Cortex XSOAR Articles

July 2024 UPCOMING EVENTS Customer Success Webinar: On-Prem v6 Migration to v8 SaaS Join us on July 24th to learn everything you need about the on-prem migration to the XSOAR 8 SaaS. >>Register here CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about. >> Fill out the form Recent CS Webinar Elevate your Threat Hunting skills with the first session of the webinar series: Proactive Threat Hunting Part 2 Watch More New How-to Videos Review the final video in the Getting Started with XSOAR 8 series: Engines Watch this video and learn how to handle and analyze cybersecurity evidence efficiently: Evidence and Evidence Fields Get your alerts in order by watching this video: Alert Tuning Are you familiar with Webhook? Check out this video to learn more about: Generic Webhook View More Latest Security Blogs & Articles tay in the known: Threat Brief CVE-2024-6387 OpenSSH RegreSSHion Vulnerability. You can review and download the content pack under the product updates below. Read the latest updates about Cortex: New Wave of Innovations Read More XSOAR PRODUCT UPDATES On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers (sshd) on glibc-based Linux systems, tracked as CVE-2024-6387. Cortex XSOAR has released a response pack and playbook for CVE-2024-6387 to help automate and expedite the mitigation process. To learn more and download the pack >> Click here On-prem XSOAR 8.6 version will be released on July 14 and includes the following features: XSOAR cluster high availability - for XSOAR cluster with three nodes or more Multi-Role API keys - to improve operational efficiency and dynamic RBAC management of API keys Enhanced role-based access control for dashboards - restrict access to specific dashboards for designated users through role assignment Add integration logs for non-Python scripts and integrations You may review the full release notes, available after July 14th, here. It is recommended that you update to the latest version available. Start Planning Your XSOAR On-Premises to SaaS Migration! Calling all XSOAR 6 On-Prem customers! The migration to XSOAR 8 SaaS is planned for the third quarter of 2024. We want to remind you to connect with your Customer Success or Account Team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources: Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide Cortex XSOAR Content Release June 2024 Learn about newly released content packs and their capabilities. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site XSOAR Product Release Notes Read the Cortex XSOAR Feature Release Notes >> Documentation Help Center Read the Cortex XSOAR Version Release Announcements >> LIVEcommunity

June 2024 UPCOMING EVENTS Customer Success Webinar Series: Proactive Threat Hunting Part 2 The event concluded on June 12, 2024. Visit our events page later this month to learn about our next event. CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about. >> Fill out the form Recent CS Webinar Elevate your Threat Hunting skills with the first session of the webinar series: Proactive Threat Hunting Part 1 Watch More New How-to Videos Learn how to export indicators: How to Export Indicators to 3rd Party Systems Catch the new video in the XSOAR 8 Analyst Training: Playbook Tasks & To-Do Tasks Learn how to generate Reports and use Timers in XSOAR 8: Reports & Timers View More Latest Security Blogs & Articles Read the latest blog and learn how to: Migrating Historical Data into XSAOR from 3rd party products Read More XSOAR PRODUCT UPDATES With the release of the XSOAR 6 On-Prem to XSOAR 8 SaaS and with our successfully migrated hosted customers, we would like to remind you to connect with your Customer Success or Account team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources: Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide Playbook of the Week Blogs Explore our latest playbooks, featured in our Playbook of the Week blog series, designed to enhance your automation skills. Automating Response to Living-Off-the-Land (LOTL) Attacks Read All Cortex XSOAR Content Release May 2024 Learn about newly released content packs and their capabilities. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site XSOAR Product Release Notes Read the Cortex XSOAR Feature Release Notes >> Documentation Help Center Read the Cortex XSOAR Version Release Announcements >> LIVEcommunity

