Minor Releases

Cortex XSOAR 6.2 minor releases, maintenance releases.
Cortex XSOAR Minor Release
Release Date
August 30, 2021
August 9, 2021
July 4, 2021
June 22, 2021

Cortex XSOAR 6.2.0 (B1578666)

Cortex XSOAR 6.2.0 (B1578666) is a maintenance release that delivers the following bug fixes.
Fixed Issues
  • In some cases, deleted incidents continued to show up in the System Diagnostics page, resulting in an error message when users attempted to view the incident.
  • Addressed some security issues in SAML authentication.
  • When running the
    GenericPolling
    sub-playbook within the
    QRadarFullSearch
    playbook, the playbook got stuck on the
    Waiting for polling to complete
    action when a slow script was in use.
  • Could not mention role names in the War Room when the role name contained a dash.
  • After upgrading to Cortex XSOAR version 6.2, the
    Shift Management
    dashboard did not display as expected.
  • When implementing a dynamic section in an incident layout, the table headers for that section are cut off.
  • In the IDE, when set to Vim mode, when running a search using the
    /
    key, the search term that is entered is written in the same font as the background color and is not visible.
  • After defining a custom logo, the Cortex XSOAR logo would appear briefly instead of the custom logo as the page was loading.
  • When using Firefox ESR and data is longer than the page, the vertical scroll bar doesn't appear.
  • (
    TIM-only License
    ) The
    License
    tab did not display details about the license and the total number of automations per day
  • When generating a report, in a pie chart, some strings were truncated and the
    Duration
    widget threshold color did not display correctly.
  • Incident related tables in different views (incident details tabs, quick view etc) were not sortable.
  • When importing incident classifier in a custom content bundle the classifier’s default incident type was not updated as expected.
  • Scheduled items such as polling, scheduled entries, etc., could be stuck for a long period of time and affect other items in the queue.
  • A concurrent map read and map write error appeared which caused the server to restart over several days.
  • If there were missing tasks in playbook, (for example, playbook data indicates a task with ID
    3
    , but no task exists) the entire playbook was halted with a panic.
  • When using High availability with multi app servers and enabling long running integration instances on other app servers, it caused each instance to check for the availability of the job without ending (go routine leak).
  • Due to an update in Chrome, when hovering over a checkbox, it appeared as not selectable even though it was.
  • Due to a bug in the query code, indicators were not properly expired and therefore were loaded to memory. In some situations, this caused a memory overload and the server to stop responding.
  • In a remote repository deployment, when searching or loading dashboards, they did not appear because no owner was assigned in this deployment type.
Installation file hash:
ea8193d485a5d4e6584128bdd6c20d8e1cc899a771ece7a3f00a79d33d0a8b24

Cortex XSOAR 6.2.0 (B1473927)

Cortex XSOAR 6.2.0 (B1473927) is a maintenance release that delivers bug fixes and provides several usability enhancements.
New Features
  • Hosted service customers can now add, edit, and delete server configurations. For security and compliance reasons, a number of server configurations are not available through the web interface. If you attempt to add a server configuration that is not available through the web interface, a message displays directing you to open a support ticket.
  • When creating a pie chart, you can now display the values directly on the chart. To display values on a pie chart, you will need to add a server configuration and select 'show values on the graph' in the widget configuration.
  • You can now view HTTP requests, such as URLs, IP addresses, playbook searches, automation searcher, etc. in the log server. When the log is enabled, all the HTTP requests to the server are logged in the
    access_log
    file.
    The format is Apache’s
    Combined Log
    format. For more information, see https://httpd.apache.org/docs/2.4/logs.html.
    To enable the logs, add the following server configuration:
    Key:
    http.access.log.enabled
    Value:
    true
Fixed Issues
  • In the CLI, the description of the verdict argument for the
    setIndicators
    command was not updated. The values
    Bad, Suspicious, Good, None
    were not replaced with
    Unknown, Benign, Suspicious, Malicious
    .
  • When running the migration tool, if there was an invalid custom layout, layouts failed to migrate to Elasticsearch.
  • When running a data collection task inside a sub-playbook loop, a reminder was sent for an already completed task.
  • When editing a playbook, data collection tasks defaulted to auto-select the first option, even if the field definition did not have
    use first as default
    selected.
  • When adding notes to an incident, users could not add multiple notes in succession without refreshing the page.
  • In some cases, deleting individual items from an Exclusion list resulted in all items in the list being deleted.
  • In some cases, a page fault caused the server to become unresponsive.
  • There was a performance issue when viewing or editing large incidents with many war room entries.
  • Some users could not access the War Room.
  • When a task description was added, it displayed only as a tool tip and markdown was not rendered.
  • When performing a search query that included the
    &
    symbol, the query was truncated.
  • In some cases, a new dashboard could not be created when an existing dashboard could not be loaded.
  • In some cases, when performing searches and viewing dashboard widgets, internal server errors occurred.
  • In some cases when using Live Backup, after upgrading to Cortex XSOAR 6.2, the database of the backup server was corrupted.
  • When generating a report that contained a bar chart that was configured to show values, the bar values were missing.
  • When pushing an automation from a development to production environment, the development engine ID overwrote the production engine ID.
  • When editing an integration instance, if you deleted the contents of a multi select field and saved the integration settings, the changes were not saved and the multi select field reverted to the default selection.
  • In some cases, a page fault caused the system to reboot.
  • After an engine detonated potentially malicious files, they were not deleted from the engine.
  • When using a TIM license the automation limitation did not appear in the license page.
  • When using a remote repository, if content items were renamed on the development server, in some cases duplicates were created in the remote repository and the content failed to install in the production environment.
  • When adding a collection task in a playbook and selecting
    Add Question based on field
    , an error message appeared.
  • In a Chrome browser (using auto update), when clicking on a checkbox, the mouse cursor shows not allowed rather than a pointer, so the user believes the checkbox is disabled.
  • In a Cortex XDR incident type, when clicking on the Case Info tab sometimes the pie chart flickered on hover.
  • When working with a remote repository, the SSH key did not load after upgrading to Cortex XSOAR 6.2.
  • When generating a report, the order of the widgets did not appear correctly.
  • In rare cases, accounts that were started on the active server failed to start on the standby server, in a disaster recovery environment.
  • In an Elasticsearch deployment, when searching
    description
    ,
    argument.name
    ,
    timeout
    ,
    runAs
    ,
    script
    or
    locked
    in the automations library, searches did not return results, and an error was displayed. After updating to this version, do the following:
    1. Start the server to apply the new template.
    2. Stop the service.
    3. Reindex the configuration index.
    4. Restart the service.
  • (
    Multi-tenant
    ) When creating a report from the main account, the full set of data was not included in the report for widgets without limit configuration of type table or list.
Installation file hash:
9c804011679a2951f13806aa7eca427e5ad70c5132f792f13b9f96efa3c7f882

