April 2024 - Release Notes - 8 - Cortex XSOAR - Cortex

Abstract

New features available in Cortex XSOAR 8, including release highlights, and feature enhancements.

This section describes the new features and updates of the Cortex XSOAR 8.6 release.

Release Highlights

The Cortex XSOAR 8.6 release includes the following highlights:

Feature	Description
Multi-Role API Keys	You can now create API keys with multiple roles to improve operational efficiency and allow dynamic RBAC management of API keys. The API key permissions have the aggregated permissions of the roles associated with it.
Enhanced role-based access control for dashboards	The Administrator can now restrict access to specific dashboards for designated users through role assignment. This customized access control provides users with a more focused and efficient investigation and response. This is achieved by preventing user confusion, caused by an excessive number of displayed dashboards, and by the administrator controlling the selection of dashboards that may adversely impact system performance.
New endpoint for managing API keys using the API	Cortex XSOAR now has an API endpoint for GET, CREATE, UPDATE, and DELETE for API keys. You can also delete API keys in bulk. This makes it easier to automate onboarding new child tenants or retrieve information on all existing API keys.
Customize the favicon color	Users often work on several Cortex XSOAR tenants at the same time within the same browser. To avoid confusion and to save time, you can now change the color of the favicon for each tenant. This allows you to identify which tenant is being used in each tab at a glance.

Feature Enhancements

The Cortex XSOAR 8.6 release includes the following enhancements:

Authentication

Feature	Description
New Authentication Controls	New authentication control options provide additional security features to help prevent security breaches. Passwordless Authentication You now have the option to require non-password credentials for SSO authentication. If selected, this option requires users to choose intrinsically safer authentication factors, such as biometric authentication, to access Cortex XSOAR. Force Authentication You now have the option to require users to reauthenticate to access the Cortex XSOAR tenant, even if they have already authenticated to access other applications.

Feature

Description

New Authentication Controls

New authentication control options provide additional security features to help prevent security breaches.

Passwordless Authentication
You now have the option to require non-password credentials for SSO authentication. If selected, this option requires users to choose intrinsically safer authentication factors, such as biometric authentication, to access Cortex XSOAR.
Force Authentication
You now have the option to require users to reauthenticate to access the Cortex XSOAR tenant, even if they have already authenticated to access other applications.

Logs

Feature	Description
Add integration logs for non-python scripts and integrations	Integration logs now support non-Python scripts and integrations, enhancing troubleshooting capabilities for non-Python content and implementation issues.

Marketplace Content Changes

This section describes the content changes from March 2024 to April 2024.

Integrations and Playbooks

Content	Description	Change Type
Cortex XDR - IOC integration	The XDR IOC integration was updated to add hyperlinks to synced indicators between Cortex XSOAR and XDR to their corresponding objects in XSOAR. This allows security teams to navigate to the indicator page in XSOAR from XDR more easily.	Update
Palo Alto Networks Cortex XDR - Investigation and Response integration	Incident responders using the XDR Investigation and Response integration can now mirror flexible close reasons when resolving incidents mirrored between Cortex XSOAR and XDR for improved tracking and reporting of incident lifecycles across the platforms.	Update
Palo Alto Networks - PAN-OS integration	The PAN-OS integration was enhanced to support listing, creating, modifying, and deleting security profile groups configured on PAN-OS firewalls directly through Cortex XSOAR playbooks and automation.	Update
Slack v3 integration	The Slack integration has been updated to include the ability to mirror files uploaded in XSOAR incidents directly into corresponding Slack channels. This improves information sharing and collaboration between XSOAR analysts and incident responders.	Update
CrowdStrike Falcon	Added support to pull mobile device detections and incidents directly from CrowdStrike into XSOAR for further investigation and response. This new integration capability gives security teams enhanced visibility for threats across their endpoint ecosystem.	Update
QR Code Phishing Investigation playbook	Attackers have increased usage of QR codes to camouflage malicious emails. New functionality to automatically analyze embedded QR codes will enhance the investigation of phishing incidents and address this common attack vector.	New
Prisma Cloud Compute playbook	Introducing a playbook for compliance incidents, enhancing incident data with integration commands for a comprehensive analyst review. Unveiling advanced features like resource-specific data retrieval, email compliance reports, and seamless ticket creation in relevant systems.	New
XDR Large Upload playbook	The playbook for Cortex XDR investigates incidents involving large uploads across different protocols like SMTP, FTP, and HTTPS. It includes procedures such as searching for past false positives, enriching and investigating host and IP addresses, analyzing related indicators, blocking malicious indicators, and isolating endpoints.	New