When defining a loop in a sub-playbook, you can now determine the number of times the loop runs and the amount of time to wait between each time it runs. check box in the Advanced section of the playbook task. To enable this feature for a task, select the Skip this branch. If the playbook contains a task or branch which contains an unavailable or disabled integration, the task is ignored and the playbook continues to execute, otherwise the playbook fails. You can skip a playbook task, or branch when an integration is unavailable or disabled. Skip a playbook task when an integration or automation is unavailable On the master account, you can define which indicators are pushed to shared tenant accounts.Īdded the enrichIndicators command, which supports enriching all indicator types. You can define which local indicators to export from a tenant to a shared indicator index. You can now share indicators between tenant accounts in an Elasticsearch index. You can export indicators to a file, an EDL, or as a TAXII service to update your SIEM, proxy server, and firewall. Use the tool to migrate existing indicators to the Elasticsearch index. You can now store indicators, and indicator data, in a dedicated Elasticsearch index. NOTE: Full threat intel management capabilities requires a separate license.Ĭortex XSOAR now has several threat intelligence feed integrations, both generic and vendor-specific that fetch indicators according to a specified query, which enable you to automate threat intelligence management.Ĭortex XSOAR ingests and processes indicator sources from these threat intel feeds and exports the enriched intelligence data to SIEMs, firewalls, and other systems. We recommend that you migrate your indicators to a dedicated Elasticsearch database. By default, the threat intelligence management infrastructure runs on the internal database. Threat intel management capabilities are designed to ingest, process, and export a large amount of indicators, further automating your security ecosystem. Please see the following new features that have been categorized by product component. All of these new features will help improve how you deal with daily challenges using Cortex XSOAR. Cortex XSOAR 5.5 (formerly known as Demisto) has been released, and it has been updated with a detailed list of new features that include new Threat Intel Management features, Intel feeds, Playbooks, Incident features, User Management, and more General Features.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |