Previous Release Notes for Cisco XDR

Important only filter removed from Detection page

The Important only check box and indicator in the Events table have been removed from the Detection page in incident details.

Filters added to Actions Taken drawer

The Source and Action filters have been added to the upper portion of the Actions Taken drawer and the filters allow you to narrow the list of all the actions taken and show only those actions that match the filters you have selected.

Help update

Updated the Create Private Judgment topic with a new screenshot of the Create Judgment dialog box to align with the UI.

Variable references

Variable references in UI fields are now displayed as pills, making them shorter and easier to read. The length of text in each pill is reduced by generally concatenating the properties. Hover over a pill to display a tooltip showing its full path of breadcrumbs. For example: A pill that says “HTTP Request….First Name in Response Headers” shows “Activity > HTTP Request > Output > Response Headers > First > Name.” For a broken reference, the pill says “Reference not found” and the tooltip on hover shows the full, raw reference link with the underlying data.

Help updates

The following updates have been made to the Help:

• Added Cisco Meraki to the Sources topic.

Help updates

The following updates have been made to the Help:

• Added new required regional API endpoints to the Create Deployment topic.

• Added the Provide Full Disk Access for Network Visibility Module - XDR section to the Deployment Management topic.

Notification type update

The Unknown notification type has been added to notifications and it indicates that the type of notification is undefined.

Help updates

The following updates have been made to the Help:

• Added the Secure Endpoint Integration and Secure Email Threat Defense Integration topics to the Cisco XDR help. The link to the topics have been added to the table in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• Updated the Asset Insights and Context column from No to Yes for the Cisco Meraki integration in the Cisco and Third-Party Integrations and Supported Capabilities topic.

Help updates

The following updates have been made to the Help:

• Added a link to the Cisco XDR Known Issues page in the Resources topic.

• Added the topic Cisco XDR Service Status Home Page to the help system. This topic discusses the Threat, Detection, and Response Status for XDR.

Refresh tiles message added to Customize Dashboards

A message has been added to the Customize Dashboards dialog box to remind users to click Refresh Tiles if a configured integration does not appear in the list of integrations.

Actions Taken in attack graph and node drawer

The (Actions Taken) icon on the node in the attack graph indicates that remedial actions have been executed by the integrated Endpoint Detection and Response (EDR) system for the device. In the node drawer, the Actions Taken area provides a detailed list of all the remedial actions taken. These actions involve proactive measures, such as blocking or quarantining, to manage and mitigate identified threats or security incidents.

Help updates

Updated the Events and Saved Investigations topics with new screenshots to align with the UI.

Help updates

Added a note to the Clients topic with the maximum number of devices you can move between deployments at one time.

The Integrations page link has been added to the upper portion of the Settings tab on the Notifications page and it opens the Integrations page in a new tab with the Notifications capability filter applied.

Help updates

The following updates have been made to the Help:

• Updated the Integrations topic with more information about cloud infrastructure and on-premises products.

• The Pulsedive integration has been tested and certified by Cisco Quality Assurance labs and it has been added to the Cisco and Third-Party Integrations and Supported Capabilities topic as a supported third-party integration in Cisco XDR.

Help update

Updated the Resources topic to include link to the XDR Training Center.

Help update

Updated the Getting Started topic with a new screenshot in the Sign In to Cisco XDR section to align with the UI.

Help update

Updated the list of tiles for the Cisco Secure Access integration in the Integration Tiles topic.

Help update

Updated the Incidents topic to include file hashes as one of the common indicators in the description.

Help updates

Added the Person icon, updated the list of icons, and removed the Category column from the table in the Graph Icon Descriptions topic.

Help updates

The following updates have been made to the Help:

• In the Workflows topic, updated the maximum number of total workflow actions from 100 to 200.

• In the Workflows topic, added information about the API run limits.

Secure Network Analytics integration update

Secure Network Analytics v7.5.1 can now be configured using the Secure Network Analytics module on the Integrations page. Enabling this integration sends Secure Network Analytics alarm events to Cisco XDR for correlation with other events, allows Cisco XDR to request top security events from Secure Network Analytics to enrich the investigation context in Cisco XDR, and provides tiles on the Cisco XDR dashboards to monitor key operational metrics.

For more information, see the Secure Network Analytics and Cisco XDR Integration Guide 7.5.1.

Help update

Updated the Default Tiles topic with new screenshot in the High Impact Incidents section to align with the UI.

