Cortex XSOAR 8 Feature Changes - 8 - Cortex XSOAR - Cortex

Cortex XSOAR 8 comes in the following formats:

Cortex XSOAR Cloud
Cortex XSOAR On-prem

Cortex XSOAR Cloud

Cortex XSOAR 8 Cloud is built on the Cortex Platform, which offers:

Improved performance, scalability, and reliability
Centralized user management
An enhanced user experience unified with the broader Cortex portfolio
Simplified deployment and onboarding across the Cortex portfolio
Auto-scalability and built-in high availability
Automatic software updates free of compatibility issues

Cortex XSOAR On-prem

Cortex XSOAR 8 On-prem offers the following:

Unified look and feel
Simplified deployment and onboarding
Improved performance and reliability
User-friendly installation with an easy-to-follow step-by-step TUI to install and configure Cortex XSOAR.

Comparison between Cortex XSOAR 6 and 8

Cortex XSOAR 8 delivers the same leading SOC security and operations solution as Cortex XSOAR 6, with a different architecture that is more robust. The following table describes the main changes in Cortex XSOAR 8.

Note

This comparison is between Cortex XSOAR 8 and the latest Cortex XSOAR 6x version.

Feature	Section	Description	Change Type	Cloud/On-prem
Access Management	Adding users	Users are defined and managed from the Cortex Gateway and are shared by all Cortex products. For more information about the changes, see New Features for Users and Roles in Cortex XSOAR 8	Changed	Cloud
Access Management	Role Management	A single role can be assigned directly to a user. Additional permissions can be granted as part of a User Group assignment.	Changed	Both
Access Management	Role Management	Users' permissions are no longer available.	Removed	Cloud
Access Management	Role Management	In a multi-tenant environment, roles are not propagated from the main account to child tenants. Roles can be propagated from the Cortex Gateway to all tenants. Note Cortex XSOAR On-prem does not yet support Multi-tenant.	Changed	Both
Access Management	Single sign-on	Now under Settings & Info → Settings → Access Management → Authentication Settings.	Moved	Both
Access Management	Self Service Read-only users	Self Service Read only users are not supported.Self-Service Read-Only Users	Removed	Both
Admin	Preferences	Easier theme switching: Change themes (Cohesive light/dark) by selecting the icon next to Settings & Info.	Changed	Both
Authentication	Multiple SSO	Now under Settings & Info → Settings → Access Management → Authentication Settings.	Changed	Both
Authentication	LDAP authentication		Removed	Both
Data Retention	N/a	Data retention is 180 days and can be extended through SKU retention.	Changed	Cloud
Docker	Docker images and commands	Docker commands that derive from a script can be used for an engine, such as: `DockerHardeningCheck` `CheckDockerImageAvailable` `GetDockerImageLatestTag` `ListUsedDockerImages` `RunDockerCommand` `ServerLogs_docker` All other Docker commands do not work in Cortex XSOAR 8.	Removed/Changed	Both
Incidents	Incident investigation	Canvas was removed from Cortex XSOAR 8.	Removed	Both
Incidents	Incident investigation	The Related Incidents tab was removed from Cortex XSOAR 8.	Removed	Both
Incidents	Incident investigation	The Summary tab was removed from Cortex XSOAR 8.	Removed	Both
Incidents	Incident investigation	When generating a report from an incident, you can only select PDF format (Word is not supported)	Removed	Both
Incidents	War Room	Some War Room filters have been removed.	Limited	Both
Look & feel	N/a	Cortex XSOAR's look and feel align with other Cortex products, such as XDR, XSIAM, and XPANSE.	Changed	Both
Multi-tenant	N/a	Now managed from the Cortex Gateway Note Cortex XSOAR On-prem does not yet support Multi-tenant.	Changed	Cloud
Mail Sender	N/a	Provided by default using the SMTP server on the tenant.	Changed	Cloud
Marketplace	Upload content packs	In Marketplace, unsigned content packs are not supported when selecting Upload Content Packs. If you want to upload unsigned content packs, do one of the following: Use the demisto.sdk Upload the zip file to the War Room and install the content pack using the `ContentPackInstaller` command	Changed	Both
Settings (Integrations)	Integrations	Now under Settings & Info → Settings → Integrations. Unless otherwise specified, the same features as XSOAR 6	Moved	Both
Settings (Integrations)	Integration logs	You can now access integration logs by going to Settings & Info → Settings → Integrations → Integration Log.	Moved	Both
Settings (Integrations)	Agent tools	Agent Tools was removed from Cortex XSOAR 8.	Removed	Both
Settings (Integrations)	External dynamic List	You can configure an External Dynamic List to share a list of Cortex XSOAR indicators with other products in your network, such as a firewall or SIEM. For more information, see Export indicators using the Generic Export Indicators integration.	Added	Both
