Add-ons comparison

1. Improved CIM mapping

   • Added support for new OS versions: PanOS 10 & PanOS 11.
   • Review existing mappings. Differences between Add-ons.
   • Map new types of events.

2. Migration of technical assets from the Security App to the Add-on

   • Moved custom search commands to add-on (will be available in future releases).
   • Moved macro to add-on.

3. New feature

   • Monitoring dashboard (health check page) and the ability to request detailed events from Cortex XDR.

4. Changes in macro

   • Basic macros are now designed to look for data in “index=pan*”. If that definition does not match your index configuration, you can make changes to the p_index macro.

5. Configuration changes for IoT security & Cortex XDR modular inputs

   • Moved Customer ID, Access Key ID, Secret Access Key parameters from IoT Security modular input configuration to the IoT Accounts section on the Configuration page.
   • Moved Tenant name, Tenant region, API Key ID, API Key parameters from Cortex XDR modular input configuration to the Cortex XDR Accounts section on the Configuration page.
   • Collection date time start was added to both inputs, to specify the start of data and time collection.
   • Incident details parameter added to enable detailed event retention from Cortex XDR.

6. Clean up of deprecated features

   • Removed deprecated modular inputs (Aperture, MineMeld, AutoField) from add-on.
   • Removed unused mappings for deprecated source types (Aperture, MineMeld, and AutoField).
   • Removed deprecated macros and saved searches for Aperture, MineMeld and AutoField.
   • Removed Alert Actions.