New Features
The following new features are categorized
by product component.
Marketplace
Cortex XSOAR Marketplace is the central location for
installing, exchanging, contributing, and managing all of your content,
including playbooks, integrations, automations, fields, layouts,
and more.The Marketplace allows you to easily:
- Leverage content from the largest SOAR community: Continuously extend Cortex XSOAR with proven use-cases contributed by SecOps users and SOAR partners.
- Discover top rated, validated content: Identify the best premium and free content offerings recommended by your peers and validated by the world’s leading cybersecurity company. Discover how to increase automation with the tools that you already have and browse through community best practices.
- Solve your toughest security use-cases: Deploy turn- key security workflows that span integrations, playbooks, dashboard layouts, and reports with a single click.
The essence of the Marketplace is to build a strong community
with other security professionals by easily exchanging content.
You can explore the latest trends from Cortex XSOAR and other contributors
and test drive use cases all within your Cortex XSOAR platform.
Both new installations and upgrades to this version require
a new Cortex XSOAR license.
Threat Intel Management
These features do not require a threat intel management
license, they are available to all Cortex XSOAR users.
Feature | Description |
|---|---|
Indicator quick view layout | Added the ability to edit the quick view
layout for indicators. |
expireIndicators command | Added a built-in command to expire indicator(s)
manually or in a batch command. It changes the Expired status for
one or more indicators. You can use this command for an action button
in the indicator summary view or as an automation script. |
setIndicator command | Added ability to run the setIndicator built-in command
in a batch command. |
excludeIndicators | Adds one or more indicators to the Exclusion List. |
setIndicators | Updates the properties for one or more indicators.
You can update the following properties: reputation, type, values,
fields, and expiration (in addition to all indicator custom fields). |
associateIndicatorToIncident | Associates a single indicator to the specified incident. |
associateIndicatorsToIncident | Associates multiple indicators to the specified incident. |
unassociateIndicatorToIncident | Removes a single indicator from the specified incident. |
unassociateIndicatorsToIncident | Removes multiple indicators from the specified incident. |
Case Management
Feature | Description |
|---|---|
Classification and mapping | Classification and mapping has been revamped
and includes the following improvements and highlights:
|
Filters and Transformers | Filters and transformers in a playbook and when
mapping an instance have been improved and includes the following:
|
Playbook task to use default instance | Added the ignore.default.in.playbooks server
configuration, which enables you to specify which integration instance
to use to execute commands in playbook tasks. When set to true,
only integration instances that do not have the Do not
use by default checkbox selected will be used to execute
the command. If the playbook task specifies an integration instance
with the Using argument, only the specified integration instance
will be used. |
Dynamic options for Data Collection tasks | When defining a Data Collection task for
a playbook, you can use transformers and filters, which presents
dynamic options for the person completing the task. |
Include task outputs in field mapping | Outputs from previous tasks are available
as Field Mapping options for playbook tasks. |
Propagate layouts to tenant accounts (Multi-Tenant) | You can now propagate incident and indicator layouts
from the main account to tenants using propagation labels. |
investigate command | Added the investigate command which enables
you to start an investigation of an incident. You can start an investigation
from another incident (mainly jobs) or control the order of incidents
that are being investigated. |
Assign a task to a role | You can now assign tasks to a user, role,
or both. This enables the specified users or the users within the
selected roles to complete the task. |
Export one or more custom fields | Added the ability to export one or more custom
fields, which gives you granular control to modify and manage custom
fields. |
Platform
Feature | Description |
|---|---|
Store audit objects in Elasticsearch | You can now migrate audits, in addition
to indicators, to your Elasticsearch database. The Elasticsearch
database enables processing and storing large amounts of data. We
provide a migration tool that identifies audits and creates a dedicated
Elasticsearch index for the audits. If you upgrade from v5.5
and already have a dedicated Elasticsearch index for indicators,
the migration tool will only migrate audits (it won’t duplicate
indicators). |
Last 7 calendar days date range | Added a new Date Range option by which to filter
widget data, the Last 7 Calendar Days in the Date Range drop down
list. The Last 7 Calendar Days will return 7 days worth of information inclusive
of the current day. This differs from the Last 7 Days which returns
todays information and the 7 days prior for a total of 8 days worth
of information. |
Download custom reports in JSON | You can now download the JSON file for a report.
This is useful when you need to troubleshoot and debug report issues. |
Log into a Host using SAML integration (Multi-Tenant ) | The user is redirected to the URL where a request originates,
when logging in from a Cortex XSOAR Host/Tenant using a SAML integration. |
Recommended For You
Recommended Videos
Recommended videos not found.