New incident generation framework

We are now using a new framework for generating incidents directly within Cisco XDR, instead of promoting incidents and attack chains from Secure Cloud Analytics. This new framework enables:

• Faster detections and correlation.

• More transparency into the source data in Cisco XDR.

• Improved incident title and descriptions.

• Added support for correlation on file hashes for Endpoint Detection and Response (EDR) and email security products.

• Improved response time for rendering data in the Cisco XDR UI, such as the attack graph.

• Promotion of single EDR detections under specific criteria.

Incidents created from attack chains prior to 2.29 will remain open until manually closed, but the incidents will no longer receive updates.

Help update

The following update has been made to the Help:

• Added new target for Ivanti Neurons for MDM to the Targets Created From Integrations topic.

Help updates

The following updates have been made to the Help:

• Added ServiceNow to the Sources topic.

• Renamed Ivanti Neurons to Ivanti Neurons for MDM in the Sources topic.

• Added a note to the Device Details topic clarifying the Last Seen field for Cisco Secure Client devices.

Help updates

Updated the pre-deployment installation support note in the Deployment Management topic.

Help updates

The following updates have been made to the Help:

• The Threatscore integration and the Microsoft Graph Security API integration have been tested and certified by Cisco Quality Assurance labs and they have been added to the Cisco and Third-Party Integrations and Supported Capabilities topic as supported third-party integrations in Cisco XDR.

• Added the new Minimum Cisco XDR Licensing Tier Required column in the Cisco and Third-Party Integrations and Supported Capabilities topic to indicate the minimum licensing tier required for all integrations.

• Updated the Security Operations Center (SOC) Automation column from No to Yes for the Ivanti Neurons for MDM integration in the Cisco and Third-Party Integrations and Suggested Capabilities topic.

• Updated the Asset Insights and Context column from No to Yes for the ServiceNow integration in the Cisco and Third-Party Integrations and Suggested Capabilities topic.

Incident app and XDR icons updated in ribbon

The Incident App and the XDR icons have been updated throughout ribbon.

Help update

Updated the Getting Started topic with a new screenshot in the Sign In to Cisco XDR section to align with the UI.

Help updates

Updated the Control Center and Dashboards topics with new screenshots to align with the UI.

Incident correlation and analytics support for Microsoft Defender for Office 365 application in Microsoft Cloud integration

The security detections from the Microsoft Defender for Office 365 application are now included in incident correlation and analytics in Cisco XDR.

Rate limits

To preserve system resources and ensure the integrity and performance of the platform, Automation rate limits have been updated. Please refer to the respective Help topics to the right.

Help updates

The following updates have been made to the Help:

• Added the User Values and Labels sections to the Users topic.

• Updated the Users and User Details topics with new screenshots to align with the UI.

Help updates

The following updates have been made to the Help:

• Updated the Detection Analytics and Correlation column from No to Yes for the Microsoft Defender for Office 365 integration in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• Updated the What's Next section in the Cisco Vulnerability Management Integration topic and the Secure Network Analytics Integration topic.

Incident Promotion Reason tile removed from dashboards

The Incident Promotion Reason tile for the Secure Firewall integration has been removed from the list of available tiles in the Customize Dashboards dialog box.

Cisco Managed Incident Playbook updates

The following tasks have been updated to include Microsoft Entra ID as a supported integration in Automation workflow: 

• Contain Incident: Assets (Users) in the Containment phase

• Restore Contained Users in the Recovery phase

Help updates

The following help topic has been updated:

• Atomic Actions - Kenna renamed to Cisco Vulnerability Management.

Help update

The following help topic has been updated:

• Renamed the Network Visibility Cloud Module to Network Visibility Module - XDR in the Create Deployment topic.

Help updates

Updated the screenshots in the Users and My Account topics to align with the UI.

Help updates

The following updates have been made to the Help:

• The following topics have been added to the Cisco XDR help: Attack Surface Management Integration, Cisco Vulnerability Management Integration, Secure Network Analytics Integration, Secure Workload Integration, Splunk Cloud Integration, and Webex Integration. The links to the topics have been added to the table in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• The product documentation links have been removed from the table in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• Updated the Controls and Responses column from No to Yes for the following integrations in the Cisco and Third-Party Integrations and Supported Capabilities topic: Cisco Duo, Meraki, Orbital, Check Point Quantum Smart-1 Cloud, Cohesity Data Cloud, ExtraHop Reveal(x) 360, Palo Alto Networks Cortex XDR, Microsoft Entra ID, and Trend Vision One.

Help updates

The following updates have been made to the Help:

• Updated the Unassigned Incidents section in the Default Tiles topic with an updated screenshot to align with the UI.

• Added the severity of the risk scores to the Risk Scores table in the Navigation topic.

Help updates

Updated the Incident Detail and Overview topics with updated screenshots to align with the UI.

Help updates

Updated the Investigation Results and Timeline topics with updated screenshots to align with the UI.

Help updates

The following help topics have been updated:

• Workflow Variables - Added waiting-for-prompt-response result code.

• Remote Setup and Deployment - Added new OVA file.

• Targets Created From Integrations - Added new target for Cisco Defense Orchestrator.

Notification updates

The following updates have been made to the Notifications page:

• The Automation Rule, Automation Workflow Definition, and Automation Workflow Run notification types in the Inbox tab has been replaced with the Automation Workflow Disabled notification type.

• The Automation Rule, Automation Workflow Definition, and Automation Workflow Run notification types have been replaced with the Automation Workflow/Run/Rule Disabled notification type in the Settings tab.

Help updates

The following updates have been made to the Help:

• The urlscan.io integration has been tested and certified by Cisco Quality Assurance labs and it has been added to the Cisco and Third-Party Integrations and Supported Capabilities topic as a supported third-party integration in Cisco XDR.

• Updated the Controls and Responses column for Rubrik Security Cloud integration from No to Yes in the Cisco and Third-Party Integrations and Supported Capabilities topic.

Risk scores added to MITRE ATT&CK^® Coverage Map

The risk scores have been added to the technique cards and the tactic and technique drawers on the MITRE ATT&CK^® Coverage Map page. Risk scores indicate the probability of financial impact if the MITRE ATT&CK patterns are not mitigated and they are the detection risk used to calculate the priority score for incidents.

Help updates

The following updates have been made to the Help:

• Updated the Incident Detail, Detection, Response, Worklog, and Report topics with new screenshots to align with the UI.

• Updated the Navigate Cisco XDR topic to remove the Severity column from the table in the Priority and Risk Scores section.

Help updates

The following help topics have been updated:

• Automation Remote - Updated source IP addresses of region endpoints.

• Default Targets - Added new target for Playbook APIs.

• Targets Created From Integrations - Added new targets for Microsoft Entra ID and Jamf Pro.

• Remote Setup and Deployment - Added new OVA file.

Help update

The following help topic has been updated:

• Added the Network Visibility Cloud Module to the Create Deployment topic.

New Automation Exchange notification type

The new Automation Exchange notification type has been added to the Notifications page and the Notifications popup. It is triggered when an Automation workflow that you submitted is approved or rejected by the content moderator for publishing to Exchange.

Help updates

The following help topics have been updated:

• The AbuseIPDB IP Checker integration has been tested and certified by Cisco Quality Assurance labs and it has been added to the Cisco and Third-Party Integrations and Supported Capabilities topic as a supported third-party integration in Cisco XDR.

• Updated the Security Operations Center (SOC) Automation column for the Jamf Pro integration from No to Yes in the Cisco and Third-Party Integrations and Supported Capabilities topic.

AI-generated icon replaced with label

The (AI-generated) icon has been replaced with the AI-generated label in the incidents app.

Help update

Updated the MITRE ATT&CK^® Coverage Map topic with a new screenshot to align with the UI.

Timeline added to the incident details Overview page

The Timeline panel has been added to the Attack Graph panel on the incident details Overview page. The timeline (color-coded by disposition) reflects the volume of events at different points in time.

Help updates

Updated the timeline descriptions in the Timeline topic and the Investigation Results topic.

Help update

The following help topic has been updated:

• Targets Created From Integrations - Added new targets for Microsoft Intune and Splunk Cloud.

Help update

Renamed the Microsoft Active Directory - Users source to Microsoft Entra ID in the Sources topic.

Help update

Added a note about uninstalling pre-exisiting Secure Client deployments before installing Cisco XDR Cloud Management deployments to the Deployment Management topic.

Updated the Security Operations Center (SOC) Automation column for the Microsoft Intune integration from No to Yes in the Cisco Third-Party Integrations and Supported Capabilities topic.

Help update

The new Documentation Search topic has been added to provide more information on the built-in search functionality in the Cisco XDR Help.

