The following new features are categorized by product component.
Installation file hash: 9fa916c581dd91042199565653aa9f8503a3069e9e985d402fe64644ba2a068c
Deployment Wizard
When installing or updating the Malware content pack, a new DEPLOYMENT WIZARD tab guides you step-by-step to quickly adopt the Malware use case. The Deployment Wizard significantly reduces the time required to set up your use case. The wizard guides you through the process of setting up your content pack for your specific use case, including:
Setting up a fetching integration
Setting up a playbook
Setting up any required supporting integrations
Enabling the fetching integration instance
Playbooks
Feature | Description |
---|---|
Error Handling in Playbooks | When creating/editing a standard task that uses an automation or a conditional task that uses an automation, you can select the following from the On Error tab:
|
New custom playbooks are set to quiet mode | When creating a new custom playbook, by default, the playbook is set to Quiet Mode to improve system performance. |
Marketplace
Feature | Description |
---|---|
Embedded Videos in Content Packs | An embedded YouTube video viewer is now supported in content packs. These videos walk you through the content including the playbooks, incident types, testing, etc. |
Case Management
Feature | Description |
---|---|
HTTP, HTTPS, and SSH are now supported for remote repositories | You can now connect to a remote repository using HTTP or HTTPS as well as SSH. |
API Endpoint Mappers on a production environment | In a remote repository, you can now add API Endpoint mapping directly on the production machine. |
Add the group name flag to the installation file | When installing the server, you can now select the default Cortex XSOAR group name by adding the |
Auto suggestions for indicator types for Threat Intel | For manual indicator creation, there is now an auto suggest prompt for indicator types. |
Platform
Feature | Description | |
---|---|---|
Support Cortex XSOAR on RHEL 8.5 | Cortex XSOAR now supports RHEL 8.5. | |
Exclude items from local changes in remote repositories | You can now exclude content items on your development machine from syncing with your production machine. Excluded items do not appear in the local changes table. | |
Control which users can create API keys | You can now select which roles have read and read/write permissions when creating API keys. By default, all users can create API keys. | |
Track API rate limit errors | Some content packs now contain dashboards and widgets that can track API rate limit errors, which is useful for troubleshooting and to make decisions about whether to enrich indicators. You can define a widget to see the API rate limiting error of third-party products through a period of time (such as day/week) and to understand if there are tools that are not using all of the bought quota. The widget enables you to visualize your API usage and provides guidance on when to retry commands that have failed due to rate limiting. To add a widget, in the Widget Builder, select the following:
| |
Dynamic sections are refreshed | The refresh button now refreshes all dynamic sections for incident and indicator layouts. | |
Integration fetch history | When fetching or mirroring an integration or feed, you can now see the fetch history, including the last run, source ID, duration, etc. This can assist with errors, enabling you to find the root cause of the problem. | |
Notification of breaking changes | When updating or installing a content pack, if the pack contains changes that break backward compatibility, the details are now displayed for you to review before deciding to proceed with installation. | |
Content Pack Update Notifications | You can now receive daily notifications of Marketplace Content Packs that have available updates. | |
Support for operating system git | You can now use your operating system git installation with a remote repository. |