Cortex XSOAR

GA

• Deployment Wizard: When installing or updating the Malware content pack, a new DEPLOYMENT WIZARD tab guides you step-by-step to quickly adopt the Malware use case.
• Error handling in playbooks: When creating/editing a standard task that uses an automation or a conditional task that uses an automation, if the the task errors, the playbook continues on an error path.
• New custom playbooks set to quiet mode: When creating a new custom playbook, by default, the playbook is set to Quiet Mode to improve system performance.
• Exclude items from local changes in remote repositories: Exclude content items in your development environment from syncing with your production machine.
• HTTP,  HTTPS, and SSH are supported for remote repositories: Connect to a remote repository using HTTP,  HTTPS, or SSH.
• API keys creation: Select which roles have read and read/write permission when creating API keys.

GA

• Indicator field Trigger Scripts: Associate indicator fields with trigger automation scripts that check for field changes, and then take actions based on them.
• Dynamic layouts and fields: When customizing an indicator/indicator layout add a filter.
• Saved Query Sharing: Share saved queries with specific roles.
• Enhanced RBAC: More granularity to the RBAC roles page.
  
  

GA

• Unit 42 Intel  Service:
  Enables you to identify threats in your network and discover and contextualize trends. Unit 42 Intel data is continually updated to include the most recent threat samples analyzed by Palo Alto Networks, enabling you to keep up to date with threat trends and take a proactive approach to securing your network.
• Threat Intel Reports:
  Summarize and share threat intelligence research conducted within your organization by threat analysts and threat hunters. Threat intelligence reports help you to communicate the current threat landscape to internal and external stakeholders, whether in the form of high-level summary reports for C-level executives, or detailed, tactical reports for the SOC and other security stakeholders.
• Lists:
  Lists can now be included in a Content Pack and be installed from the Marketplace. You can also download/upload lists, and in a remote repository, lists can be pushed to a production environment.
• Settings Hierachy:
  The Settings page has been reorganized by adding a new OBJECTS SETUP tab, which includes Incidents, Indicators, and Threat Intel Reports. 

GA

• Playbook Debugger:
  Enables you to build and troubleshoot playbooks, by helping you find tasks that might fail and by testing different conditions, branches, and input and output options.
•  Indicator Relationships:
  Augment threat intel by identifying connections between different Cortex XSOAR objects that enable you to enhance investigations with information about indicators and how they might be connected to other incidents or indicators.
• System Diagnostics:
  A dedicated page where you can easily identify and fix common performance and system issues.
• Widget Builder:
  Define and configure data, and preview how that widget appears. The aim of the widget builder is to be able to create complex widgets, which eliminates the need to write scripts or upload JSON files.