New features available in Cortex XSOAR 8, including release highlights, and feature enhancements.
This section describes the new features and updates of the Cortex XSOAR 8.5 release.
Feature Enhancements
The Cortex XSOAR 8.5 release includes the following enhancements:
General
Feature | Description |
---|---|
Customize system emails | You can now customize a wide range of system emails sent to users, including notifications that a user is mentioned, a task is assigned or completed, an integration failed to fetch incidents, an engine is disconnected, and more. Customized emails provide flexibility when communicating with users, allowing you to include specific details about incidents, relevant data, and other information needed for prompt incident response. |
Use an authenticated docker image repository | Use a custom container registry with your authentication credentials to apply custom images created on a private machine. Using your registry enables you to manage access permissions, ensuring that only authorized users can pull and use the custom images. This protects sensitive information and enables more secure and controlled deployment of custom images within the Cortex XSOAR environment. |
Playbooks
Feature | Description |
---|---|
Group playbook inputs and outputs | You can now group playbook inputs and outputs, making it easier for security analysts to manage and understand the inputs required for different stages of the playbook. Grouping enhances the playbook's clarity, reduces the likelihood of errors, and facilitates a more streamlined and efficient incident response workflow. |
Users and roles
Feature | Description |
---|---|
Add support for user phone numbers | Administrators can now add phone numbers for users on the User Preferences page, which enables playbooks and scripts to trigger direct analyst communication, ensuring seamless collaboration during urgent situations and security incidents. |
Incidents
Feature | Description |
---|---|
Improved incident navigation | For SOC analysts working on multiple incidents, next/previous incident navigation buttons provide the ability to navigate between incidents without returning to the Incidents page, saving time and increasing analyst efficiency. |
Search War Room notes | You can now search for the text of War Room notes using the Incidents search bar. This new search option enables the SOC analyst to more easily locate incidents and effectively navigate and leverage historical incident data, contributing to improved incident response and knowledge sharing. |
API
Feature | Description |
---|---|
Limit access to Cortex XSOAR API | Limit Cortex XSOAR API access to a specific IP address or IP range by adding them to an Allow list. This ensures better data security and control while facilitating integration with third-party systems and applications. |
Marketplace Content Changes
This section describes the content changes from October 2023 to February 2024.
Content Packs
Content | Description | Change Type |
---|---|---|
AWS Organizations | Manage your AWS accounts and resources through Cortex XSOAR. This integration allows you to list accounts, view details, programmatically create new accounts, modify Organizational Units, invite new accounts, tag across accounts, etc. | New |
HashiCorp Terraform | Includes an integration to get policy check results and support more commands. | New |
Email Hippo | Includes an integration to validate email addresses and domains directly in Cortex XSOAR using Email Hippo's intelligence services. | New |
XSOAR Capture the Flag | Introducing a treasure hunt exercise pack, featuring a thrilling Capture the Flag style game. Two playbooks guide you through Capture the Flag. These playbooks are designed to enhance your Cortex XSOAR experience. The first playbook provides a helpful walkthrough of the platform, while the second playbook focuses on investigations. | New |
Integrations and Playbooks
Content | Description | Change Type |
---|---|---|
XDR Lite playbook | Easy to deploy and with no additional integrations needed, this playbook can significantly reduce the time your analysts spend remediating Cortex XDR incidents. | New |
Remote PsExec-like LOLBIN Command Execution playbook | Automated investigation and response to PsExec-like LOLBIN command execution alerts from Cortex XDR. This playbook enriches all relevant data and performs investigation actions, such as command-line analysis. Based on the enrichment and investigation results, the playbook performs remediation actions. | New |
Microsoft Graph Security integration | The integration now supports creating and retrieving mail, email files, files, and URL threat assessments directly from Cortex XSOAR. | Updated |
Azure Log Analytics integration | The integration now allows running Log Analytics search jobs in Cortex XSOAR and getting their results. | Updated |
PAN-OS Policy Optimizer integration | The PAN-OS Policy Optimizer integration has been enhanced to support pagination and allow fetching more rules when analyzing firewall policies. | Updated |
SplunkPy integration | The Splunk integration has been enhanced to enrich user and asset fields via lookups in Splunk directly within Cortex XSOAR. | Updated |
Prisma Cloud Compute - Audit Alert v3 playbook | Enhanced playbooks, allowing SOC and DevOps teams to better streamline their investigations of cloud incidents by adding new remediation and enrichment features that provide rich and contextualized information to drive better decision-making and faster response time | Updated |