Release Notes for Cisco XDR 2.47
Release Date: July 30, 2025
New Features and Updates
Note: Only sections with new customer-facing features or updates in this release are listed below.

Feature |
Description |
Help Topic |
---|---|---|
Investigate observables added to Observables drawer in incident details |
You can now select up to 200 observables in the Observables drawer on the Overview page and click Investigate observables to start a new investigation for the selected observables in a new tab. |
|
Tasks tab added to the Playbooks page |
The Tasks tab has been added to the Playbooks page and it allows you to view and manage tasks within your organization. You can create and add custom tasks to custom playbooks. When creating or editing a playbook, you now select the tasks you want to add to the playbook from the new Tasks drawer. |
|
Editor tab renamed to Playbooks on the Playbooks page |
The previous Editor tab on the Playbooks page has been renamed to Playbooks. |
|
Apply and Cancel buttons removed from Filters drawer |
The Apply and Cancel buttons have been removed from the Filters drawer on the Incidents page. The filter criteria is now automatically applied and the incidents list refreshes as you select the filter criteria. |

Feature |
Description |
Help Topic |
---|---|---|
Add a workflow to the Tasks tab |
Now you can add a validated workflow with an intent of either Incident Response or Playbook directly to the tasks on the Playbooks page. When creating or editing a workflow using the Workflow Editor, click Share and choose Add to Playbook Task Catalog. |
|
Help update |
Added a note to the SMTP Endpoint Target topic to explain why it no longer works for Gmail accounts. |

Feature |
Description |
Help Topic |
---|---|---|
Help update |
The following update has been made to the Help:
|

Feature |
Description |
Help Topic |
---|---|---|
Help update |
The following update has been made to the Help:
|

Feature |
Description |
Help Topic |
---|---|---|
Google Chronicle renamed to Google SecOps |
The Google Chronicle integration has been renamed to Google SecOps. |
— |
Help updates |
The following updates have been made to the Help:
|
Secure Network Analytics Integration Secure Email Threat Defense Integration Cisco Secure Access Integration CrowdStrike Falcon Integration Microsoft Defender for Endpoint Integration Microsoft Defender for Office 365 Integration SentinelOne Singularity Integration Proofpoint Threat Protection Integration |

Feature |
Description |
Help Topic |
---|---|---|
MITRE tactic updates in ribbon |
The MITRE TTP widget in the upper right corner of an incident in the incidents app in ribbon is now a MITRE tactic tag. Click the tag to open the MITRE Tactics popup to view a list of tactics and techniques impacting the incident. |
Previous Release Notes
To view the Release Notes for previous releases, see Previous Release Notes for Cisco XDR.