New Features
New features available in Cortex XSOAR 6.8, including
Threat Intel, case management and Platform improvements.
The following new features are categorized
by product component.
Installation file hash:
Deployment Wizard
When installing or updating the Malware content pack,
a new
DEPLOYMENT WIZARD
tab guides you step-by-step to quickly
adopt the Malware use case. The Deployment Wizard significantly
reduces the time required to set up your use case. The wizard guides
you through the process of setting up your content pack for your
specific use case, including:- Setting up a fetching integration
- Setting up a playbook
- Setting up any required supporting integrations
- Enabling the fetching integration instance
Playbooks
Feature | Description |
|---|---|
Error Handling in Playbooks | When creating/editing a standard task that
uses an automation or a conditional task that uses an automation,
you can select the following from the On Error tab:
|
New custom playbooks are set to quiet mode | When creating a new custom playbook, by default, the
playbook is set to Quiet Mode to improve
system performance. |
Marketplace
Feature | Description |
|---|---|
Embedded Videos in Content Packs | An embedded YouTube video viewer is now supported
in content packs. These videos walk you through the content including
the playbooks, incident types, testing, etc. |
Case Management
Feature | Description |
|---|---|
HTTP, HTTPS, and SSH are now supported for
remote repositories | You can now connect to a remote repository
using HTTP or HTTPS as well as SSH. |
API Endpoint Mappers on a production environment | In a remote repository, you can now add API Endpoint
mapping directly on the production machine. |
Add the group name flag to the installation
file | When installing the server, you can now select
the default Cortex XSOAR group name by adding the -system-group-name=<group name> flag
to the installation file. |
Auto suggestions for indicator types for
Threat Intel | For manual indicator creation, there is now
an auto suggest prompt for indicator types. |
Platform
Feature | Description |
|---|---|
Support Cortex XSOAR on RHEL 8.5 | Cortex XSOAR now supports RHEL 8.5. |
Exclude items from local changes in remote
repositories | You can now exclude content items on your development
machine from syncing with your production machine. Excluded items
do not appear in the local changes table. |
Control which users can create API keys | You can now select which roles have read and read/write
permissions when creating API keys. By default, all users can create
API keys. |
Track API rate limit errors | Some content packs now contain dashboards and widgets
that can track API rate limit errors, which is useful for troubleshooting
and to make decisions about whether to enrich indicators. You
can define a widget to see the API rate limiting error of third
party products through a period of time (such as day/week) and to understand
if there are tools that are not using all of the bought quota. The
widget enables you to visualize your API usage and provides guidance
on when to retry commands that have failed due to rate limiting. To
add a widget, in the Widget Builder, select the following:
 |
Dynamic sections are refreshed | The refresh button now refreshes all dynamic sections
for incident and indicator layouts. |
Integration fetch history | When fetching or mirroring an integration or
feed, you can now see the fetch history, including the last run,
source ID, duration, etc. This can assist with errors, enabling
you to find the root cause of the problem. |
Notification of breaking changes | When updating or installing a content pack,
if the pack contains changes that break backward compatibility,
the details are now displayed for you to review before deciding
to proceed with installation. |
Content Pack Update Notifications | You can now receive daily notifications of Marketplace
Content Packs that have available updates. |
Support for operating system git | You can now use your operating system git installation
with a remote repository. |
