Minor Releases

Cortex XSOAR 6.1 minor releases, maintenance releases.

Cortex XSOAR 6.1.0 (B1209934)

Cortex XSOAR 6.1.0 (B1209934) is a maintenance release that delivers bug fixes and provides a usability enhancement.
New Features
  • When installing a Content Pack, if there are fields that already exist in Cortex XSOAR, a dial og box explains that the existing fields will not be overwritten and the new fields will be ignored.
Fixed Issues
  • When indicators were removed from feeds with a
    Time Interval
    expiration policy, in some cases they were expired earlier than the time interval set in the feed instance configuration.
  • When a playbook task failed and the user tried to manually complete the task, an error was displayed and the task could not be manually completed.
  • When upgrading production server to a new version,
    Phishing
    and
    Malware
    incident types with an earlier version than the new version were removed from the environment.
  • When migrating to Elasticsearch, not all data was migrated due to failure to parse the
    linkedincidents
    field.
  • When a playbook contained a job to enrich indicator types, the playbook did not find the indicators after the first time the job ran.
  • In some cases, when replying to data collection tasks that did not use a form, or when uploading a file to an incident, an error occurred.
  • The name field was edited when performing a bulk edit even though that should not have been permitted.
  • Some entries and artifact routes were not protected for restricted investigations.
  • In a high availability environment, in some cases not all investigations could be accessed from all app servers.
  • After uploading a custom content bundle, some fields were missing.
  • A user who was not part of a restricted investigation was able to download related attachments.
  • When searching for incidents using the 'calendar days ago' time range, incidents were displayed after the end date.
  • When upgrading to Cortex XSOAR 6.1, incident types were detached in the production environment.
  • After installation of Cortex XSOAR, a OneTimeConfiguration (OTC) file remained on the server, even after the server restarted.
  • In some cases, when users tried to edit existing indicators, the edits failed.
  • (
    Multi-tenant
    ) In a disaster recovery environment, after moving an account to the host and switching the host to DR live mode, the moved account did not start.
  • (
    Multi-tenant
    ) In some scenarios when using live backup on multi tenant environments, deleting an account from the primary server would not delete it from the backup server, leaving the backup server in an error state.
  • (
    Multi-tenant
    ) In a disaster recovery environment, when stopping the account on the Main account, it stopped both the primary and disaster recovery machines, but when starting the account from the main account, it did not start the disaster recovery machine.
  • (
    Multi-tenant
    ) When working with remote repositories, it was not possible to add propagation labels in the production environment.
  • (
    Multi-tenant
    ) When updating an existing role on the Main account, it was not propagated to the tenant.
Installation file hash
:3b7b7f3e1808eb051e6606096905e12d05174f48e1555a19a4dfad95454188fc

Cortex XSOAR 6.1.0 (B1077664)

Cortex XSOAR 6.1.0 (B1077664) is a maintenance release that delivers a bug fix for engines.
Fixed Issues
  • (
    Multi-tenant
    ) Main account dashboard was not accessible due to index management error.
  • After an upgrade, the engine failed to start.
If you do not update to this maintenance release and if the engine fails to start after an upgrade, check the status of the engine by running
sudo service d1 status
. If this message appears:
Process: [PID] ExecStart=/usr/local/demisto/d1 (code=exited, status=217/USER) Main PID: [PID] (code=exited, status=217/USER)
, follow these steps:
  1. Change
    ${DEMISTO_SYSTEM_USER_NAME}
    to
    demisto
    in
    /etc/systemd/system/d1.service
    .
  2. Change
    ${DEMISTO_SYSTEM_USER_NAME}
    to
    demisto
    in
    /usr/local/demisto/d1/d1.conf
    .
  3. Run the following commands:.
    • sudo systemctl daemon-reload
    • sudo service d1 restart
Installation file hash
:0c9f533c31f7bc72aa799b1b75562fa92ddbd8337dbc90d0430b42b2c1ab7938

Cortex XSOAR 6.1.0 (B1031903)

Cortex XSOAR 6.1.0 (B1031903) is a maintenance release that delivers bug fixes and provides usability enhancements.
New Features
  • When installing the Server you can now select the default Cortex XSOAR user name by adding the flag
    -system-user-name=
    username
  • A remote repository can now be validated using SSH public key authentication with a certificate.
Fixed Issues
  • In an incident summary, tabs that were configured with specific role-based permissions, did not appear initially when the incident loaded.
  • The cog icon for defining table settings in the Layout Builder was not working. As a result, columns could not be selected or moved.
  • When reports were generated as PDFs or doc files from within an incident, system fields were shown with the machine name format.
  • In Dashboards, when trying to use the Calendar Months to Now timeframe, the dashboard did not update.
  • Parameters with a null value were removed from the argument list.
  • When working with remote repositories, if you deleted a report in the development environment and pushed that change to the production environment, the wrong report was deleted in the production environment.
  • It is now possible to search within all single-select fields, including the Close reason field.
  • Linked incidents were not indexed properly in Elasticsearch.
  • After upgrading to Cortex XSOAR 6.1, when trying to access the Incident Info tab, if there was a custom grid in an incident layout, an error message appeared.
  • When SAML authenticated users logged out of Cortex XSOAR, an error message was displayed.
  • When the server was restarted and a new server configuration was added, third party API endpoint mapping configurations were not maintained.
  • When incidents with a role were created via a job, the incidents did not auto run and investigations were not opened.
  • A potential security issue with the engine configuration package was resolved.
  • When using Elasticsearch, SLA queries failed and could not be displayed in dashboard widgets.
  • If Live Backup was configured, the
    logout/everyone
    API call could corrupt the backup server.
  • In some cases, attachments and artifacts were not deleted from the backup server's file system.
  • In a High Availability environment with two servers, when one of the servers was starting and another was already running, the load balancer directed to the server that was loading instead of redirecting to the server that was already running.
  • Sometimes, when using the option to mark results as evidence in a playbook task, clicking the date picker caused a client rendering error.
  • After upgrading to version 6.1, when running a field trigger script using an engine, an error was returned due to SLA fields not being registered in the engine.
  • Dashboards and incidents failed to load due to internal deadlock related to indexing.
  • When using the API to create a Machine Learning model that did not contain a results field, the Machine Learning page returned an error and crashed
  • When adding integration instances for Remote Access and Active Directory authentication and using vault credentials, such as CyberArk AIM v2, an error message appeared.
  • In the Firefox web browser, in rare cases, some incident fields appeared overlapping.
  • After restarting the server, if running Microsoft Teams integration on an engine, the integration did not immediately restart and manual steps were required.
  • When editing an existing incident type, the user could enter a new name for the incident type, but when saving the incident type, the incident type reverted to the original (unchanged) name.
  • (
    Multi-tenant
    ) Performance issues related to hosts repopulating users and roles were causing the CPU to spike.
  • (
    Multi-tenant
    ) When report content was synced from the main host to a tenant, the
    run with current user
    report checkbox was cleared.
  • (
    Multi-tenant
    ) When a user had a role which did not appear on the tenant's role list, user settings could not be propagated. For example, the user was unable to change default administrator and roles for tenants.
  • (
    Multi-tenant
    ) When propagating a report from the main account to a host, the tenant setting for the
    Run with current user
    parameter was reset.
  • (
    Multi-tenant
    ) It was not possible to edit incident types on a tenant even after detaching the incident type.
  • (
    Multi-tenant
    ) Incident types in tenant accounts were detached during the upgrade process and did not receive updates from the main account.
  • (
    Multi-tenant
    ) Propagation labels could not be configured on system dashboards.
  • (
    Multi-tenant
    ) Non default administrators were unable to sync accounts.
  • (
    Multi-tenant
    ) When upgrading from Cortex XSOAR version 6.0.2 to version 6.1, hosts were duplicated in the Host/HA Group table.

Cortex XSOAR 6.1.0 (B848144)

Cortex XSOAR 6.1.0 (B848144) is a maintenance release that delivers bug fixes and provides usability enhancements.
Fixed Issues
  • Indicators did not display in the Indicators page as expected.
  • Ingested indicators or incidents with invalid date formats prevented all indicators or incidents from displaying in Cortex XSOAR.
  • When pulling content from a remote repository in a dev environment or when trying to push changes after migrating content to the Marketplace, some content was not pushed into the prod environment due to conflict issues in GitHub.
  • In a Work Plan, when creating an ad-hoc sub playbook task, the context was shared globally even though it was set to private.
  • When viewing a task in a playbook, which was related to a specific integration that was not enabled at installation, the task was displayed as missing.
  • If you created a custom string field and entered any non-string data, when searching for the incident, no data was returned.
Installation file hash
: 5f2fd26eebf06aa2cb3c2087bc537befe87236f9e6a4a3e177975721013dc213

Recommended For You