Settings (Integrations)	Syslog server	You can send audit notifications to your Syslog server. For more information, see Add a Syslog ServerAdd a Syslog Server	Changed	Both
Settings (Integrations)	Syslog	Format: Syslog format RFC 5424 is the only format supported. Protocol: Unix protocol is no longer supported Structure: The syslog structure was changed. Dropped support for Tag. The facility is set by default to FAC_USER	Changed	Both
Settings (Integrations)	API keys	Now under Settings & Info → Settings → Integrations. In Cortex XSOAR 8, API keys are not bound to users and can have their own RBAC settings. Generating API Keys is also available in Cortex XSOAR 6	Moved/changed	Both
Settings (Integrations)	API functions	Not all API calls supported on Cortex XSOAR 6 are supported on Cortex XSOAR 8. An updated list can be found here. To report missing API functionality, contact customer support	Limited	Both
Settings (Integrations)	API structure	The API Structure was changed. For more information, see Cortex XSOAR 8 API Changes	Changed	Both
Settings (Advanced)	Audit Trail	Now under Settings & Info → Settings → System → Audit Notifications.	Moved	Both
Settings (Advanced)	Backups	Backups are not managed as part of a Cortex XSOAR tenant.	Removed	Both
Settings (Advanced)	Backup Management	Handled by Palo Alto Networks. The Cortex XSOAR 8 tenant's data has full regional redundancy and relies on our cloud provider's controls to keep the data available. Cortex teams are frequently backing up all configuration data and the restore process is tested regularly.	Changed	Cloud
Settings (Advanced)	Content Repository	When setting up a remote repository you can select an in-built or private repository. Cortex XSOAR supports both single and multiple git branches. Note Cortex XSOAR On-prem supports a private repository only.	Changed	Both
Settings (Advanced)	Exclusion List	Now under Settings & Info → Settings → Objects Setup → Indicators. For more information, see.Export indicators using the Generic Export Indicators integration.	Moved	Both
Settings (Advanced)	ML Models	ML Models were removed from Cortex XSOAR 8. Cortex XSOAR 6 customers with at least one model will have the module added. New customers for Cortex XSOAR 8 won’t have that page.	Removed	Both
Settings (Advanced)	Password Policy	Password policy was removed from Cortex XSOAR 8 Cloud.	Removed	Cloud
Settings (Advanced)	App Servers	App Servers were removed from Cortex XSOAR 8.	Removed	Both
Settings (About)	Version	Now under My Profile menu → About.	Moved	Both
Settings (About)	License	Go to Settings & Info → Settings → Cortex XSOAR license.	Moved	Both
Settings (About)	License Management	Managed by Cortex's DevOps team.	Removed	Cloud
Settings (About)	License - Customer Name	Removed in Cortex XSOAR 8. Will be added soon.	Temporarily removed	Both
Settings (About)	Troubleshooting Page	Now under Settings & Info → Settings → System → Server Settings. Login message, logo, and import and export content remain the same.	Removed	Both
Settings (About)	Troubleshooting → Logs	Logs (including log level and download)	Removed	Cloud
Settings (About)	Troubleshooting → Logs	Downloading a log bundle is done from the System Diagnostics page.	Changed	On-prem
Settings (About)	Troubleshooting → Server Configurations	Server Configurations: Select from a dropdown list. Some server configurations have been removed.	Limited	Both
Settings (About)	Troubleshooting → Time Configuration	Timezone and format can be set from user preferences.	Changed	Both
Settings (About)	Troubleshooting → Telemetry	Telemetry settings are removed from Cortex XSOAR 8.	Removed	Both
Settings (About)	System Diagnostics	System Diagnostics was removed from Cortex XSOAR 8.	Removed	Cloud
Settings (USERS AND ROLES)	Users	There is no Default Admin in Cortex XSOAR 8. Some permissions that were granted to Default Admins in Cortex XSOAR 6 are now granted only to users with Instance Administrator or Account Admin roles. This includes access to: Long Running Integrations (SETTINGS → Integrations → Long Running Integrations) Access Management (whole section SETTINGS → Account Management) Security Settings (SETTINGS → System → Security Settings)	Changed	Both
Threat Intel		Manually share indicators between tenants in a multi-tenant deployment.	Removed	Both
High Availability		Will be added	Temporarily removed	On-prem
Disaster Recovery		Will be added	Temporarily removed	On-prem
MT/MSSP		Will be added	Temporarily removed	On-prem
Air-gapped installtion		Will be added	Temporarily removed	On-prem

For further information or general queries about the feature changes, contact XSOAR-Product@paloaltonetworks.com.