Cortex XSOAR 6.2.0 (B1321594)

Cortex XSOAR 6.2.0 (B1321594) is a maintenance release that delivers bug fixes and provides a usability enhancement.
New Features
  • Cortex XSOAR now supports RHEL version 8.1.
  • In the
    Widget Builder
    Operations
    tab, the
    Custom Group by
    and the
    Custom Calculation on a Field
    are now highlighted in blue for better visibility. In the
    Values
    section, the tooltip wording has been improved.
  • (
    Multi-tenant
    ) In the
    Widgets Library
    , you can now edit the
    Propagation Labels
    for custom and system widgets. This is useful if you want to create a widget for a specific tenant, and control who else can receive the widget.
Fixed Issues
  • When running a script on one engine and a nested integration on another engine, the file results could not be returned to the first engine that triggered the script, due to an incorrect remote path. As a result, the file could not be downloaded from the War Room.
  • In an Elasticsearch configuration, when searching for a custom incident (that has been indexed) with a timer, such as
    customerbugsslaStatus:late
    , no results were returned due to a mapping issue.
  • In some cases, when upgrading to Cortex XSOAR 6.2, not all engines were upgraded.
  • When running a task size query, if the server configuration
    search.default.and
    was set to
    false
    , incorrect data was returned.
  • In some cases, after upgrading an engine to Cortex XSOAR 6.2 using RPM or DEB files, the engine would not start.
  • When querying indicators using filter fields, an error message appeared due to some indicators not being not formed correctly in the database.
  • In a multi repository environment, sorting a column widget did not work as expected.
  • When upgrading to version 6.2, a critical error appeared on the disaster recovery server due to missing diagnostic and execution metrics that corrupted the disaster recovery server.
  • Sometimes a
    Cannot read property 'forEach' of null
    error message appeared in the
    Incident
    and
    Home
    pages. After clicking the message, the user either returned to the previous page or the login page, which was due to an incident field grid type not containing column data.
  • When configuring a new button on a layout, after clicking the curly brackets in a field in the
    Button Settings
    dialog box, the new dialog box did not appear as expected.
  • When running a script based widget, groups with the name “Other” were removed.
  • In some cases, after an upgrade to Cortex XSOAR 6.2, the server would not start due to an existing empty database partition,
  • (
    Multi-tenant
    ) When using a shared engine, tenants were able to access the engine logs.
Known Issue
  • (
    Multi-tenant
    ) When the SAML integration is configured, the host log file will include panic error logs during host registration.
Installation file hash:
b3e7f08c1a66c91b728ff63bf84d353f53d8bd075fafe9eae8b95a0e93cb3cf8

Cortex XSOAR 6.2.0 (B1271082)

Cortex XSOAR 6.2.0 (B1271082) is a maintenance release that delivers the following bug fix:
  • Resolves a vulnerability related to unauthorized use of the REST API as described in CVE-2021-3044.

Recommended For You