Features Introduced in 2019

Introducing new features in the Cortex XDR by month during 2019.
The following topics describe the new features introduced in the Cortex XDR in 2019 by month.

Features Introduced in August

The following table describes the features released in August 2019.
Unified Cortex XDR Interface
The Cortex XDR – Investigation and Response and Cortex XDR – Analytics apps have been consolidated into one Cortex XDR app. The new app is available from the hub under the Cortex XDR tile. To access Cortex XDR – Analytics features in the new app, you must be assigned an administrative role for the Cortex XDR – Analytics.
Analytics Alert Analysis
You can now analyze Analytics and Analytics BIOC alerts in Cortex XDR. Each alert type provides a tailored analytics view to help you understand the context of the alert. This view provides an alert summary, a graphical representation of the activity that you can interact with, and any related events. From the analytics view, you can also take additional actions to respond to the alert such as initiating a live terminal or adding a malicious domain or IP address to an external dynamic list (EDL).
App-ID Integration
Cortex XDR can now identify related App-IDs for an alert. App-ID is a traffic classification system that determines what an application is irrespective of port, protocol, encryption (SSH or SSL) or any other evasive tactic used by the application. When known, you can also pivot to the Palo Alto Networks Applipedia entry that describes the detected application. To add the App ID column, use the column manager on the Alerts table.
URL Category Integration
Cortex XDR now integrates URL filtering categories associated with URL filtering logs in the Alerts table. When known, Cortex XDR displays the URL Filtering type.
Threat Intelligence License Truncation
Cortex XDR now truncates part of the license key on the Threat Intelligence page when you integrate additional threat intelligence sources such as AutoFocus and VirusTotal. Truncating part of the license key enables you to take screen captures or videos of the page, such as for demo purposes, without sharing your license key.
Alerts Tab Change
To streamline investigations, the
page is now removed from the main Cortex XDR menu. Now, you can only access the Alerts table from the Incidents table or from within the investigation of an incident.

Related Documentation