Release Notes for Cisco XDR 2.43
Release Date: May 28, 2025
New Features and Updates

No new customer-facing features or updates in this release.

Feature |
Description |
Help Topic |
---|---|---|
System Status area removed from User Profile |
The System Status area has been removed from the User Profile drop-down list in the upper right corner of the Cisco XDR header. |

Feature |
Description |
Help Topic |
---|---|---|
Dashboard card enhancements |
The following UI enhancements have been made to the cards on the Dashboards page:
|
|
Secure Client integration cards renamed in Customize Dashboards |
The following cards for the Secure Client integration have been renamed in the Customize Dashboards dialog box:
|
|
Help updates |
The following updates have been made to the Help:
|
MITRE ATT&CK® Coverage Map |

Feature |
Description |
Help Topic |
---|---|---|
Download events in JSON format on Detections page |
You can now download the events in the detections table in JSON format. Click the new Download JSON button on the Detection page in incident details. |
Detection |

Feature |
Description |
Help Topic |
---|---|---|
Detection findings tab added to the Investigate page |
You can now view all the security events generated by integrated products and the Cisco XDR native telemetry sent from the Network, Cloud, Identity, and Endpoint sources in the new Detection Findings tab on the Investigate page. The security events allow you to validate the data that is ingested by Cisco XDR for incident correlation. When you click a security event in the list, the Detection Findings drawer opens where you can quickly view the Detection Findings and related Activities from the security event. The security event details are displayed using the Industry Standard Open Cybersecurity Schema Framework (OCSF), version 1.4. |

No new customer-facing features or updates in this release.

Feature |
Description |
Help Topic |
---|---|---|
Help updates |
The following updates have been made to the Help:
|

Feature |
Description |
Help Topic |
---|---|---|
Identity Intelligence |
The Cisco Identity Intelligence integration is now supported for user data integration. Cisco Duo, Microsoft Entra ID, and more are configured in Identity Intelligence. The Users page now displays users identified by Identity Intelligence, which provides more data about the users in your organization, including users with failed checks, and users not using multi-factor authentication (MFA). |
|
Help updates |
The following updates have been made to the Help:
|

Feature |
Description |
Help Topic |
---|---|---|
Orbital module |
The Orbital module is available for Windows amd64 deployments. Orbital provides endpoint visibility and control. It allows you to run queries and scripts to investigate and respond to threats. |
|
Secure Access Root Certificate module |
The Cisco Secure Access Root Certificate module is available for Windows deployments. This module installs the Cisco Secure Access Root Certificate into the host computer's certificate store. A Certificate Authority (CA) signed root certificate is required where Cisco Secure Access must proxy and decrypt HTTPS traffic that requests a web resource. |
|
Help updates |
The following updates have been made to the Help:
|

No new customer-facing features or updates in this release.

Feature |
Description |
Help Topic |
---|---|---|
Splunk Enterprise integration added to the Integrations page |
The new Splunk Enterprise integration has been added to the Cisco tab on the Integrations page. Splunk Enterprise is a powerful data analytics platform that allows you to collect, index, and analyze data from any source across your IT environment. It is typically deployed on-premises or in private cloud infrastructure, giving full control over data, security, and system management. The Splunk Enterprise integration creates a target in Cisco XDR Automation for automated workflows, exports incident and other data to Splunk Enterprise using Automation workflow, and enables querying of security detections across Network Traffic, Malware, Data Loss Prevention, and Intrusion Detection CIM-compliant data for observables such as IP addresses, hostnames, file names, file paths, MD5 hashes, and SHA-256 hashes. |
Cisco and Third-Party Integrations and Supported Capabilities |
Cisco Identity Intelligence integration added to the Cisco tab on the Integrations page |
The new Cisco Identity Intelligence integration is now available in the Cisco tab on the Integrations page. Cisco Identity Intelligence allows you to gain full visibility over all your identities. This is accomplished by bringing in a vast amount of data on identities from a range of sources including traditional identity sources like Entra ID (formerly Azure AD), Duo, and Okta, non-traditional sources like Github, Google, or Salesforce, and HR systems, such as Workday. |
Cisco and Third-Party Integrations and Supported Capabilities |
Help updates |
The following updates have been made to the Help:
|
Cisco and Third-Party Integrations and Supported Capabilities |

No new customer-facing features or updates in this release.

No new customer-facing features or updates in this release.
Previous Release Notes
To view the Release Notes for previous releases, see Previous Release Notes for Cisco XDR.