Help updates

The following updates have been made to the Help:

• Updated the Sign In to Cisco XDR section in the Getting Started topic to include the new application badge feature.

• Updated the What's Next section in the Getting Started topic with the new MITRE ATT&CK^® coverage map feature.

New MITRE ATT&CK^®Coverage Map page added to Control Center

The new MITRE ATT&CK^® Coverage Map page has been added to Control Center in the left navigation menu. The MITRE ATT&CK^® Coverage Map page provides a comprehensive visualization of the tactics and techniques that are covered by the following Cisco Breach Protection Suite products: XDR Native (Network, Cloud, Identity, and Endpoint), Secure Email Threat Defense, Secure Endpoint, Secure Malware Analytics, and Secure Network Analysis.

• View tactics and techniques - Click the tactic or the technique card on the coverage map to open the tactic or technique drawer to view more information on the selected tactic or technique, such as products covered and impacted incidents.

• View incidents - The technique cards on the coverage map displays the total number of incidents that are promoted and impacted by the tactics and techniques during the selected date range. Click the tactic or the technique card to view the list of incidents in the tactic or technique drawer.

• Filter coverage map - By default, the coverage map displays the tactics and techniques for the products that are integrated with Cisco XDR in your organization. You can filter the coverage map to view products that are not integrated for a comprehensive view of the coverage your organization would have if you integrate more Cisco products.

  The Techniques Covered chart is also updated with the number of unique techniques covered as you select the Cisco Breach Protection Suite products in the Product Coverages area.

Secure Network Analytics alarm data update

Secure Network Analytics 7.4.2 and 7.5.0 alarm data is used in Endpoint Detection and Response correlated attack chains, which can now be promoted to Cisco XDR as incidents using a webhook through Response Management. For more information, see the Alarm Configuration for Cisco XDR Guide 7.4.2 and Alarm Configuration for Cisco XDR Guide 7.5.0.

Help update

The following help topic has been updated:

• Workflow Editor - Added Exchange description to list of Properties.

Webex Instant Message notification setting

You can now set up your notifications to send an instant message through Webex based on the notification type in the Settings tab on the Notifications page. You must ensure that you have the Webex integration configured on the Integrations page prior to configuring the instant message setting for a notification type.

The following updates have been made to Help:

• The Radware Cloud DDoS Protection Service and Radware Cloud WAF Service integrations have been tested and certified by Cisco Quality Assurance labs and they have been added to the Cisco and Third-Party Integrations and Supported Capabilities topic as a supported third-party integration in Cisco XDR.

• Updated the Detection Analytics and Correlation column for the Secure Network Analytics integration from No to Yes in the Cisco Third-Party Integrations and Supported Capabilities topic.

Help updates

The following updates have been made to the Help:

• The Dashboard Tiles topic has been moved from Resources to Control Center and renamed to Integration Tiles.

• Added the Integration Tiles section to the Configure Dashboards and Tiles topic.

• Updated links in the Dashboard and Tile Settings topic and the Dashboards topic.

Help updates

The following updates have been made to the Help:

• Updated the Playbooks topic and the Assignment Rules topic to remove the note that playbook assignment rules are executed only for new incidents with a priority score ≥ 500. There is no longer a restriction: playbook assignment rules are now executed for new incidents with any priority score.

• The Contain Incident: Assets task has been renamed to Contain Incident: Assets (Devices) in the Response topic.

Help update

The following help topic has been updated:

• Targets Created From Integrations - Added a new target for Elastic Cloud.

Help updates

The following help topics have been updated:

• Updated the Create Deployment and Deployment Management topics for Zero Trust Access module support and new screenshots to align with the UI.

Help updates

The following updates have been made to Help:

• Moved the Integrations topic and the Cisco and Third-Party Integrations and Supported Capabilities topic from Administration to the new Integrations help menu.

• Updated the Users topic with new screenshots to align with the UI.

• Updated the Roles topic to include playbooks and notifications.

The AlienVault Open Threat Exchange integration has been tested and certified by Cisco Quality Assurance labs and it has been added to the Cisco and Third-Party Integrations and Supported Capabilities topic as a supported third-party integration in Cisco XDR.

Help update

Removed the Delete Incidents section from the Incidents App topic.

Help updates

The following updates have been made to the Help:

• The Dashboard Tiles topic has been moved from Resources to Control Center.

• The Cisco Integrations topic and the Third-Party Integrations topic have been removed from Resources.

Update to user asset displayed from Secure Email Threat Defense

The email attributes from Secure Email Threat Defense are now displayed as User under the Assets card in incident details, instead of Endpoint.

Add or remove observables in investigations

After running an investigation, if additional observables were found that were not part of the original investigation, you can now add observables to the investigation.

Help update

The following help topic has been updated:

• Targets Created From Integrations - Added a new target for Check Point Quantum Smart-1 Cloud.

Help updates

The following help topics have been updated:

• Updated the Create Deployment topic for macOS support.

• Updated the Deployments and Create Deployment topics with new screenshots to align with the UI.

Help updates

The following updates have been made to Help:

• Updated the Threat Hunting and Investigation column for the Palo Alto Networks Cortex XDR and Secure Email Threat Defense integrations from No to Yes in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• Updated the Dashboard Tiles column for Orbital from Yes to No in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• Updated the Security Analyst column from Yes to No for the Approve task, if assigned task, under Automate > Tasks in the Roles topic.

New Check Point Quantum Smart-1 Cloud integration

The new Check Point Quantum Smart-1 Cloud integration has been added to the Third-Party tab on the Integrations page. Check Point Quantum Smart-1 Cloud is a unified network security policy management platform for firewalls, applications, users, and workloads. With real-time threat visibility, large-scale event logging, and rich Management API. This integration uses the Management API to access Check Point NGFW alerts.

Check Point NGFW is built on the basic concept of traditional firewalls but additionally includes deep packet inspection, application-level inspection, intrusion prevention, and advanced malware prevention capabilities like sandboxing. It also brings in threat intelligence from outside the firewall.

Integration with Check Point Quantum Smart-1 Cloud allows Cisco XDR to leverage NGFW alerts for enriching Cisco threat investigation capabilities, by providing detailed visibility into network traffic and malicious activity.

Use this integration to query for security detections of observables including IP, hostname, domain, process name, file name, URL, MD5, and SHA-256. This integration also creates a target automatically in Automation for out-of-box workflows and it also provides important device inventory context to help triage detected threats.

Help update

Added the Add or Remove Observable section to the Pivot Menu topic to include the new add or remove observables in investigation feature.

Help updates

The following updates have been made to the Help:

• Added the Check Point Quantum Smart-1 Cloud integration to the Third-Party Integrations topic.

• Updated the description for the Palo Alto Networks Cortex XDR integration in the Third-Party Integrations topic.

Help updates

The following updates have been made to the Help:

• Updated the following topics to include the new auto-save feature: Worklog, Response, Incident Detail, Report, Editor, and Assignment Rules.

• Updated the Overview topic to include the new right-click node feature.

• Updated the Worklog and Incident Detail topics to include changes to the Worklog page.

• Updated the Response and Worklog topics with new screenshots to align with the UI.

Help updates

The following updates have been made to Help:

• Updated the Relations Graph topic to include the new right-click node feature.

• Updated the Investigate and Saved Investigations topics to include the new auto-save feature.

Identify system workflows

To identify system workflows in drop-down lists more easily, they’re now prefixed with a Cisco logo icon.

Help updates

The following help topics have been updated:

• Updated the Device Details topic to include the Pivot menu.

• Updated the Users topic to include the Groups filter.

• Updated the Devices, Devices Details, and Users topics with new screenshots to align with the UI.

Help updates

The following help topics have been updated:

• Updated the Clients topic with new screenshots to align with the UI.

Help updates

The following updates have been made to Help:

• The Shodan and VirusTotal integrations have been tested and certified by Cisco Quality Assurance labs and they have been added to the Cisco and Third-Party Integrations and Supported Capabilities topic as a supported third-party integration in Cisco XDR.

• Updated the Users topic with a new screenshot to align with the UI.

Notification updates in ribbon

The following updates have been made to the Notifications page and the Notifications popup in Cisco XDR ribbon:

• A new Automation Prompt Task notification type has been added to Notifications page and the Notifications popup in Cisco XDR ribbon. It is triggered when a prompt task from Automation is assigned to you by other users.

• The Automation Rule notification type has been added as an additional notification type for the Automation Workflow type.

Help updates

The following updates have been made to the Help:

• Added the Shodan and VirusTotal integrations to the Third-Party Integrations topic.

• Updated the Third-Party Integrations topic with a link to the Cisco and Third-Party Integrations and Supported Capabilities topic.

