Integration Instance Changes in Cortex XSOAR 8 - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR 8 Feature Changes

Product
Cortex XSOAR
Version
8
Creation date
2023-02-20
Last date published
2024-11-11

The following integration instances have been changed in Cortex XSOAR 8.

Integration

Description

Change Type

Comments

SAML

SAML authentication is part of the Cortex XSOAR platform

Changed

Note

As a part of the migration, the SAML integration is converted to the SSO settings on the platform level. In Cortex XSOAR 8, you need to Configure Single Sign-On Using SAML 2.0.

LDAP Authentication

Currently not supported, planned to become a part of the Cortex platform

Removed

Microsoft Teams

To use the rerouting configuration in Cortex XSOAR 8, you must use the Microsoft Teams content pack 1.4.43 or higher, and recreate the Demiso Bot in Microsoft Teams.

Changed

For more information about Microsoft Teams and how to reconfigure it, see Microsoft Teams.

DUO

Not supported.

Removed

Note

If you have a custom (BYOI) integration that receives incoming traffic enabled on a custom port, your environment cannot be migrated at this time.

Reconfigure Integrations

When configured without an engine, you may need to update the several long-running integrations by changing the URL from https://<cortex-xsoar-address>/instance/execute/<instance_name>/ to the following:

  • Cloud: https://ext-<xsoar-tenant>.crtx.<region>.paloaltonetworks.com/xsoar/instance/execute/<instance-name>. For more information, see Long Running Integrations.

  • On-prem: https://ext-<xsoar-tenant>/xsoar/instance/execute/<instance-name>. For more information, see Long Running Integrations.

The following table describes the long-running integrations that may need to be updated.

Integration

Description

See More

O365 Teams (Using Graph API)

Get authorized access to a user's Teams app in a personal or organizational account.

O365 Teams (Using Graph API)

Generic Webhook

Creates incidents on event triggers. The trigger can be any query posted to the integration.

Generic Webhook

Generic Export Indicators Service

Use the Generic Export Indicators Service integration to provide an endpoint with a list of indicators as a service for the system indicators. You can set up the tenant to export internal data to an endpoint.

Note

This integration replaces the External Dynamic list integration, which is deprecated.

Generic Export IndicatorsExport indicators

TAXII Server

Provides TAXII Services for system indicators (Outbound feed).

TAXII Server

TAXII2 Server

Provides TAXII2 Services for system indicators (outbound feed). You can choose to use TAXII v2.0 or TAXII v2.1.

TAXII2 Server

XSOAR-Web-Server

Supports handling configurable user responses (like Yes/No/Maybe) and data collection tasks that can be used to fetch key value pairs.

XSOAR-Web-Server

PingCastle

Listens for PingCastle XML reports.

PingCastle

Publish List

Publishes Cortex XSOAR lists for external consumption.

Publish List

Simple API Proxy

Provides a simple API proxy to restrict privileges or minimize the amount of credentials issued at the API.

Simple API Proxy

Syslog v2

Opens incidents automatically from Syslog clients.

Syslog v2

Web File Repository

Makes your environment ready for testing purpose for your playbooks or automations to download files from a web server.

Web File Repository

Note

  • The service is only accessible via URL.

  • The custom port configured for long-running integrations is ignored.

  • Custom certificates are not supported.

  • Authentication (username/password) is mandatory.

  • Update the client that accesses the integrations to be URL-based only.

When configured via an engine, both port and URL-based access is supported. No changes need to be made.

Communication tasks through an engine

In Cortex XSOAR 6 you can use engines to enable users who do not have access to the Cortex XSOAR server to access the forms sent out in communication tasks in a playbook. This is not supported in Cortex XSOAR 8.