This section describes the content changes from July 2023 to October 2023.
General Content
Content |
Description |
Change Type |
|---|---|---|
CVE Indicator Type Revamp |
We have significantly redesigned the way CVEs are displayed and stored as indicators for Threat Intelligence Management. This feature is designed to to make as much data available as possible for users to query and to use CVEs in incident investigations and vulnerability management. |
Updated |
Integrations and Playbooks
Content |
Description |
Change Type |
|---|---|---|
Prisma Cloud v2 Integration |
Alert and Incident Mirroring Implemented alert and incident mirroring between Prisma Cloud and Cortex XSOAR. When an alert or incident is open or closed it is automatically synchronized between the two platforms. This streamlined process saves both time and resources while providing a convenient way to monitor and manage alerts and incidents. New Commands Incorporated additional new commands for retrieving resource lists, user roles, and user details. These enhancements empower users to access vulnerabilities and compliance/configuration data through Cortex XSOAR and deliver this information to the relevant resource owners. |
Updated |
Palo Alto Networks Enterprise DLP Integration |
General improvements to the integration, such as the fetch timeframe, better descriptions, and playbook inputs. In addition, four new playbooks were added to support better usage of this integration:
|
Updated |
Azure DevOps Integration |
|
Updated |
CrowdStrike Falcon Horizon (CSPM) Integration |
Falcon Horizon simplifies the management of cloud security posture throughout the application lifecycle in any cloud environment. This integration utilizes the API to retrieve alerts, establish an incident type, facilitate policy management, and synchronize alerts between Falcon Horizon and Cortex XSOAR. |
New |
Microsoft Purview |
Microsoft Purview is a data governance service that helps organizations discover, classify, and manage their data assets across different platforms and sources. It provides a unified view of data, enabling data discovery, classification, and tracking data lineage. This integration enables you to easily retrieve and manage DLP events, create and manage eDiscovery cases, and oversee alerts within the Microsoft Graph Security integration. |
New |
Cortex XDR Cloud Data Exfiltration Playbook |
This playbook responds to and investigates alerts from XDR analytics about data exfiltration activity in a cloud environments. It enriches all relevant data and performs investigation actions, such as IP address prevalence checks, bucket enumeration, and persistence mechanism by the attacker IP. Based on the enrichment and investigation results, the playbook performs remediation actions. |
New |
Cortex XDR Cloud Key Rotation Playbook |
An important aspect of every cloud playbook is handling compromised credentials. This playbook is one of the main building blocks for cloud investigation and response playbooks. It quickly and efficiently responds to rotate compromised credentials based on their type, performing actions, such as resetting passwords and changing credential profiles. |
New |
Cortex XDR Identity Threat Detection and Remediation (ITDR) |
New ITDR enhancements enable organizations to more effectively detect and manage risky users and hosts. Cortex XDR playbooks can now identify identity threats and empower analysts to make informed decisions based on calculated risk for assets in their network. |
New |