Cortex XSOAR combines security orchestration, incident management, and interactive investigation into a seamless experience. The orchestration engine is designed to automate security product tasks and weave in human analyst tasks and workflows.
Use High Availability for both single-instance and multi-tenant deployments. In a High Availability architecture, you have data and application server redundancy. You can install multiple app servers that all work with an Elasticsearch database.
If you are using Elasticsearch as your database, all of your data is stored in Elasticsearch. You can also use the inherent Elasticsearch features to provide data redundancy and backup your information. Any Cortex XSOAR service that is using Elasticsearch database can no longer run automatic backups.
The new indicator extraction feature enables you to extract indicators from incident fields for each incident type.
You can update multiple content packs in a single update operation.
Incident Read-Only Role
You can now grant read-only access to investigations, so roles that have read-only access cannot edit an incident or comment in the War Room.
Attach and Detach incident types
You can now attach and detach incident types.