* [Blog](https://www.paloaltonetworks.com/blog) * [Security Operations](https://www.paloaltonetworks.com/blog/security-operations/) * [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/) * XSOAR 8.5: What's New # XSOAR 8.5: What's New [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fxsoar-8-5-whats-new%2F) [](https://twitter.com/share?text=XSOAR+8.5%3A+What%E2%80%99s+New&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fxsoar-8-5-whats-new%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fxsoar-8-5-whats-new%2F&title=XSOAR+8.5%3A+What%E2%80%99s+New&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/security-operations/xsoar-8-5-whats-new/&ts=markdown) \[\](mailto:?subject=XSOAR 8.5: What’s New) Link copied By [Alon Yardeni](https://www.paloaltonetworks.com/blog/author/alon-yardeni/?ts=markdown "Posts by Alon Yardeni") Feb 15, 2024 4 minutes [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown) [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown) [Security Orchestration Automation and Response](https://www.paloaltonetworks.com/blog/tag/security-orchestration-automation-and-response/?ts=markdown) [SOAR](https://www.paloaltonetworks.com/blog/tag/soar-2/?ts=markdown) ## **Amp Up Your SOC Automation with Cortex XSOAR 8.5** XSOAR 8.5 continues the evolution of XSOAR 8 which started with a SaaS platform and tight integration with the [Cortex suite of products](https://www.paloaltonetworks.com/cortex?ts=markdown). Our XSOAR roadmap continues to focus on these three key pillars to ensure our customers get maximum value out of their XSOAR investment: ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/02/word-image-314486-1.png) Highlights of Cortex XSOAR 8.5 include the following: * \*\*Multi-tenant bi-lateral communication (MSSP) -\*\*You can now easily invite users from main and child tenants to incident investigations (including tasks, CLI and War Room). You can share investigation links with end-customers via email, Slack or Microsoft Teams. This enhancement allows managed security service providers (MSSPs) to improve service delivery and optimize customer satisfaction. ![Fig 1: Bidirectional communication between parent and child tenants](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/02/word-image-314486-2.png) Fig 1: Bidirectional communication between parent and child tenants ![Fig 2: Adding parent and child tenant users to investigation](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/02/word-image-314486-3.png) Fig 2: Adding parent and child tenant users to investigation ![Fig 3: Sharing incident case details within XSOAR War Room](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/02/word-image-314486-4.png) Fig 3: Sharing incident case details within XSOAR War Room ![Fig 4: Sending notifications to customer end-user or other groups](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/02/word-image-314486-5.png) Fig 4: Sending notifications to customer end-user or other groups * **Playbook inputs grouping** - You can now group playbook inputs and outputs, making it easier to manage and understand the inputs required for different stages of the playbook. Grouping enhances playbook clarity, reduces the likelihood of errors, and facilitates a more streamlined and efficient incident response workflow. ![Fig 5: Playbook field inputs grouping](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/02/word-image-314486-6.png) Fig 5: Playbook field inputs grouping * **Content Repository Enhancement** - Easier configuration and management of your content repository in the Cortex Gateway and Cortex XSOAR. You can switch between repository types and choose the initial synchronization setup, enabling you to develop and maintain Cortex XSOAR content that is aligned with your development process. * **Improved Incident Navigation \& Search** * For SOC analysts working on multiple incidents, next/previous navigation buttons provide the ability to navigate between incidents without returning to the Incidents page, saving time and facilitating analyst workflow efficiency. * You can now do searches on War Room notes using the Incidents search bar. This new search option enables SOC analysts to query historical incident data for improved incident response and knowledge sharing. * **System Email Customization**- You can now customize a wide range of system emails sent to users, including notifications when a user is mentioned, a task is assigned or completed, an integration has failed to fetch incidents, an engine is disconnected, and more. Customized emails give you the flexibility to include specific details about incidents, relevant data, and other information needed for prompt incident response. * **XSOAR Content Packs and Integrations (Oct 2023 to Feb 2024)** * [**AWS Organizations**](https://cortex.marketplace.pan.dev/marketplace/details/AWSOrganizations/)**-** Manage