Cortex XSOAR 8 comes in the following formats:
Cortex XSOAR Cloud
Cortex XSOAR On-prem
Cortex XSOAR Cloud
Cortex XSOAR 8 Cloud is built on the Cortex Platform, which offers:
Improved performance, scalability, and reliability
Centralized user management
An enhanced user experience unified with the broader Cortex portfolio
Simplified deployment and onboarding across the Cortex portfolio
Auto-scalability and built-in high availability
Automatic software updates free of compatibility issues
Cortex XSOAR On-prem
Cortex XSOAR 8 On-prem offers the following:
Unified look and feel
Simplified deployment and onboarding
Improved performance and reliability
User-friendly installation with an easy-to-follow step-by-step TUI to install and configure Cortex XSOAR.
Comparison between Cortex XSOAR 6 and 8
Cortex XSOAR 8 delivers the same leading SOC security and operations solution as Cortex XSOAR 6, with a different architecture that is more robust. The following table describes the main changes in Cortex XSOAR 8.
Note
This comparison is between Cortex XSOAR 8 and the latest Cortex XSOAR 6x version.
Feature | Section | Description | Change Type | Cloud/On-prem |
---|---|---|---|---|
Access Management | Adding users | Users are defined and managed from the Cortex Gateway and are shared by all Cortex products. For more information about the changes, see New Features for Users and Roles in Cortex XSOAR 8 | Changed | Cloud |
Access Management | Role Management | A single role can be assigned directly to a user. Additional permissions can be granted as part of a User Group assignment. | Changed | Both |
Access Management | Role Management | Users' permissions are no longer available. | Removed | Cloud |
Access Management | Role Management | In a multi-tenant environment, roles are not propagated from the main account to child tenants. Roles can be propagated from the Cortex Gateway to all tenants. NoteCortex XSOAR On-prem does not yet support Multi-tenant. | Changed | Both |
Access Management | Single sign-on | Now under → → → . | Moved | Both |
Access Management | Self Service Read-only users | Self Service Read only users are not supported. | Removed | Both |
Admin | Preferences | Easier theme switching: Change themes (Cohesive light/dark) by selecting the icon next to Settings & Info. | Changed | Both |
Authentication | Multiple SSO | Now under → → → . | Changed | Both |
Authentication | LDAP authentication | Removed | Both | |
Data Retention | N/a | Data retention is 180 days and can be extended through SKU retention. | Changed | Cloud |
Docker | Docker images and commands | Docker commands that derive from a script can be used for an engine, such as:
All other Docker commands do not work in Cortex XSOAR 8. | Removed/Changed | Both |
Incidents | Incident investigation | Canvas was removed from Cortex XSOAR 8. | Removed | Both |
Incidents | Incident investigation | The Related Incidents tab was removed from Cortex XSOAR 8. | Removed | Both |
Incidents | Incident investigation | The Summary tab was removed from Cortex XSOAR 8. | Removed | Both |
Incidents | Incident investigation | When generating a report from an incident, you can only select PDF format (Word is not supported) | Removed | Both |
Incidents | War Room | Some War Room filters have been removed. | Limited | Both |
Look & feel | N/a | Cortex XSOAR's look and feel align with other Cortex products, such as XDR, XSIAM, and XPANSE. | Changed | Both |
Multi-tenant | N/a | Now managed from the Cortex Gateway NoteCortex XSOAR On-prem does not yet support Multi-tenant. | Changed | Cloud |
Mail Sender | N/a | Provided by default using the SMTP server on the tenant. | Changed | Cloud |
Marketplace | Upload content packs | In Marketplace, unsigned content packs are not supported when selecting Upload Content Packs. If you want to upload unsigned content packs, do one of the following:
| Changed | Both |
Settings (Integrations) | Integrations | Now under → → .Unless otherwise specified, the same features as XSOAR 6 | Moved | Both |
Settings (Integrations) | Integration logs | You can now access integration logs by going to → → → . | Moved | Both |
Settings (Integrations) | Agent tools | Agent Tools was removed from Cortex XSOAR 8. | Removed | Both |
