For SOAR

This release includes the following enhancements and changes for SOAR functionality:

New Integration Plug-ins for SOAR

The following new integration plug-ins are added to SOAR:

Integration Plug-in	Description
Amazon AWS CloudTrail	This integration plug-in has the following enrichment capabilities: List Trails Get Trail Create Trail Delete Trail Start Logging Stop Logging Get Trail Status Lookup Events List Queries
Cisco SecureX	This integration plug-in has the following enrichment capabilities: Get Observable Details Get Observable Score Get Event Details Get Threat Context (Targets) Respond observable
Cofense Triage	This integration plug-in has the following enrichment capabilities: Get URL Details Get Domain Details Get Report Details List Report Attachments Download Attachment Payload Get Reporter Details Update Report Category List Threat Indicators Get Threat Indicator Details
New Team Cymru	This integration plug-in has the following enrichment capabilities: Single Lookup Hash Query Bulk Lookup Hash Query
OpenText Network Detection and Response	This integration plug-in has the following enrichment capabilities: List Alerts Get Alert Details Get SmartPcap List Meta Data Activity
ServiceNow CMDB	This integration plug-in has the following enrichment capabilities: List Assets Get Asset by ID Update Asset Tag

Multi-Tenancy for MSSP-SOAR

With this release, ArcSight Platforms supports Multi-tenancy wherein, you can create and manage multiple tenants.
Installation Update for SOAR

Up to the previous releases, SOAR used to be bundled with Core and would be automatically installed when Core would be installed. With this release, SOAR is now an independent capability and has its own installation file. If you need SOAR in your environment, ensure that you download the installation package specified for SOAR in the Understanding the Files to Download section and proceed to install SOAR as a separate capability.