April 2023 - Release Notes - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Release Notes

Product: Cortex XSOAR
Version: 8
Creation date: 2024-02-14
Last date published: 2024-04-18
Category: Release Notes
Solution: Cloud

This section describes the main features of the Cortex XSOAR 8.2 release.

Feature enhancements

The Cortex XSOAR 8.2 release includes the following enhancements:

Feature	Description
Cortex XSOAR Multi-Tenant	XSOAR 8 now offers Cortex XSOAR Multi-Tenant, which is designed for managed security service providers and enterprises that require strict data segregation with the flexibility to share and manage critical security practices across tenant accounts. You can centrally manage resources and reporting from the main account, push custom content to one or more tenants, search across incidents, and run commands across multiple tenants, without exposing any data across tenants. To use Cortex XSOAR Multi-Tenant, you need to create a main tenant and child tenant from the Cortex Gateway. In the Gateway, you can create, delete and manage child tenants. For more information, see Introduction to Cortex XSOAR Multi-Tenant.
Role Permissions	Role permissions have been updated to separate some of the administration permissions. In the Settings section you can now do the following: Integrations: Limits permissions for adding, editing or deleting instances and integrations, pre-process rules, classifying and mapping incidents and indicators. Integration Permissions: Limit permissions in the Integration Permissions page. Objects Setup: Limits permissions to edit or view fields, types and layouts in indicators, incidents and Threat Intel Reports. Administration: Limits permissions for server configurations, and audit trails.
Automations Page	The Automations page has been renamed Scripts.
War Room Filters	You can now filter by tags in the War Room.
Marketplace	You can now subscribe to content pack updates in Marketplace.
Login Messages	You can now display a custom message to users before every login to Cortex XSOAR.
Indicator/Incident fields	You can now choose to wrap the label text for incident and indicator fields when displayed in a layout. When creating or editing a section of fields, Edit section settings and select Wrap the labels.
Engines	A "last seen" timestamp was added to the engines table, which represents the last time the engine connected successfully.
Playbooks	Improved UI for Data Collection and Ask tasks in Playbooks. Simplified search for playbooks and scripts with free text search.
Management Audit Log Notifications	You can now forward management audit log notifications to email distribution lists and syslog servers.
External Dynamic List Management	You can now manage EDLs (Settings & Info → Settings → Integrations → External Dynamic List Integrations).
Integration Log Access	You can now view and export integration log details, including status and error messages (Settings & Info → Settings → Integrations → Integration Log).
Improvements to the Default Playbook	The Default playbook has been improved with the the following capabilities: Extracts and enriches indicators in an incident using one or more integrations. De-duplicates incidents by linking and closing similar incidents. Retrieves related files from endpoints using hash/file path. Hunts for occurrences of suspicious files in the organization's endpoints. Unzips zipped files, and extracts indicators from them. Detonates files and URLs in sandbox integrations. Calculates a severity for the incident. Allows the analyst to remediate the incident by blocking malicious indicators that were found. A new Default layout, which can be associated with any incident type. The layout includes dynamic sections, so it displays dynamic fields for the relevant incident. It has quick remediation action buttons, like isolating endpoints and tagging indicators to allow/block. The layout has a Utilities tab that provides quick access to a vast number of useful automations to help the analyst as well as some references to documentation.