New features available in Cortex XSOAR 8, including release highlights, feature enhancements, and Marketplace changes.
This section describes the new features and updates of the Cortex XSOAR 8.4 release.
The Cortex XSOAR 8.4 release includes the following highlights:
Feature | Description |
---|---|
In-app documentation | Cortex XSOAR now includes in-app documentation, that helps you find information about new and existing features, reference material, and common workflows. While you're working with Cortex XSOAR, the documentation launches relative to your current location from within the product. |
Private Repository support in a Dev/Prod environment | When setting up a remote repository you can now select an in-built or private repository, giving you the flexibility to meet your specific development requirements. Cortex XSOAR supports both single and multiple git branches. |
Export incidents to Excel | You can now export multiple incidents with detailed information (such as notes, chat, and evidence) from Cortex XSOAR to Excel. |
Authenticated communication tasks | You can now ensure secure communication task responses by configuring playbook communication task authentication in the Cortex XSOAR Authentication Settings → Communication Task Authentication tab. SSO login authentication was moved to the Login Options tab under the same menu. |
The Cortex XSOAR 8.4 release includes the following enhancements:
General
Feature | Description |
---|---|
Credentials for long-running integrations | To simplify and save time defining credentials for multiple long-running integrations and external dynamic lists, in the Settings page, you can define credentials in a centralized way for all Long Running Integrations and external dynamic lists. |
SSO improvements | For SSO configuration of Cortex XSOAR, you now have the option to enter a metadata URL, rather than manually providing the IdP SSO URL, issuer ID and x.509 certificate. |
Hover text buttons | To improve customer experience and ease of use of the UI, tooltips have been added for many buttons in the Cortex XSOAR tenant. |
Playbooks
Feature | Description |
---|---|
Filters and transformers | The Filters and Transformers window is redesigned into one pane to improve usability and avoid having several windows to streamline the experience. |
Playbook and script improvements |
|
Run again button | A Run again button has been added to the Work Plan incident tab, enabling you to easily run a playbook again on the same incident. |
Users and Roles
Feature | Description |
---|---|
Improvements to user and role permissions | To improve customer experience and consistency in the Cortex Gateway and the Cortex XSOAR tenant, the following improvements have been made to users and roles:
|
Indicators
Feature | Description |
---|---|
Enrich indicators | Enrichment of indicators is now available whether the verdict was set manually or automatically, which can improve the accuracy of the indicator. Enrichment does not override the manually set verdict. |
Calculate and recalculate indicator buttons | To clarify functionality and better reflect the use case, the Calculate and Recalculate buttons (in the Create/Edit indicator windows and in the Indicator Quick view panel) are replaced with Enrich and Save & Enrich buttons. |
Marketplace
Feature | Description |
---|---|
Deprecated content in content packs | To streamline the browsing experience, deprecated content entities such as integrations, playbooks, and scripts are now hidden from view by default. |
This section describes the content changes from July 2023 to October 2023.
General Content
Content | Description | Change Type |
---|---|---|
CVE Indicator Type Revamp | We have significantly redesigned the way CVEs are displayed and stored as indicators for Threat Intelligence Management. This feature is designed to to make as much data available as possible for users to query and to use CVEs in incident investigations and vulnerability management. | Updated |
Integrations and Playbooks
Content | Description | Change Type |
---|---|---|
Prisma Cloud v2 Integration | Alert and Incident Mirroring Implemented alert and incident mirroring between Prisma Cloud and Cortex XSOAR. When an alert or incident is open or closed it is automatically synchronized between the two platforms. This streamlined process saves both time and resources while providing a convenient way to monitor and manage alerts and incidents. New Commands Incorporated additional new commands for retrieving resource lists, user roles, and user details. These enhancements empower users to access vulnerabilities and compliance/configuration data through Cortex XSOAR and deliver this information to the relevant resource owners. | Updated |
Palo Alto Networks Enterprise DLP Integration | General improvements to the integration, such as the fetch timeframe, better descriptions, and playbook inputs. In addition, four new playbooks were added to support better usage of this integration:
| Updated |
Azure DevOps Integration |
| Updated |
CrowdStrike Falcon Horizon (CSPM) Integration | Falcon Horizon simplifies the management of cloud security posture throughout the application lifecycle in any cloud environment. This integration utilizes the API to retrieve alerts, establish an incident type, facilitate policy management, and synchronize alerts between Falcon Horizon and Cortex XSOAR. | New |
Microsoft Purview | Microsoft Purview is a data governance service that helps organizations discover, classify, and manage their data assets across different platforms and sources. It provides a unified view of data, enabling data discovery, classification, and tracking data lineage. This integration enables you to easily retrieve and manage DLP events, create and manage eDiscovery cases, and oversee alerts within the Microsoft Graph Security integration. | New |
Cortex XDR Cloud Data Exfiltration Playbook | This playbook responds to and investigates alerts from XDR analytics about data exfiltration activity in a cloud environments. It enriches all relevant data and performs investigation actions, such as IP address prevalence checks, bucket enumeration, and persistence mechanism by the attacker IP. Based on the enrichment and investigation results, the playbook performs remediation actions. | New |
Cortex XDR Cloud Key Rotation Playbook | An important aspect of every cloud playbook is handling compromised credentials. This playbook is one of the main building blocks for cloud investigation and response playbooks. It quickly and efficiently responds to rotate compromised credentials based on their type, performing actions, such as resetting passwords and changing credential profiles. | New |
Cortex XDR Identity Threat Detection and Remediation (ITDR) | New ITDR enhancements enable organizations to more effectively detect and manage risky users and hosts. Cortex XDR playbooks can now identify identity threats and empower analysts to make informed decisions based on calculated risk for assets in their network. | New |