Previous Release Notes for Cisco XDR in 2026

Getting Started

Feature	Description	Help Topic
Help update	Updated the onboarding information in the Sign In to Cisco XDR section.	Getting Started

Navigate Cisco XDR

Feature	Description	Help Topic
Help icon updates	The new Cisco support options are now available from a drop-down list accessed by clicking the (Help) icon in the Cisco XDR header. From this menu, you can open a support case with Cisco Technical Support (TAC), upload files to an existing support case, or view your current support cases. You can also choose Open onboarding checklist to launch a personalized onboarding experience. This opens an onboarding checklist with a series of guided steps and videos designed to help you get started quickly with Cisco XDR. Previously, you accessed the Cisco XDR online help by clicking the (Help) icon. You now need to choose Help from the drop-down menu to access the help topics to learn more about the specific Cisco XDR page.	Navigate Cisco XDR

Feature

Description

Help Topic

Help icon updates

The new Cisco support options are now available from a drop-down list accessed by clicking the (Help) icon in the Cisco XDR header. From this menu, you can open a support case with Cisco Technical Support (TAC), upload files to an existing support case, or view your current support cases. You can also choose Open onboarding checklist to launch a personalized onboarding experience. This opens an onboarding checklist with a series of guided steps and videos designed to help you get started quickly with Cisco XDR.

Previously, you accessed the Cisco XDR online help by clicking the (Help) icon. You now need to choose Help from the drop-down menu to access the help topics to learn more about the specific Cisco XDR page.

Navigate Cisco XDR

Incidents

Feature	Description	Help Topic
Assets without XDR Forensics enabled	The new Assets without XDR Forensics enabled panel has been added to the Acquire forensic evidence and Launch remote shell drawers in the Evidence tab. Click the (Expand) icon to display a list of assets that are a part of a deployment that does not include the XDR Forensics module. To resolve this, move these devices to a deployment that includes the XDR Forensics module in Client Management.	Evidence

Investigate

Feature	Description	Help Topic
Maximum number of security events displayed on Detection findings page	The detection findings table now displays the first 10,000 security events only on the Detection findings page.	Detection Findings

Automate

Feature	Description	Help Topic
Help updates	The following updates have been made to the Help: Added new OVA file information to the Configure and Deploy the Virtual Appliance section in the Remote Setup and Deployment topic.	Remote Setup and Deployment

Feature

Description

Help Topic

Help updates

The following updates have been made to the Help:

Added new OVA file information to the Configure and Deploy the Virtual Appliance section in the Remote Setup and Deployment topic.

Remote Setup and Deployment

Administration

Feature	Description	Help Topic
User management in Secure Cloud Control	The ability to invite users, change user status, and manage user permissions will be moved from the Manage Users page in Cisco XDR to the Administrator Access page in Security Cloud Control. For more information on inviting users and managing permissions in Security Cloud Control, see Managing Role-Based Access Control in the Cisco Security Cloud Control Administration Guide. The Manage Users page will become view-only, displaying all users in your organization along with their assigned roles and current statuses. This change goes into effect on January 28, 2026. If you are an existing Cisco XDR user, your account will be automatically migrated to Security Cloud Control on January 28th, 2026. Your tenant will need to be attached to your Security Cloud Control Enterprise to leverage this functionality. No additional action is required by your organization.	Users Roles Getting Started
Help update	Updated the My Account topic with a new screenshot to align with the UI.	My Account

Feature

Description

Help Topic

User management in Secure Cloud Control

The ability to invite users, change user status, and manage user permissions will be moved from the Manage Users page in Cisco XDR to the Administrator Access page in Security Cloud Control. For more information on inviting users and managing permissions in Security Cloud Control, see Managing Role-Based Access Control in the Cisco Security Cloud Control Administration Guide.

The Manage Users page will become view-only, displaying all users in your organization along with their assigned roles and current statuses.

This change goes into effect on January 28, 2026. If you are an existing Cisco XDR user, your account will be automatically migrated to Security Cloud Control on January 28th, 2026. Your tenant will need to be attached to your Security Cloud Control Enterprise to leverage this functionality. No additional action is required by your organization.

Users

Roles

Getting Started

Help update

Updated the My Account topic with a new screenshot to align with the UI.

My Account

Integrations

Feature	Description	Help Topic
Help update	Updated the Minimum Cisco XDR Licensing Tier Requirement column for the StealthMole integration in the Cisco and Third-Party Integrations and Supported Capabilities topic from Advantage to Essential.	Cisco and Third-Party Integrations and Supported Capabilities

Ribbon and Pivot Menu

Feature	Description	Help Topic
Orbital app updates	The parameter type and the Get parameters from custom script link have been added to the Custom Script area in the Orbital app.	Orbital App

XDR Forensics

Feature	Description	Help Topic
Assets menu	The Assets menu in XDR Forensics has been separated into Devices, Disk Images, and Cloud Assets. This streamlined layout enables you to locate relevant evidence sources, assess responder status, and initiate investigation workflows with improved clarity.	XDR Forensics

Previous Release Notes for Cisco XDR in 2026

New Features and Updates