Settings (Integrations) | External dynamic List | You can configure an External Dynamic List to share a list of Cortex XSOAR indicators with other products in your network, such as a firewall or SIEM. For more information, see Export indicators using the Generic Export Indicators integration. | Added | Both |
Settings (Integrations) | Syslog server | You can send audit notifications to your Syslog server. For more information, see Add a Syslog Server | Changed | Both |
Settings (Integrations) | Syslog |
| Changed | Both |
Settings (Integrations) | API keys | Now under → → .In Cortex XSOAR 8, API keys are not bound to users and can have their own RBAC settings. Generating API Keys is also available in Cortex XSOAR 6 | Moved/changed | Both |
Settings (Integrations) | API functions | Not all API calls supported on Cortex XSOAR 6 are supported on Cortex XSOAR 8. An updated list can be found here. To report missing API functionality, contact customer support | Limited | Both |
Settings (Integrations) | API structure | The API Structure was changed. For more information, see Cortex XSOAR 8 API Changes | Changed | Both |
Settings (Advanced) | Audit Trail | Now under → → → . | Moved | Both |
Settings (Advanced) | Backups | Backups are not managed as part of a Cortex XSOAR tenant. | Removed | Both |
Settings (Advanced) | Backup Management | Handled by Palo Alto Networks. The Cortex XSOAR 8 tenant's data has full regional redundancy and relies on our cloud provider's controls to keep the data available. Cortex teams are frequently backing up all configuration data and the restore process is tested regularly. | Changed | Cloud |
Settings (Advanced) | Content Repository | When setting up a remote repository you can select an in-built or private repository. Cortex XSOAR supports both single and multiple git branches. NoteCortex XSOAR On-prem supports a private repository only. | Changed | Both |
Settings (Advanced) | Exclusion List | Now under → → → .For more information, see.Export indicators using the Generic Export Indicators integration. | Moved | Both |
Settings (Advanced) | ML Models | ML Models were removed from Cortex XSOAR 8. Cortex XSOAR 6 customers with at least one model will have the module added. New customers for Cortex XSOAR 8 won’t have that page. | Removed | Both |
Settings (Advanced) | Password Policy | Password policy was removed from Cortex XSOAR 8 Cloud. | Removed | Cloud |
Settings (Advanced) | App Servers | App Servers were removed from Cortex XSOAR 8. | Removed | Both |
Settings (About) | Version | Now under → . | Moved | Both |
Settings (About) | License | Go to → → . | Moved | Both |
Settings (About) | License Management | Managed by Cortex's DevOps team. | Removed | Cloud |
Settings (About) | License - Customer Name | Removed in Cortex XSOAR 8. Will be added soon. | Temporarily removed | Both |
Settings (About) | Troubleshooting Page | Now under → → → .Login message, logo, and import and export content remain the same. | Removed | Both |
Settings (About) | → | Logs (including log level and download) | Removed | Cloud |
Downloading a log bundle is done from the System Diagnostics page. | Changed | On-prem | ||
Settings (About) | → | Server Configurations: Select from a dropdown list. Some server configurations have been removed. | Limited | Both |
Settings (About) | → | Timezone and format can be set from user preferences. | Changed | Both |
Settings (About) | → | Telemetry settings are removed from Cortex XSOAR 8. | Removed | Both |
Settings (About) | System Diagnostics | System Diagnostics was removed from Cortex XSOAR 8. | Removed | Cloud |
Settings (USERS AND ROLES) | Users | There is no Default Admin in Cortex XSOAR 8. Some permissions that were granted to Default Admins in Cortex XSOAR 6 are now granted only to users with Instance Administrator or Account Admin roles. This includes access to:
| Changed | Both |
Threat Intel | Manually share indicators between tenants in a multi-tenant deployment. | Removed | Both | |
High Availability | Will be added | Temporarily removed | On-prem | |
Disaster Recovery | Will be added | Temporarily removed | On-prem | |
MT/MSSP | Will be added | Temporarily removed | On-prem | |
Air-gapped installtion | Will be added | Temporarily removed | On-prem |
For further information or general queries about the feature changes, contact XSOAR-Product@paloaltonetworks.com.