your AWS accounts and resources via Cortex XSOAR. You can list and create new accounts, view details, modify Organizational Units, invite and tag accounts. * [**HashiCorp Terraform**](https://cortex.marketplace.pan.dev/marketplace/details/HashiCorpTerraform/) - Get policy check results and support more commands. * [**Email Hippo**](https://cortex.marketplace.pan.dev/marketplace/details/EmailHippo/) - Validate email addresses and domains directly in Cortex XSOAR using Email Hippo's intelligence services. * **XSOAR Capture the Flags** - An interactive and fun way for your users to get familiar with Cortex XSOAR. Two playbooks guide participants through a series of tasks as they compete against each other to "capture the flag". The [first playbook](https://cortex.marketplace.pan.dev/marketplace/details/ctf01/) walks participants through the platform while the [second playbook](https://cortex.marketplace.pan.dev/marketplace/details/CTF02/) introduces them to investigating an incident within XSOAR. * [**XDR Lite Playbook**](https://xsoar.pan.dev/docs/reference/playbooks/cortex-xdr-lite---incident-handling) - This new playbook is easy to deploy, with no additional integration needed. It can significantly reduce the time your analysts spend remediating XDR incidents. * [**LOLBIN Command Execution Alerts**](https://xsoar.pan.dev/docs/reference/playbooks/cortex-xdr-remote-ps-exec-with-lolbin-command-execution-alert) - Automated investigation and response for PsExec-like LOLBIN command execution alerts from Cortex XDR. This new playbook enriches relevant data and performs actions such as command-line analysis and remediation. * [**Microsoft Graph Security**](https://cortex.marketplace.pan.dev/marketplace/details/MicrosoftGraphSecurity/) - This integration has been updated to support creating and retrieving email, files, and URL threat assessments directly from within Cortex XSOAR. * [**Azure Log Analytics**](https://cortex.marketplace.pan.dev/marketplace/details/AzureLogAnalytics/) - Now allows you to run Log Analytics search jobs and retrieve results in Cortex XSOAR. * [**PAN-OS Policy Optimizer**](https://cortex.marketplace.pan.dev/marketplace/details/PANOSPolicyOptimizer/) - Enhanced to support pagination and allow the fetching of more rules when analyzing firewall policies. * [**SplunkPy**](https://cortex.marketplace.pan.dev/marketplace/details/SplunkPy/) - Enhanced to enrich user and asset fields via lookups in Splunk from within Cortex XSOAR. * [**Prisma Cloud Compute Audit Alert v3 playbook**](https://cortex.marketplace.pan.dev/marketplace/details/PrismaCloudCompute/)- Help SOC and DevOps teams better streamline their investigations of cloud incidents with new remediation and enrichment features that provide rich contextual information for better decision-making. **For a complete list of new features, please see the [Cortex XSOAR 8.5](https://docs-cortex.paloaltonetworks.com/r/JKmuonZkppcJMpZH3SueZg/root) release notes.** ### Take our SOC Automation Tour See how Palo Alto Networks' SOC leverages automation to help keep your networks secure. Get an inside look at using automation to hunt threats as well as process and triage incidents. [Watch now!](https://start.paloaltonetworks.com/SOC-Automation-Tour?_gl=1*7cnp7h*_ga*MTAzMTY4NjQ1LjE2NjA1ODI1MDE.*_ga_KS2MELEEFC*MTY3MDM2NTc0Mi4xMDUuMS4xNjcwMzY1ODI0LjQ5LjAuMA..) *** ** * ** *** ## Related Blogs ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Introducing Cortex Canvas: Unleashing the Power of Visual Storytelling](https://www.paloaltonetworks.com/blog/security-operations/introducing-cortex-canvas-unleashing-the-power-of-visual-storytelling/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [#### Cortex XSOAR Ranked #1 for SOC Automation](https://www.paloaltonetworks.com/blog/security-operations/cortex-xsoar-ranked-1-for-soc-automation/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Unveiling the Power of Automation for MSSPs](https://www.paloaltonetworks.com/blog/security-operations/unveiling-the-power-of-automation-for-mssps/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Not in My Sandbox: Save Those Deployment Tears](https://www.paloaltonetworks.com/blog/security-operations/not-in-my-sandbox-save-those-deployment-tears/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown) [#### Playbook of the Week: Automated Rapid Response to 3CXDesktopApp Supply Chain Attack](https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-automated-rapid-response-to-3cxdesktopapp-supply-chain-attack/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Playbook of the Week: Automated Ransomware Response with Cortex XSOAR](https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-automated-ransomware-response-with-cortex-xsoar/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language