Minor Releases

Cortex XSOAR 6.2 minor releases, maintenance releases.
Cortex XSOAR Minor Release
Release Date
February 11, 2022
October 26, 2021
August 30, 2021
August 9, 2021
July 4, 2021
June 22, 2021

Cortex XSOAR 6.2.0 (B2392875)

Cortex XSOAR 6.2.0 (B2392875) is a maintenance release that delivers the following bug fixes:
  • There was a goroutine leak when using High Availability with long running integrations on multi-app servers.
  • In get incidents commands and scripts, the
    populatefields
    argument did not retrieve date/timer data.
  • Closing multiple incident types at once reset custom fields to empty.
  • To reduce memory consumption on large indexed values, the field size was limited for text mapped fields in Elasticsearch.
  • After configuring a sub-playbook's inputs, the change affected an investigation playbook's inputs in the Work Plan.
  • In certain circumstances, the production instance restarted due to a concurrent read-write issue.
  • When a database update failure occurred, long-running monitoring stopped.
  • Sometimes, a task hung for extended periods, ran for a while, or never started due to context parsing failures. The task appeared as if had not done anything.
  • When running a
    QRadar v2
    integration with more than one instance, it stopped fetching incidents due to issues with the Qradar integration.
  • When saving roles, nested loops were not checked but were checked when fetching all roles, which lead to a role with nested loops being saved on the database and causing to return empty/error.
  • In the
    Playbooks
    page, when searching for a playbook, the wrong value was returned.
  • When using Cortex XSOAR with Elasticsearch, sorting query results by fields containing dots was not properly handled, causing unexpected results.
  • When migrating incidents to Elasticsearch out of date order, migrating partitions caused duplicated incident IDs.
  • AD Authentication was not working as expected causing a failed login.
  • In certain circumstances, Cortex XSOAR threw a null pointer error message because the index mapper did not initialize.
  • In Threat Intel, two indicators appeared with the same type and ID.
  • An error occurred when trying to edit more than one indicator field for the same indicator.
  • When clicking the
    View in incidents
    button in the
    System Diagnostics
    page, the customer was unable to locate the incident in the Incidents page.
  • In the
    Jobs
    window, the
    Last Run
    was not displayed for some jobs.
  • When a single select grid column was set as locked, users could still edit the column.
  • When using the
    EmailAskUser
    script, if a response included the @ character, the response was not recorded.
  • When a script modified the same timer that originally triggered the script, the timer did not reset and the script did not rerun as needed.
  • In some cases, due to a TCP6 connections leak, multi-tenant deployments could become unresponsive.
  • Polling commands did not execute correctly on engines.
  • A stored cross-site scripting (XSS) vulnerability in the Cortex XSOAR web interface enabled an authenticated network-based attacker to store a persistent JavaScript payload, that could perform arbitrary actions in the Cortex XSOAR web interface, on behalf of authenticated administrators who encountered the payload during normal operations.
  • When migrating from BoltDB to Elasticsearch, if the incident timestamp was empty, the object failed to migrate.
  • In some cases, if an indicator derived from auto extraction was parsed at the same time it was being used elsewhere, a concurrent read write error occurred.
  • When migrating large batches of objects to Elasticsearch, the migration could fail due to memory limitations.
  • (
    Multi-tenant
    ) When Elasticsearch was not available, the host was registered multiple times on the main server, because of wrong error handling, it led to data corruption.
  • (
    Multi-tenant
    ) Purging a large indicator enrichment data of a URL indicator was working, but the warning remained on the System Diagnostics page.
Installation file hash:
3a584d267062cf7006505175cde4c73475a63c26e230c6daeb14f7a3fc71b3d3

Cortex XSOAR 6.2.0 (B1822745)

Cortex XSOAR 6.2.0 (B1822745) is a maintenance release that delivers bug fixes and provides several usability enhancements.
New Features
  • When defining or editing a role, you can now revoke read permissions for the
    Jobs
    category.
  • When displaying widgets in a report, the legend now shows percentages with two decimal places for greater precision.
Fixed Issues
  • Telemetry logs became blocked due to high usage, which caused the server to become unresponsive for extended periods. The server was unresponsive until telemetry finished.
  • When submitting a data collection task response, if the user selected and then deselected a response option, the submit button did not work.
  • When users went to the war room page, if it contained more than one vertical page of entries, the user was brought to the top of the page instead of the bottom where the last entry appeared.
  • After upgrading to v6.2, very large work plans and playbooks were slow to load.
  • In some cases, when using Chrome and hovering over a checkbox, the checkbox appeared as not selectable even though it was.
  • When using the Firefox ESR web browser, the vertical scroll bar did not appear when the playground data was longer than the page.
  • User timezone was not considered when querying on specific dates.
  • In some cases, in an Elasticsearch environment, users were unable to open an investigation after ingesting an incident.
  • Linked Incidents widget in the incident view did not sort as expected.
  • When importing a classifier that already existed, the default incident type was not updated correctly.
  • In some cases, in a High Availability environment, the server did not receive a response from the engine.
  • In some cases, adding a role to an incident did not add all users with that role to the incident.
  • When viewing incidents in a table, if there were many columns, the columns overlapped.
  • In a development environment, when viewing an existing dashboard or creating a new dashboard from an existing one, the dashboard crashed showing an error (due to a problem with the dashboard owner filter).
  • When defining a pre-processing rule (in section 3), the close notes, close reason, and close user id fields did not appear in the dropdown list.
  • (
    Multi-tenant
    ) When trying to add a custom list to a tenant, the + Add a List button did not appear, unless a custom list had already been uploaded.
Installation file hash:
bb1065c5c9b452ad78e4615bdb92d051a95fb9d0ab7eeac7f466bd01dcc55ecb

