Cortex XSOAR combines security orchestration, incident management, and interactive investigation into a seamless experience. The orchestration engine is designed to automate security product tasks and weave in human analyst tasks and workflows.
Indicator field trigger scripts
Associate indicator fields with trigger automation scripts that check for field changes, and then take actions based on them.
Edit inline Indicator/Incidents/Threat Intel report fields without the check mark
You can now save changes to Incident, Indicator, and Threat Intel report fields without the need to click the check mark, by adding the inline.edit.on.blur configuration (set to true).
New granular data permissions
A set of granular data permissions has been added to the read/write option of the Data permission (Settings>USERS AND ROLES>Roles) section, allowing you to define whether users can perform certain actions.
System Diagnostic Database section
In the System Diagnostics page, when using Elasticsearch, there is a new Database section with diagnostics for Elasticsearch latency, storage space, and version.
Query incidents to include when training a Machine Learning Model
When creating a machine learning model, you can add a query to include specific incidents when training a model, by selecting the Query incidents to include in training field.