Help update

Updated the Dashboard and Tile Settings topic with a new note in the Full Screen Dashboard section to ensure that the host computer is configured to never sleep.

Help updates

The following updates have been made to the Help:

• Updated the Important only toggle to check box in the Detection topic.

• Added the new View Workflow Run section to the Worklog topic.

• Updated the Worklog topic with new screenshots to align with the UI.

Judgments with Matched Observables in Private Intelligence

As background investigations were done to check for Talos published threats, judgments for all the Talos published observables in the blog were added to Private Intelligence, even if only some observables triggered an incident. To avoid confusion, only judgments for the matched observables are now stored in Private Intelligence.

Help updates

The following help topic has been updated:

• Targets Created From Integrations - Added a new target for Rubrik Security Cloud.

Help Updates

The following help topics have been updated:

• Updated the Devices and Device Details topics with new screenshots to align with the UI.

Help Updates

The following help topics have been updated:

• Updated the Clients topic with new screenshots to align with the UI.

New third-party integration added to the Integrations page

The new Rubrik Security Cloud integration has been added to the Third-Party tab on the Integrations page. Rubrik Security Cloud helps you protect your data, monitor data risk, and recover data and applications, so you can keep your business moving forward. Integrating Rubrik with Cisco XDR allows SOC and IT teams to automatically take a snapshot of business-critical data early in the incident response process. Automated workflows also allow teams to rapidly recover impacted assets from recent and immutable backup snapshots.

Help update

The new Rubrik Security Cloud integration has been added to the Third-Party Integrations topic.

Help updates

The following updates have been made to the Help:

• Playbook Editor - updated screenshots to reflect more accessibility to Summary; Short description changed to Summary.

Help updates

The following help topics have been updated:

• Activity, Core, JSONPath Query - Added guideline about failing the workflow.

• Activity, Logic, Condition Block - Added guideline about concrete answers in branches to activity questions.

• Activity, Logic, For Each - Added guideline about naming the entity.

• Create a Workflow - Added a step about submitting a request to publish to Exchange.

• Workflow Intent - Added information to incident response about workflow result properties and elaborations to pivot menu and automation rule intents.

• Workflow Best Practices - New topic.

• Workflow Editor - Added a description of using the Share option to submit a workflow to Exchange.

• Publish to Exchange - New topic.

• Exchange - Added descriptions of the new Authorship Type pull-down list and new Submissions table for publishing to Exchange.

• Execute Python Script - Added guidelines and best practices.

• Targets Created From Integrations - Added a new target for PagerDuty and Secure Malware Analytics.

• Workflow Variables - Added information for workflow result properties.

Help updates

The following updates have been made to the Help:

• Updated the tooltip for the Secure Email Threat Defense integration in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• Updated the Notifications topic with a new screenshot to align with the UI.

The new Pivot Menu has been added to the left navigation pane on the Settings page in Cisco XDR ribbon. The Defang on Copy toggle in the Pivot Menu setting is off by default. Click the toggle to on to remove the Defang on Copy menu option from the Pivot menu and the existing Copy value menu option will update to copy the observable value as a defanged value.

Help updates

The new PagerDuty and Red Sift integrations have been added to the Third-Party Integrations topic.

Help Updates

The following updates have been made to the Help:

• Updated the Document and Notify workflow in the Response topic to include support for Zendesk.

• Updated Incident Detail topic to include new screenshots for the revised Short description and View detailed description link in header.

• Updated Overview topic to include new screenshots for the Attack Graph Asset drawer, and revised Short description and View detailed description link in header.

• Updated Detection topic to include new screenshots for the revised Short description and View detailed description link in header.

• Updated Response topic to include new screenshots for the revised Short description and View detailed description link in header.

• Updated Worklog topic to include new screenshots for the revised Short description in header.

Help updates

The following help topics have been updated:

• Targets Created From Integrations - Added new target for xMatters.

• Workflow Editor - Added more details about when workflows are automatically locked.

Help updates

The following help topics have been updated:

• Added Cyber Vision and Cybereason to the Sources topic.

• Updated the Rules section of the Devices topic to include information for System Rules.

The new xMatters integration has been added to the Third-Party tab on the Integrations page. The xMatters service reliability platform helps DevOps, SREs, and Ops teams automate workflows, ensure infrastructure availability, and deliver products at scale. Eliminate digital event disruptions by leveraging AI, analytics, and workflows to automate and accelerate response times all the way to resolution.

