1. Home
    2. Security Operations
    3. Cortex XSOAR
    4. Cortex XSOAR Release Notes
    5. Cortex XSOAR Release Information
    6. New Features

    New Features

    New features available in Cortex XSOAR 6.8, including Threat Intel, case management and Platform improvements.
    The following new features are categorized by product component.
    Installation file hash:
    9fa916c581dd91042199565653aa9f8503a3069e9e985d402fe64644ba2a068c

    Deployment Wizard

    When installing or updating the Malware content pack, a new
    DEPLOYMENT WIZARD
     tab guides you step-by-step to quickly adopt the Malware use case. The Deployment Wizard significantly reduces the time required to set up your use case. The wizard guides you through the process of setting up your content pack for your specific use case, including:
    • Setting up a fetching integration
    • Setting up a playbook
    • Setting up any required supporting integrations
    • Enabling the fetching integration instance

    Playbooks

    Feature
    Description
    Error Handling in Playbooks
    When creating/editing a standard task that uses an automation or a conditional task that uses an automation, you can select the following from the
    On Error
     tab:
    • Number of retries
    • Retry interval (seconds)
    • Error Handling
      : Determines how a playbook task behaves if there are automation errors during execution.
      Stop
      : The playbook stops if the task errors.
      Continue
      : The playbook continues to execute if the task errors.
      Continue on error path
      : If the task errors, the playbook continues on an error path. You have the option to create a separate, standard path or use a separate error path, which can handle all errors.
    New custom playbooks are set to quiet mode
    When creating a new custom playbook, by default, the playbook is set to
    Quiet Mode
     to improve system performance.

    Marketplace

    Feature
    Description
    Embedded Videos in Content Packs
    An embedded YouTube video viewer is now supported in content packs. These videos walk you through the content including the playbooks, incident types, testing, etc.

    Case Management

    Feature
    Description
    HTTP, HTTPS, and SSH are now supported for remote repositories
    You can now connect to a remote repository using HTTP or HTTPS as well as SSH.
    API Endpoint Mappers on a production environment
    In a remote repository, you can now add API Endpoint mapping directly on the production machine.
    Add the group name flag to the installation file
    When installing the server, you can now select the default Cortex XSOAR group name by adding the
    -system-group-name=<group name>
     flag to the installation file.
    Auto suggestions for indicator types for Threat Intel
    For manual indicator creation, there is now an auto suggest prompt for indicator types.

    Platform

    Feature
    Description
    Support Cortex XSOAR on RHEL 8.5
    Cortex XSOAR now supports RHEL 8.5.
    Exclude items from local changes in remote repositories
    You can now exclude content items on your development machine from syncing with your production machine. Excluded items do not appear in the local changes table.
    Control which users can create API keys
    You can now select which roles have read and read/write permissions when creating API keys. By default, all users can create API keys.
    Track API rate limit errors
    Some content packs now contain dashboards and widgets that can track API rate limit errors, which is useful for troubleshooting and to make decisions about whether to enrich indicators.
    You can define a widget to see the API rate limiting error of third party products through a period of time (such as day/week) and to understand if there are tools that are not using all of the bought quota.
    The widget enables you to visualize your API usage and provides guidance on when to retry commands that have failed due to rate limiting.
    To add a widget, in the Widget Builder, select the following:
    1. Data Source:
      SOAR Metrics
    2. Query:
      type: integration
    3. From the
      Operations
       tab, in the
      Sum
       field, select
      Total API Calls
      .
    4. In the
      Group by
       field, select
      API Response Type
      .
    Dynamic sections are refreshed
    The refresh button now refreshes all dynamic sections for incident and indicator layouts.
    Integration fetch history
    When fetching or mirroring an integration or feed, you can now see the fetch history, including the last run, source ID, duration, etc. This can assist with errors, enabling you to find the root cause of the problem.
    Notification of breaking changes
    When updating or installing a content pack, if the pack contains changes that break backward compatibility, the details are now displayed for you to review before deciding to proceed with installation.
    Content Pack Update Notifications
    You can now receive daily notifications of Marketplace Content Packs that have available updates.
    Support for operating system git
    You can now use your operating system git installation with a remote repository.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo