New features available in Cortex XSOAR 8, including release highlights, and feature enhancements.
This section describes the new features and updates of the Cortex XSOAR 8.6 release.
Release Highlights
The Cortex XSOAR 8.6 release includes the following highlights:
Feature | Description |
---|---|
Multi-Role API Keys | You can now create API keys with multiple roles to improve operational efficiency and allow dynamic RBAC management of API keys. The API key permissions have the aggregated permissions of the roles associated with it. |
Enhanced role-based access control for dashboards | The Administrator can now restrict access to specific dashboards for designated users through role assignment. This customized access control provides users with a more focused and efficient investigation and response. This is achieved by preventing user confusion, caused by an excessive number of displayed dashboards, and by the administrator controlling the selection of dashboards that may adversely impact system performance. |
New endpoint for managing API keys using the API | Cortex XSOAR now has an API endpoint for GET, CREATE, UPDATE, and DELETE for API keys. You can also delete API keys in bulk. This makes it easier to automate onboarding new child tenants or retrieve information on all existing API keys. |
Customize the favicon color | Users often work on several Cortex XSOAR tenants at the same time within the same browser. To avoid confusion and to save time, you can now change the color of the favicon for each tenant. This allows you to identify which tenant is being used in each tab at a glance. |
Feature Enhancements
The Cortex XSOAR 8.6 release includes the following enhancements:
Authentication
Feature | Description |
---|---|
New Authentication Controls | New authentication control options provide additional security features to help prevent security breaches.
|
Logs
Feature | Description |
---|---|
Add integration logs for non-python scripts and integrations | Integration logs now support non-Python scripts and integrations, enhancing troubleshooting capabilities for non-Python content and implementation issues. |
Marketplace Content Changes
This section describes the content changes from March 2024 to April 2024.
Integrations and Playbooks
Content | Description | Change Type |
---|---|---|
Cortex XDR - IOC integration | The XDR IOC integration was updated to add hyperlinks to synced indicators between Cortex XSOAR and XDR to their corresponding objects in XSOAR. This allows security teams to navigate to the indicator page in XSOAR from XDR more easily. | Update |
Palo Alto Networks Cortex XDR - Investigation and Response integration | Incident responders using the XDR Investigation and Response integration can now mirror flexible close reasons when resolving incidents mirrored between Cortex XSOAR and XDR for improved tracking and reporting of incident lifecycles across the platforms. | Update |
Palo Alto Networks - PAN-OS integration | The PAN-OS integration was enhanced to support listing, creating, modifying, and deleting security profile groups configured on PAN-OS firewalls directly through Cortex XSOAR playbooks and automation. | Update |
Slack v3 integration | The Slack integration has been updated to include the ability to mirror files uploaded in XSOAR incidents directly into corresponding Slack channels. This improves information sharing and collaboration between XSOAR analysts and incident responders. | Update |
CrowdStrike Falcon | Added support to pull mobile device detections and incidents directly from CrowdStrike into XSOAR for further investigation and response. This new integration capability gives security teams enhanced visibility for threats across their endpoint ecosystem. | Update |
QR Code Phishing Investigation playbook | Attackers have increased usage of QR codes to camouflage malicious emails. New functionality to automatically analyze embedded QR codes will enhance the investigation of phishing incidents and address this common attack vector. | New |
Prisma Cloud Compute playbook | Introducing a playbook for compliance incidents, enhancing incident data with integration commands for a comprehensive analyst review. Unveiling advanced features like resource-specific data retrieval, email compliance reports, and seamless ticket creation in relevant systems. | New |
XDR Large Upload playbook | The playbook for Cortex XDR investigates incidents involving large uploads across different protocols like SMTP, FTP, and HTTPS. It includes procedures such as searching for past false positives, enriching and investigating host and IP addresses, analyzing related indicators, blocking malicious indicators, and isolating endpoints. | New |