | Both |
Threat Intel | Manually share indicators between tenants in a multi-tenant deployment. | Removed | Both | |
High Availability | If you deploy a cluster of three or more nodes, the system automatically implements built-in High Availability. For more information, see High Availability for Cortex XSOAR. | Changed | On-prem | |
Disaster Recovery | Will be added. | Temporarily removed | On-prem | |
MT/MSSP | In Cortex XSOAR 8 Cloud, create and manage parent and child tenants in Cortex Gateway. For Cortex XSOAR 8 On-prem: Coming soon | Changed | Both | |
Air-gapped installtion | Will be added soon. | Temporarily removed | On-prem |
For further information or general queries about the feature changes, contact the Product Team.