May 2024 UPCOMING EVENTS Customer Success Webinar Series: Proactive Threat Hunting Join us on May 22nd for the first session of the next webinar series, Proactive Threat Hunting! Register the series below: Part 1 | Part 2 Symphony 2024: AI and Automation In case you missed it, catch the recording of Symphony 2024 below >> Watch now CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about. >> Fill out the form Recent CS Webinar Learn about the benefits of SLAs, how to use them, and the available content pack: SLAs & Timers Fields Watch More New How-to Videos Getting Started with XSOAR 8: Content Management Learn about Job creation: Setting up Jobs Ready to make a progress? Learn how to: Creating Incident Summary Reports Check out the new analyst training video: Notes & Evidence Board View More Latest Security Blogs & Articles Read the latest blog to learn: What's New in Cortex Read More XSOAR PRODUCT UPDATES Did You Start Planning Your XSOAR 8 SaaS Migration? With the End-of-Life product line of XSOAR 6 hosted planned for the end of June 2024, and with over 300 customers who have successfully migrated, we would like to remind you to connect with your Customer Success or Account team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources: Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide Playbook of the Week Blogs Explore our latest playbooks, featured in our Playbook of the Week blog series, designed to enhance your automation skills. Streamlining Suspicious Data Upload Alert Investigations Prisma Cloud Compute - Compliance Alert v2 Read All Cortex XSOAR Content Release April 2024 Learn about newly released content packs and their capabilities. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site XSOAR Product Release Notes Read the Cortex XSOAR Feature Release Notes >> Documentation Help Center Read the Cortex XSOAR Version Release Announcements >> LIVEcommunity

April 2024 UPCOMING EVENTS Customer Success Webinar: Customer Success Webinar: SLAs & Timers Join us on April 17th to learn about the benefits of SLAs & Timers fields and how to use them. Proficiency level recommended: Beginners - Intermediate >> Register Here Symphony 2024: AI and Automation Come see where security operations are headed next! Join us on April 17-18 for a virtual event. Register below >> Register here CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about. >> Fill out the form Recent CS Webinar Review the Indicator Management Lifecycle part 3 here: Indicator Management Maintenance & Optimization Watch More New How-to Videos Our third analyst training video is waiting for you here: War Room Review the latest episodes of the XSOAR 8 Engineering Training series: Fields Display Scripts SLA Breach Scripts View More Latest Security Blogs & Articles Read the recent blog to learn how to leverage the integration between: Cortex XSOAR and TAXII Learn how to take advantage of automation opportunities: Unveiling the Power of Automation for MSSP Read More XSOAR PRODUCT UPDATES XSOAR 8 SaaS Migration Reminder In 2023, we announced that XSOAR 8 SaaS, our latest version, is available for migration for XSOAR 6-hosted customers. We already have over 300 customers working with the SaaS offering. As the XSOAR 6 hosted product line is planned to be End of Life by the end of June 2024, connect with your assigned Customer Success or Account team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources: Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide Playbook of the Week Blogs Explore our latest playbooks, featured in our Playbook of the Week blog series, designed to enhance your automation skills. Automating Management of XDR Identity Analytics Alerts Read All Cortex XSOAR Content Release March 2024 Learn about newly released content packs and their capabilities. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site XSOAR Product Release Notes Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity

March 2024 UPCOMING EVENTS Customer Success Webinar Series: Indicator Management Join us on March 20th for the last webinar series session, where we share best practices for maintenance and optimization! Proficiency level recommended: Advanced XSOAR Engineer Part 3 CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about. >> Fill out the form Recent CS Webinar Review the Indicator Management Tuning Creation Fidelity part 2 here Watch More New How-to Videos Check out the latest features introduced in XSOAR 8.5: What's New in 8.5 Getting Started with XSOAR 8? You should review this video: Server Configurations and Security Settings. You may review all Getting Started with XSOAR 8 videos here Catch the latest parts of XSOAR 8 Engineering training: Writing our First Automation Field Change Scripts Review XSOAR 8 API video: Using the API Check out the second video in the XSOAR 8 Analyst series: Working an Incident View More Latest Security Blogs & Articles Read the recent blog to discover best practices for spam detection using XSOAR: The Low-Hanging Fruits of Phishing and Spam Detection Read More XSOAR PRODUCT UPDATES XSOAR 8 SaaS Migration Reminder In 2023, we announced that XSOAR 8 SaaS, our latest version, is available for migration for XSOAR 6-hosted customers. We already have over 200 customers working with the SaaS offering. As the XSOAR 6 hosted product line is planned to be End of Life by June 2024, connect with your assigned Customer Success or Account team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources: Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide Playbook of the Week Blogs Explore our latest playbooks designed to enhance your automation skills, featured in our Playbook of the Week blog series. Using YARA to Automate Malware Identification Read All Cortex XSOAR Content Release Feb 2024 Learn about newly released content packs and their capabilities. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site XSOAR Product Release Notes Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity

February 2024 UPCOMING EVENTS Customer Success Webinar Series: Indicator Management Join us on Feb 21st for part 2 of the webinar series, where we cover the process of tuning creation fidelity for Indicators. Click below to register for the webinar series: You may catch the recording for part 1 in the On-Demand section below Part 2 | Part 3 CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about. >> Fill out the form Operation Automation: 2024 Virtual User Group When: Feb 20th, 9am - 12pm PT Meet your peers, share ideas, and learn from each other as you embark on your SecOps automation journey in 2024. This three-hour interactive virtual event promises valuable insights, customer peer discussions, and a tour of the latest features and playbooks designed to improve your user experience and get the most out of Cortex XSOAR®. >> Register Here Recent CS Webinar Review the Indicator Management Lifecycle part 1 here: Indicator Management Lifecycle Did you register for Part 2? Click here to secure your spot Watch More New How-to Videos Catch the latest parts of XSOAR 8 Engineering training: Quiet Mode Data Collections Check out our latest XSOAR training video: Case Management Review XSOAR 8 EDL video: External Dynamic Lists (EDL) Check out the first part of XSOAR 8 Analyst series: Searching in XSOAR View More XSOAR PRODUCT UPDATES XSOAR 8 SaaS Migration Reminder In 2023, we announced that XSOAR 8 SaaS, our latest version, is available for migration for XSOAR 6-hosted customers. We already have over 100 customers working with the SaaS offering. As the XSOAR 6 hosted product line is planned to be End of Life by March 2024, connect with your assigned Customer Success or Account team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources: Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide Playbook of the Week Blogs Explore our latest playbooks designed to enhance your automation skills, featured in our Playbook of the Week blog series. Common Playbooks Pack Prisma Cloud Audit Alert v3 Read All Cortex XSOAR Content Release Jan 2024 Learn about newly released content packs and their capabilities. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site XSOAR Product Release Notes Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity

January 2024 UPCOMING EVENTS Customer Success Webinar Series: Indicator Management Join us for a 3-part webinar series where we will dove deep into the indicator lifecycle, from creation through optimization! Click below to register in advance for this webinar series: Part 1 | Part 2 | Part 3 CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about. >> Fill out the form New How-to Videos Check out our latest XSOAR 8 onboarding video: XSOAR Marketplace Learn about the Indicator Exclusion List feature in XSOAR 8: Indicator Exclusion List Check out the latest episode of the Engineering Training: Looping with Automations & Sub-Playbooks View More Latest Security Blogs & Articles Increase your security operations with QR code readability ability in XSOAR. Read this blog for more information: QR & XSOAR: How to Make it Work? Read More XSOAR PRODUCT UPDATES A New Data Retention License is Now Available Extending data retention to an additional 31 days. Read more about the new policy here. To learn more about this license add-on, you may contact your Customer Success or Account team. Playbook of the Week Blogs Explore our latest playbooks designed to enhance your automation skills, featured in our Playbook of the Week blog series. Capture the Flag Threat Intell Management Read All Cortex XSOAR Content Release Dec 2023 Learn about newly released content packs: AWS organizations, community dashboards, and more. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site XSOAR Product Release Notes Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity

New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: Suspicious Domain Hunting This pack provides all the necessary tools for the Suspicious Domain Hunting use case. It uses the CertStream integration to ingest new SSL certificates and alert for type-squatting. NVD Feed 2.0 CVE feed from the National Vulnerability Database. Gem Integrate with Gem to use alerts as a trigger for Cortex XSOAR’s custom playbooks, and automate response to specific TTPs and scenarios. Check Point Infinity NDR Collect network security events from Check Point Infinity NDR for your secured SaaS periodically. Ollama Get up and running with large language models locally. Zoom Mail Use the Zoom Mail integration manage your ZMail. Exabeam Security Operations Platform Exabeam Security Operations Platform. ExabeamDataLake Exabeam Data Lake provides a highly scalable, cost-effective, and searchable log management system. Data Lake is used for log collection, storage, processing, and presentation. Stellar Cyber Integration to retrieve and update cases from the Stellar Cyber platform. Claroty xDome Use xDome to manage assets and alerts. To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR

New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: Spur Context API Enrich IP addresses with data from the Spur Context API Redmine A project management and issue-tracking system To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR

New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: AWS - Security Lake Amazon Security Lake is a fully managed security data lake service. CTM360 CyberBlindspot Take action on incidents derived from threat intelligence that is directly linked to your organization. IRIS DFIR IRIS is a collaborative platform aiming to help incident responders to share technical details during investigations. Ivanti Critical Vulnerabilities This pack handles CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893 - Ivanti critical vulnerabilities. MetaDefender Sandbox Unique adaptive threat analysis technology. Generic Webhook (Form Data) A version of the Generic Webhook integration that accepts a form data body. Note: raw_json field is required. AWS-SNS-Listener A long running AWS SNS Listener service that can subscribe to an SNS topic and create incidents from the messages received. SpyCloud Enterprise Protection Create breach and malware incidents in Cortex® XSOAR™ using the SpyCloud Enterprise Protection API. Provide enrichment for domains, IPs, emails, usernames, and passwords. GreyNoise Indicator Feed This content pack fetches IPv4 Internet Scanner indicators from GreyNoise. To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR

New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: GoogleThreatIntelligence Analyze suspicious hashes, URLs, domains, and IP addresses. GitHub Feed A feed to ingest indicators of compromise from Github repositories. The feed supports general extraction of IOCs, extracting from STIX data format and parsing of YARA Rules out of the box. SaaS Security by Palo Alto Networks SaaS Security connects directly to your sanctioned SaaS applications to provide data classification, sharing and permission visibility, and threat detection. CSCDomainManager CSCDomainManager is the world's first multilingual domain management tool, available in English, French, and German. It uses rules-based technology, customizable reporting, granular user management, and more to enable you to manage your domain. To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR

New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: AWS - EKS The AWS EKS integration allows for the management and operation of Amazon Elastic Kubernetes Service (EKS) clusters. Palo Alto Networks AIOps Best Practice Assessment (BPA) analyzes NGFW and Panorama configurations. SafeBreach - Breach and Attack Simulation platform Breach and Attack Simulation platform. CertStream Gets a stream of newly created certificates from Certificate Transparency (https://certificate.transparency.dev/). Google Chat via Webhook Test Contribution branch 'master'. Invoked from the script. To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR

New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: Fortimail FortiMail is a comprehensive email security solution by Fortinet, offering advanced threat protection, data loss prevention, encryption, and email authentication. Brandefense Branddefense is looking for data for each brand and collecting information and alarming the related brand about dark web findings. Varonis SaaS Streamline alerts, events, and related forensic information from Varonis SaaS. To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR

New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: AWS Organizations AWS Organizations offers policy-based management for multiple AWS accounts. Community Common Dashboards A pack that contains community dashboards. Tessian XSOAR integration for interacting with Tessian's events. ORKL Threat Intel Feed Ingest indicators from the ORKL feed. IP2LocationIO API integration to query IP geolocation. HashiCorp Terraform Hashicorp Terraform provides infrastructure automation to provision and manage resources in any cloud or data center with Terraform. Email Hippo Use this tool to verify email sources as fake emails that were used as part of phishing attacks. To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR

Python Development Quick Start The Marketplace content packs provide out-of-the-box (OOTB) integrations and playbooks supported by a common base of commands and automation scripts. While automations support JavaScript and PowerShell, the most comprehensive support is for Python-based development. This guide was created to help you kick-start your automation process using Python. Click here to read the complete guide: Cortex XSOAR Python Development Quick Start Guide Have a question? Post it on the Discussion Forum Cortex XSOAR

Playbook of The Week: Malware Investigation and Response To help scale and automate investigations like this, we at Cortex XSOAR built the Malware Investigation and Response pack. We wanted to better understand the challenges customers faced when managing their endpoint alerts. Click here to read more in the Malware Investigation And Response blog. We invite you to learn more by joining us for the Cortex XSOAR Malware Investigation and Response content pack Webinar, on June 30th at 7 a.m. PDT / 4 p.m. CEST. Cortex XSOAR