* [Blog](https://www.paloaltonetworks.com/blog) * [Security Operations](https://www.paloaltonetworks.com/blog/security-operations/) * [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/) * Cortex XSOAR 6.8 ---It's a ... # Cortex XSOAR 6.8 ---It's a Wizard of a Release! [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-xsoar-6-8-its-a-wizard-of-a-release%2F) [](https://twitter.com/share?text=Cortex+XSOAR+6.8+%E2%80%94It%E2%80%99s+a+Wizard+of+a+Release%21&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-xsoar-6-8-its-a-wizard-of-a-release%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-xsoar-6-8-its-a-wizard-of-a-release%2F&title=Cortex+XSOAR+6.8+%E2%80%94It%E2%80%99s+a+Wizard+of+a+Release%21&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/security-operations/cortex-xsoar-6-8-its-a-wizard-of-a-release/&ts=markdown) \[\](mailto:?subject=Cortex XSOAR 6.8 —It’s a Wizard of a Release!) Link copied By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh") May 31, 2022 4 minutes [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown) [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown) [Malware Investigation and Response Pack](https://www.paloaltonetworks.com/blog/tag/malware-investigation-and-response-pack/?ts=markdown) [use case wizard](https://www.paloaltonetworks.com/blog/tag/use-case-wizard/?ts=markdown) [XSOAR](https://www.paloaltonetworks.com/blog/tag/xsoar/?ts=markdown) [XSOAR Marketplace](https://www.paloaltonetworks.com/blog/tag/xsoar-marketplace/?ts=markdown) What are wizards good for in the world of cybersecurity? Unfortunately, not for magically unlocking ransomware, but our new Cortex Marketplace Deployment Wizard can speed you through an entire use case configuration process. Having a new use case set up and running in your SOC in a matter of minutes? That's sorcery indeed. **Use Case Deployment Wizard** We will be introducing the Deployment Wizard to guide you through the configuration process for our brand new **Malware and Investigation and Response** pack. ![Use case configuration wizard](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/05/vV2aEVMqxuB47vLq8R1NwQR2iHXh3z3jAK36kiVArrxPKsxkKHWbHQoexrj058O4YTn6lv9INFuJFjMziiyGFuS_EYoZpl3Poh0JSG9odqiMbB0FLZg1GspD95cR.png) *Use case configuration wizard* **Suspiciously Malicious?** Determining if alerts from your endpoint security tools for unknown activity is malicious often involves coordinating between multiple security tools. It's a cross-referencing nightmare with multiple consoles open simultaneously and valuable time spent performing repetitive manual tasks. Our new **Malware Investigation and Response** pack helps you determine if unknown software is behaving maliciously. Speed up investigation and save time in making critical decisions by unifying the processes across your SIEMs and endpoint tools into a single workflow and performing repetitive steps before bringing your analysts in. This pack automates many steps of the investigation process. It performs queries to identify if there is evidence of malicious activity (lateral movement, persistence, evasion), analyzes sandbox detonation results, retrieves forensic data, and provides response action short-cuts (with playbooks running behind the scenes) to isolate endpoints, delete or terminate processes, or update your allow/deny lists. More details are coming soon! And you can check out the pack and wizard in our [Cortex Marketplace](https://xsoar.pan.dev/marketplace). **Be a Subscriber** You can now subscribe to content packs in the Cortex Marketplace and be notified via email or Slack when a pack is updated. ![Subscribe for content pack update notifications](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/05/eZCMobqm50ZxH7fkRSL7mhpDuRnJaHi8aDDB46SbKSpjL4maqBqHwOVlbJUirgcLKf61-0x8TZ161UXj8wkIUuYYr1YQ2_KCT_5hmztyDDfiJI-7GAiQQ0WS7fwZ.png) *Subscribe for content pack update notifications* With XSOAR 6.8, we've added features to lower the mean time to production (MTTP) for automation use cases, which in turn can help you streamline your processes and lower your response time. Here are a few more features in this release: **Take Control of Your Errors** A feature requested by our customers, **playbook error handling** , allows you to visually identify where a task errored out during a playbook run. When you see this error displayed on playbook run, you can choose to stop the playbook or continue to the next task. ![Playbook showing error paths](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/05/n_6iyKahzRBXrjwiNqK4f-iDR1AnYRko9aqa5VrLe8VFaosPsyYn5A255IClkMhuvHgT0Vyas1hYRyFqdW5JBKkMFueLzTA9ufDC57d_-sd3DmHBMOsC3O5-5EZp.png) *Playbook showing error paths* For example, a task to quarantine an endpoint might fail if it is unable to connect to said endpoint. When you are building the playbook, you can configure the error path in advance, so in the event of this error, the playbook can perform a different operation, such as notifying IT of the problem. Error path operations that can be performed include sending an email to IT or a SOC lead, creating a service ticket in your ITSM, notifying via PagerDuty, or updating a field on the incident so it shows up on your SOC dashboard. With this feature, you can create generic error playbooks to take specific actions for tasks you know are prone to error, or for vendor integrations to products that may not be reliable. **Is this a Good Time to Call (your API)?** You can now track API rate limiting for your product integrations in XSOAR. This helps you better understand the API call performance and results for tools you use frequently in the SOC. You can track and monitor how an integration is consuming resources, utilizing quotas, or failing during API calls. ![Dashboards to monitor API rate usage](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/05/egvPORgsq52oS7ZOs9_Tr8sN_LjSsrqMSGraR7svHLBRywo1MwwfYLeTp-o4wO3PC4SKpF0h15Wfg9RZMwJ5ok2y3PXS4Xo7pBwd8UlsLYAhWS9sSyW5kXX5KEO8.png) *Dashboards to monitor API rate usage* This allows you to schedule and fine-tune your API usage, know when you are exceeding your rate limit, or plan ahead so as to not be caught off guard. And more importantly, you could throttle back to lower costs if you discover you are under-utilizing your API rate limit quotas. Additional features in this release include HTTPS support for your Git content repository, more granular control over content entities to be pushed or excluded from production, role-based access control (RBAC) for API key creations, integration fetch history for easier troubleshooting, and more. You can get more details on these features in our Cortex XSOAR [Release Notes](https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-8/cortex-xsoar-release-notes). We hope that these features will help you take better advantage of all the automation use cases available to you in the Marketplace, to automate as many tasks as possible, and free your security analysts to focus on what really matters. If you are interested in test driving Cortex XSOAR, do download our free [Community Edition](https://start.paloaltonetworks.com/sign-up-for-community-edition.html). *** ** * ** *** ## Related Blogs ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Playbook of the Week: Malware Investigation and Response](https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-malware-investigation-and-response/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### New Cortex Detectors for macOS Address Stealers and Malicious AppleScript](https://www.paloaltonetworks.com/blog/security-operations/new-cortex-detectors-for-macos-address-stealers-and-malicious-applescript/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [#### What's New in Cortex: The Latest Innovations for the World's #1 SecOps Platform (Feb '25 Release)](https://www.paloaltonetworks.com/blog/security-operations/whats-new-in-cortex-the-latest-innovations-for-the-worlds-1-secops-platform-feb-25-release/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Introducing Cortex Canvas: Unleashing the Power of Visual Storytelling](https://www.paloaltonetworks.com/blog/security-operations/introducing-cortex-canvas-unleashing-the-power-of-visual-storytelling/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [#### Cortex XSOAR Ranked #1 for SOC Automation](https://www.paloaltonetworks.com/blog/security-operations/cortex-xsoar-ranked-1-for-soc-automation/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Black Hat NOC: Protecting One of the World's Most Dangerous Networks](https://www.paloaltonetworks.com/blog/security-operations/black-hat-noc-protecting-one-of-the-worlds-most-dangerous-networks/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language