Cortex XSOAR 6.2.0 (B1578666)

Cortex XSOAR 6.2.0 (B1578666) is a maintenance release that delivers the following bug fixes.
Fixed Issues
  • In some cases, deleted incidents continued to show up in the System Diagnostics page, resulting in an error message when users attempted to view the incident.
  • Addressed some security issues in SAML authentication.
  • When running the
    GenericPolling
    sub-playbook within the
    QRadarFullSearch
    playbook, the playbook got stuck on the
    Waiting for polling to complete
    action when a slow script was in use.
  • Could not mention role names in the War Room when the role name contained a dash.
  • After upgrading to Cortex XSOAR version 6.2, the
    Shift Management
    dashboard did not display as expected.
  • When implementing a dynamic section in an incident layout, the table headers for that section are cut off.
  • In the IDE, when set to Vim mode, when running a search using the
    /
    key, the search term that is entered is written in the same font as the background color and is not visible.
  • After defining a custom logo, the Cortex XSOAR logo would appear briefly instead of the custom logo as the page was loading.
  • When using Firefox ESR and data is longer than the page, the vertical scroll bar doesn't appear.
  • (
    TIM-only License
    ) The
    License
    tab did not display details about the license and the total number of automations per day
  • When generating a report, in a pie chart, some strings were truncated and the
    Duration
    widget threshold color did not display correctly.
  • Incident related tables in different views (incident details tabs, quick view etc) were not sortable.
  • When importing incident classifier in a custom content bundle the classifier’s default incident type was not updated as expected.
  • Scheduled items such as polling, scheduled entries, etc., could be stuck for a long period of time and affect other items in the queue.
  • A concurrent map read and map write error appeared which caused the server to restart over several days.
  • If there were missing tasks in playbook, (for example, playbook data indicates a task with ID
    3
    , but no task exists) the entire playbook was halted with a panic.
  • When using High availability with multi app servers and enabling long running integration instances on other app servers, it caused each instance to check for the availability of the job without ending (go routine leak).
  • Due to an update in Chrome, when hovering over a checkbox, it appeared as not selectable even though it was.
  • Due to a bug in the query code, indicators were not properly expired and therefore were loaded to memory. In some situations, this caused a memory overload and the server to stop responding.
  • In a remote repository deployment, when searching or loading dashboards, they did not appear because no owner was assigned in this deployment type.
Installation file hash:
ea8193d485a5d4e6584128bdd6c20d8e1cc899a771ece7a3f00a79d33d0a8b24

Cortex XSOAR 6.2.0 (B1473927)

