Release Notes for Cisco XDR 2.34
Release Date: January 15, 2025
New Features and Updates
Getting Started
No new customer-facing features or updates in this release.
Control Center
|
Feature |
Description |
Help Topic |
|---|---|---|
|
Team Mean Time Summary tile and User Mean Time Summary tile updates |
Updated the descriptions for the Team Mean Time Summary tile and the User Mean Time Summary tile due to the new incident statuses. |
Default Tiles |
|
Help updates |
Updated screenshots in the Default Tiles and Dashboards topics to align with the UI. |
Incidents
|
Feature |
Description |
Help Topic |
|---|---|---|
| New incident statuses |
New incident statuses are now available for all incidents. The new statuses align with industry standards and they provide additional details on the nature of the incident. For a list of the available incident statuses, see Available Statuses. For compatibility purposes, the previous incident statuses (Open, Closed, Incident Reported, Containment Achieved, Stalled, Rejected, and Restoration Achieved) are available in the Filters drawer only. You cannot set an incident to one of these statuses. |
|
|
Hide Closed Incidents |
The previous Include Closed Incidents toggle is now a Hide Closed Incidents check box on the Incidents page and in the Filters drawer. You can uncheck the Hide Closed Incidents check box to display closed incidents in the Incidents list. |
|
|
Clear button added to Filters drawer |
You can now click the new Clear button to remove your selections in the Status and Assignment drop-down lists in the Filters drawer. |
Incidents |
|
Created date update |
The Created date in the incidents list and incident drawer now displays the date and time the incident was created, instead of the relative amount of time from the date and time the incident was created. |
Investigate
No new customer-facing features or updates in this release.
Intelligence
No new customer-facing features or updates in this release.
Automate
|
Feature |
Description |
Help Topic |
|---|---|---|
|
New variables for observable state |
Two new variables have been added to enable a content author to set the state of observables in their incident response workflows that are intended for use by playbook tasks. In the Set Variables activity within a For Each loop, open the variable browser, search or navigate to choose Result Message (string) and Succeeded (true or false), and enter their values. |
|
|
Set workflow result variables |
When it comes to defining variables within a workflow, you can use the Workflow Result variables to provide information about the workflow’s execution. In particular, the Workflow Result Code variable is an auto-populated string - the system derives the value based on the observable state or workflow result - that indicates the outcome of the workflow. Now you also have the option to override and explicitly set the code by choosing a value from the list as needed. If you choose Completed Successfully to override Partially Completed in a completed workflow where at least one of its observable tasks did not succeed, the task workflow shows Complete in the incident playbook's Response tab and the Workflow Result variable's value is shown in the corresponding Worklog tab. View the workflow’s run details and you can see the values of both Workflow Result variables in the Output section. |
|
|
Improved health checks |
Improved health checks have been added to ensure that Automation rules are executing as expected. Users are notified if rate limits are exceeded. |
|
|
Help update |
The following update has been made to the Help:
|
Assets
No new customer-facing features or updates in this release.
Client Management
|
Feature |
Description |
Help Topic |
|---|---|---|
|
Help updates |
Fixed an incorrect APJC regional API endpoint in the Create Deployment topic. |
Administration
No new customer-facing features or updates in this release.
Integrations
|
Feature |
Description |
Help Topic |
|---|---|---|
|
Help updates |
Added the following topics to the Cisco XDR help: Orbital Integration, Zendesk Integration, Cisco Defense Orchestrator Integration, Cisco Duo Integration, Secure Email Appliance Integration, Secure Email and Web Manager Integration, and Secure Web Appliance Integration. The links to the topics have been added to the table in the Cisco and Third-Party Integrations and Supported Capabilities topic. |
Cisco and Third-Party Integrations and Supported Capabilities Cisco Defense Orchestrator Integration Secure Email Appliance Integration Secure Email and Web Manager Integration Secure Web Appliance Integration
|
Ribbon and Pivot Menu
|
Feature |
Description |
Help Topic |
|---|---|---|
|
Help updates |
The Change Incident Status and Filter Incidents sections have been updated in the Incidents App topic due to the new incident statuses. |
Resources
No new customer-facing features or updates in this release.
Previous Release Notes
To view the Release Notes for previous releases, see Previous Release Notes for Cisco XDR.