Enabling this integration in Cisco XDR will make the xMatters API available as a target for Automation workflows. Workflows can be used to do things like send a page through xMatters when Cisco XDR incidents are generated.

Help updates

The following updates have been made to the Help:

• Added the new xMatters integration to the Third-Party Integrations topic.

• Added the new Cisco Cyber Vision integration to the Cisco Integrations topic.

• Updated the description for the Cybereason integration in the Third-Party Integrations topic to include the new device inventory support.

Help Update

Updated the Dashboard and Tile Settings topic with a new screenshot in the Specify Scroll Option section to align with the UI.

Help Updates

The following updates have been made to the Help:

• Updated Response topic to include the Confirm Incident workflow; updated screenshot

Add new automation rule

When you add a new automation rule, the Conditions section has been enhanced for clarity, consistency, and flexibility during the configuration. If you add more than one condition, you can choose whether all or any of the conditions must be met in order for the rule to trigger the associated workflow(s) to run. The Advanced option enables you to choose any combination of logical operators when processing the conditions sequentially.

Help Updates

The following help topics have been updated:

• Updated the Rules section in the Devices topic.

• Updated the Devices topic with new screenshots to align with the UI.

Help Updates

The following help topics have been updated:

• Added the operating system and architecture column to the Deployments topic.

• Updated the Deployments and Profiles topics to include a table for the column descriptions.

• Added the select operating system and architecture step to the Create Deployment topic.

• Updated the Clients and Deployments topics with new screenshots to align with the UI.

Help Update

Replaced the asterisk with the (Information) icon in the Cisco and Third-Party Integrations and Supported Capabilities topic.

Help Updates

The following updates have been made to the Help:

• Added the new playbooks feature to the What's Next section.

• Updated the screenshot, page name, and link in the View Dashboards section.

• Added more information on signing in to Cisco XDR in the Sign In to Cisco XDR section.

Help Updates

The previous Control Center topic has been renamed to Dashboards and a new Control Center topic has been added to reflect the new left navigation menu update for Control Center.

Help Updates

The following updates have been made to the Help:

• Updated Incidents topic to include changes to the Filter menu.

• Updated Response Tasks topic to include the addition of the playbook name and publish date; added a note about Playbooks.

• Updated screenshots for Response Tasks.

Help updates

The following help topics have been updated:

• Default Targets and Default Account Keys - Removed those no longer needed as we support additional integrations and APIs using enhanced, built-in tokens.

• Exchange - Added Community workflow authorship type.

• Licensing - Revised table with additional information about content source, licensing, and support.

• Targets Created From Integrations - Added new target for Zendesk.

• Variable Browser - Moved content to new topic with revisions.

Help Update

The following help topics have been updated:

• Added the Pivot menu to the Devices topic.

• Updated the Devices topic with new screenshots for the Pivot menu.

• Updated the Custom Source sections in the Sources topic.

Help Update

The following help topics have been updated:

• Added the Pivot menu to the Clients topic.

• Updated the Clients topic with new screenshots for the Pivot menu.

The following updates have been made to the help:

• Updated the Administration topic to include the new Playbooks feature.

• Added IP addresses for Automation to the IP Addresses for Integrations section in the Integrations topic.

• Updated the Search Notifications section in the Notifications topic to include searching by title.

• Updated the Filter Notifications section in the Notifications topic with a new screenshot to align with the UI.

Help Update

The new Zendesk integration has been added to the Third-Party Integrations topic.

Help Updates

The following updates have been made to the Help:

• Updated incident details to incident detail to match button label.

• Incidents topic - Added note in Change Incident Status section about incident status changing to Open when first viewed in the incident detail.

• Incident Detail topic:

  • Changed topic title to Incident Detail.

  • Updated Assign Incident section to reflect automatic assignment.

• Response Tasks - Updated Add Notes and Execute Workflows for Tasks section to remove the Select button. Only the Execute button is displayed (in the task and drawer) to run the workflow.

Help Updates

The following help topics have been updated:

• Create a Workflow - Added new screenshots.

• Exchange - Added Cisco Verified workflow content type.

• Licensing - Revised table with additional information about content source, licensing, and support.

• Targets Created From Integrations - Added new target for Jira Cloud.

• View and Search for Runs - Added output property values from an incident response workflow's execution which get appended to the notes in the incident's worklog.

Help Update

The following help topics have been updated:

• Removed the Cybereason integration support from the Sources topic.

