The following table details the changes that break backward compatibility upon upgrade to Cortex XSOAR v6.6.
Feature | Change |
---|---|
New permissions required for Elasticsearch user | The Elasticsearch username or API key now requires the cluster permissions monitor (read only) to monitor and optimize operations on the cluster. |
Playbook Triggers section removed | The Playbook Triggers section has been removed from the Playbook Settings page. You can still configure which playbook will be triggered per incident type, via the Incident Type page. |
Indexing for HTML and markdown fields are disabled | When using Cortex XSOAR with Elasticsearch to limit memory consumption, by default, indexing for HTML and markdown fields is now disabled, so that these fields are not searchable. If you want to search for these fields, add the following server configurations:
NoteMarking the fields as searchable only takes effect in the next month. For example, if you make a change on February 10, the change takes effect on March 1. |
Limit field size for text mapped fields in Elasticsearch | For both Bolt DB and Elasticsearch, by default, indexing of HTML, markdown, and long text fields is limited to the first 30,000 characters. If large fields are detected, only the first 30,000 characters are searchable. You can change this by adding the NoteIncreasing the number of characters can decrease performance. Reducing the number of characters, limits disk space consumption and increases performance. |
EOL Notices
As of Cortex XSOAR v6.6, D2 Agents for new customers will no longer be supported. D2 Agents in use by existing customers will remain supported until September 1st, 2022.
The Cortex XSOAR Mobile App has reached EOL. You may continue using the app if it was previously installed. However, if you encounter an issue requiring Customer Support involvement, product support for the app will no longer be provided.