Cortex XSOAR 6.2.0 (B1473927) is a maintenance release that delivers bug fixes and provides several usability enhancements.
New Features
  • Hosted service customers can now add, edit, and delete server configurations. For security and compliance reasons, a number of server configurations are not available through the web interface. If you attempt to add a server configuration that is not available through the web interface, a message displays directing you to open a support ticket.
  • When creating a pie chart, you can now display the values directly on the chart. To display values on a pie chart, you will need to add a server configuration and select 'show values on the graph' in the widget configuration.
  • You can now view HTTP requests, such as URLs, IP addresses, playbook searches, automation searcher, etc. in the log server. When the log is enabled, all the HTTP requests to the server are logged in the
    access_log
    file.
    The format is Apache’s
    Combined Log
    format. For more information, see https://httpd.apache.org/docs/2.4/logs.html.
    To enable the logs, add the following server configuration:
    Key:
    http.access.log.enabled
    Value:
    true
Fixed Issues
  • In the CLI, the description of the verdict argument for the
    setIndicators
    command was not updated. The values
    Bad, Suspicious, Good, None
    were not replaced with
    Unknown, Benign, Suspicious, Malicious
    .
  • When running the migration tool, if there was an invalid custom layout, layouts failed to migrate to Elasticsearch.
  • When running a data collection task inside a sub-playbook loop, a reminder was sent for an already completed task.
  • When editing a playbook, data collection tasks defaulted to auto-select the first option, even if the field definition did not have
    use first as default
    selected.
  • When adding notes to an incident, users could not add multiple notes in succession without refreshing the page.
  • In some cases, deleting individual items from an Exclusion list resulted in all items in the list being deleted.
  • In some cases, a page fault caused the server to become unresponsive.
  • There was a performance issue when viewing or editing large incidents with many war room entries.
  • Some users could not access the War Room.
  • When a task description was added, it displayed only as a tool tip and markdown was not rendered.
  • When performing a search query that included the
    &
    symbol, the query was truncated.
  • In some cases, a new dashboard could not be created when an existing dashboard could not be loaded.
  • In some cases, when performing searches and viewing dashboard widgets, internal server errors occurred.
  • In some cases when using Live Backup, after upgrading to Cortex XSOAR 6.2, the database of the backup server was corrupted.
  • When generating a report that contained a bar chart that was configured to show values, the bar values were missing.
  • When pushing an automation from a development to production environment, the development engine ID overwrote the production engine ID.
  • When editing an integration instance, if you deleted the contents of a multi select field and saved the integration settings, the changes were not saved and the multi select field reverted to the default selection.
  • In some cases, a page fault caused the system to reboot.
  • After an engine detonated potentially malicious files, they were not deleted from the engine.
  • When using a TIM license the automation limitation did not appear in the license page.
  • When using a remote repository, if content items were renamed on the development server, in some cases duplicates were created in the remote repository and the content failed to install in the production environment.
  • When adding a collection task in a playbook and selecting
    Add Question based on field
    , an error message appeared.
  • In a Chrome browser (using auto update), when clicking on a checkbox, the mouse cursor shows not allowed rather than a pointer, so the user believes the checkbox is disabled.
  • In a Cortex XDR incident type, when clicking on the Case Info tab sometimes the pie chart flickered on hover.
  • When working with a remote repository, the SSH key did not load after upgrading to Cortex XSOAR 6.2.
  • When generating a report, the order of the widgets did not appear correctly.
  • In rare cases, accounts that were started on the active server failed to start on the standby server, in a disaster recovery environment.
  • In an Elasticsearch deployment, when searching
    description
    ,
    argument.name
    ,
    timeout
    ,
    runAs
    ,
    script
    or
    locked
    in the automations library, searches did not return results, and an error was displayed. After updating to this version, do the following:
    1. Start the server to apply the new template.
    2. Stop the service.
    3. Reindex the configuration index.
    4. Restart the service.
  • (
    Multi-tenant
    ) When creating a report from the main account, the full set of data was not included in the report for widgets without limit configuration of type table or list.
Installation file hash:
9c804011679a2951f13806aa7eca427e5ad70c5132f792f13b9f96efa3c7f882

Cortex XSOAR 6.2.0 (B1321594)

Cortex XSOAR 6.2.0 (B1321594) is a maintenance release that delivers bug fixes and provides a usability enhancement.
New Features
  • Cortex XSOAR now supports RHEL version 8.1.
  • In the
    Widget Builder
    Operations
    tab, the
    Custom Group by
    and the
    Custom Calculation on a Field
    are now highlighted in blue for better visibility. In the
    Values
    section, the tooltip wording has been improved.
  • (
    Multi-tenant
    ) In the
    Widgets Library
    , you can now edit the
    Propagation Labels
    for custom and system widgets. This is useful if you want to create a widget for a specific tenant, and control who else can receive the widget.
Fixed Issues
  • When running a script on one engine and a nested integration on another engine, the file results could not be returned to the first engine that triggered the script, due to an incorrect remote path. As a result, the file could not be downloaded from the War Room.
  • In an Elasticsearch configuration, when searching for a custom incident (that has been indexed) with a timer, such as
    customerbugsslaStatus:late
    , no results were returned due to a mapping issue.
  • In some cases, when upgrading to Cortex XSOAR 6.2, not all engines were upgraded.
  • When running a task size query, if the server configuration
    search.default.and
    was set to
    false
    , incorrect data was returned.
  • In some cases, after upgrading an engine to Cortex XSOAR 6.2 using RPM or DEB files, the engine would not start.
  • When querying indicators using filter fields, an error message appeared due to some indicators not being not formed correctly in the database.
  • In a multi repository environment, sorting a column widget did not work as expected.
  • When upgrading to version 6.2, a critical error appeared on the disaster recovery server due to missing diagnostic and execution metrics that corrupted the disaster recovery server.
  • Sometimes a
    Cannot read property 'forEach' of null
    error message appeared in the
    Incident
    and
    Home
    pages. After clicking the message, the user either returned to the previous page or the login page, which was due to an incident field grid type not containing column data.
  • When configuring a new button on a layout, after clicking the curly brackets in a field in the
    Button Settings
    dialog box, the new dialog box did not appear as expected.
  • When running a script based widget, groups with the name “Other” were removed.
  • In some cases, after an upgrade to Cortex XSOAR 6.2, the server would not start due to an existing empty database partition,
  • (
    Multi-tenant
    ) When using a shared engine, tenants were able to access the engine logs.
Known Issue
  • (
    Multi-tenant
    ) When the SAML integration is configured, the host log file will include panic error logs during host registration.
Installation file hash:
b3e7f08c1a66c91b728ff63bf84d353f53d8bd075fafe9eae8b95a0e93cb3cf8

Cortex XSOAR 6.2.0 (B1271082)

Cortex XSOAR 6.2.0 (B1271082) is a maintenance release that delivers the following bug fix:
  • Resolves a vulnerability related to unauthorized use of the REST API as described in CVE-2021-3044.

Recommended For You