• Updated the Rules drawer screenshots in the Devices topic.

Help Update

Updated the Asset Inventory and Context column from Yes to No for the Cybereason integration in the Cisco and Third-Party Integrations and Supported Capabilities topic.

Help Update

Removed the device inventory feature support from the description for the Cybereason integration in the Third-Party Integrations topic.

Help Updates

The following updates have been made to the Help:

• Incidents - updated screenshot and added information about Source link; reverted text in Filtering Incidents to reflect that the dates are now based on created date versus last activity.

• Detection - updated screenshot and added information about Source link.

Help Updates

The following updates have been made to the Help:

• Updated screenshots in Investigation Results topic to show the Source link.

• Updated screenshot in Events topic to show the Source link.

Help Updates

The following help topics have been updated:

• Exchange - Added Cisco Managed workflow content type.

• Licensing - Revised table with additional information about content source, licensing, and support.

Help Updates

The following updates have been made to the help:

• Removed the Beta notes from the Users and Sources topics.

• Added the View Source Details section to the Device Details topic.

• Updated the Users, User Details, and Device Details topics with new screenshots.

Incidents App Updates

The following updates have been made to the incidents app in ribbon:

• The assigned users is now displayed as an avatar with the user's initials in the upper right corner of the incident details and the Assignees panel has been removed from incident details.

• The MITRE ATT&CK^® widget has been added to the upper right corner of the incident details and it displays the MITRE ATT&CK^® tactics impacting the incident based on the Financial Risk Score.

Help Updates

Updated screenshots showing the new left navigation menu.

Navigation Menu Updates

The left navigation menu has been updated in Cisco XDR with new menu icons. A drawer now opens with additional menus when you hover or click a menu in the navigation menu and the (Cisco XDR Menu) icon is now located in the upper left corner of the navigation menu.

Help Updates

The following updates have been made to the Help:

• Assign Incidents - Updated this text: When an incident is assigned to another user, they will receive a notification in the (Notifications) icon in the Cisco XDR header and ribbon. For more information about this feature, see the Notifications help topic.

• Updated screenshot showing new left navigation menu.

Help Updates

The following updates have been made to the Help:

• Updated screenshot showing new left navigation menu.

Help Updates

The following updates have been made to the Help:

• Updated screenshots showing new left navigation menu.

Help Updates

The following help topics have been updated:

• Targets Created From Integrations - Added new targets for Microsoft Defender for Office 365 and Slack.

• Create a Workflow - Additional information about workflow properties.

• Import and Export a Workflow - Share button to commit workflow to Git.

• Updated screenshots in Exchange, Targets, Account Keys, Variables, Triggers, Tasks, and Advanced to show the new left navigation menu.

Help Updates

The following updates have been made to the help:

• Updated the Devices and Users topics to specify the Export to CSV feature is available to users with an Administrator role only.

• Updated the Devices topic for the Last Active field in the Filters drawer.

• Updated the Devices, Users, User Details, and Sources topics with new screenshots showing new left navigation menu.

Help Updates

The following updates have been made to the help:

• Updated the Clients topic to specify the Export to CSV feature is available to users with an Administrator role only.

• Updated the Clients topic for the Last Active field in the Filters drawer.

• Updated the Clients, Deployments, Deployment Management, Audit Logs, Profiles, and Device Events topics with new screenshots showing new left navigation menu.

Help Updates

The following updates have been made to the Help:

• Added the Detection Analytics and Correlation column in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• Added the Automation and Response heading for the Controls and Responses and the Security Operations Center (SOC) Automation columns in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• Replaced Microsoft Cloud with an asterisk that provides more information in a popup when you hover over the asterisk in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• Added Secure Cloud Analytics section with a list of integrations you can configure in Secure Cloud Analytics (now a part of Cisco XDR) in the Cisco and Third-Party Integrations and Supported Capabilities topic.

• Updated the Administration, API Clients, Integrations, My Account, Notifications, On-Premises Appliances, and Users topics with new screenshots showing new left navigation menu.

Orbital Script Added to Orbital App

The new Script tab has been added to the Orbital app in Cisco XDR ribbon. Script provides the ability to counteract any threats found using Query. For more information on the script feature in Orbital, see the Orbital Scripts help topic in Orbital.

Help Updates

The following updates have been made to the Third-Party Integrations topic:

• Added the Microsoft Defender for Office 365 and Slack integrations.

• The Microsoft Defender description has been updated to include the new incident creation.