The following new features are categorized by product component.
Cortex XSOAR Marketplace is the central location for installing, exchanging, contributing, and managing all of your content, including playbooks, integrations, automations, fields, layouts, and more.The Marketplace allows you to easily:
- Leverage content from the largest SOAR community: Continuously extend Cortex XSOAR with proven use-cases contributed by SecOps users and SOAR partners.
- Discover top rated, validated content: Identify the best premium and free content offerings recommended by your peers and validated by the world’s leading cybersecurity company. Discover how to increase automation with the tools that you already have and browse through community best practices.
- Solve your toughest security use-cases: Deploy turn- key security workflows that span integrations, playbooks, dashboard layouts, and reports with a single click.
The essence of the Marketplace is to build a strong community with other security professionals by easily exchanging content. You can explore the latest trends from Cortex XSOAR and other contributors and test drive use cases all within your Cortex XSOAR platform.
Both new installations and upgrades to this version require a new Cortex XSOAR license.
Threat Intel Management
These features do not require a threat intel management license, they are available to all Cortex XSOAR users.
Indicator quick view layout
Added the ability to edit the quick view layout for indicators.
Added a built-in command to expire indicator(s) manually or in a batch command. It changes the Expired status for one or more indicators. You can use this command for an action button in the indicator summary view or as an automation script.
Added ability to run the
setIndicatorbuilt-in command in a batch command.
Adds one or more indicators to the Exclusion List.
Updates the properties for one or more indicators. You can update the following properties: reputation, type, values, fields, and expiration (in addition to all indicator custom fields).
Associates a single indicator to the specified incident.
Associates multiple indicators to the specified incident.
Removes a single indicator from the specified incident.
Removes multiple indicators from the specified incident.
Classification and mapping
Classification and mapping has been revamped and includes the following improvements and highlights:
Playbook task to use default instance
ignore.default.in.playbooksserver configuration, which enables you to specify which integration instance to use to execute commands in playbook tasks. When set to true, only integration instances that do not have the
Do not use by defaultcheckbox selected will be used to execute the command. If the playbook task specifies an integration instance with the Using argument, only the specified integration instance will be used.
Dynamic options for Data Collection tasks
When defining a Data Collection task for a playbook, you can use transformers and filters, which presents dynamic options for the person completing the task.
Include task outputs in field mapping
Outputs from previous tasks are available as Field Mapping options for playbook tasks.
Propagate layouts to tenant accounts
You can now propagate incident and indicator layouts from the main account to tenants using propagation labels.
Added the investigate command which enables you to start an investigation of an incident. You can start an investigation from another incident (mainly jobs) or control the order of incidents that are being investigated.
Assign a task to a role
You can now assign tasks to a user, role, or both. This enables the specified users or the users within the selected roles to complete the task.
Export one or more custom fields
Added the ability to export one or more custom fields, which gives you granular control to modify and manage custom fields.
Store audit objects in Elasticsearch
You can now migrate audits, in addition to indicators, to your Elasticsearch database. The Elasticsearch database enables processing and storing large amounts of data. We provide a migration tool that identifies audits and creates a dedicated Elasticsearch index for the audits.
If you upgrade from v5.5 and already have a dedicated Elasticsearch index for indicators, the migration tool will only migrate audits (it won’t duplicate indicators).
Last 7 calendar days date range
Added a new Date Range option by which to filter widget data, the Last 7 Calendar Days in the Date Range drop down list. The Last 7 Calendar Days will return 7 days worth of information inclusive of the current day. This differs from the Last 7 Days which returns todays information and the 7 days prior for a total of 8 days worth of information.
Download custom reports in JSON
You can now download the JSON file for a report. This is useful when you need to troubleshoot and debug report issues.
Recommended For You
Recommended videos not found.