Release Notes for Cisco XDR 2.47

Release Date: July 30, 2025

New Features and Updates

Note: Only sections with new customer-facing features or updates in this release are listed below.

Incidents

Feature	Description	Help Topic
Investigate observables added to Observables drawer in incident details	You can now select up to 200 observables in the Observables drawer on the Overview page and click Investigate observables to start a new investigation for the selected observables in a new tab.	Overview
Tasks tab added to the Playbooks page	The Tasks tab has been added to the Playbooks page and it allows you to view and manage tasks within your organization. You can create and add custom tasks to custom playbooks. When creating or editing a playbook, you now select the tasks you want to add to the playbook from the new Tasks drawer.	Tasks Playbooks List Playbooks
Editor tab renamed to Playbooks on the Playbooks page	The previous Editor tab on the Playbooks page has been renamed to Playbooks.	Playbooks List
Apply and Cancel buttons removed from Filters drawer	The Apply and Cancel buttons have been removed from the Filters drawer on the Incidents page. The filter criteria is now automatically applied and the incidents list refreshes as you select the filter criteria.	Incidents

Automate

Feature	Description	Help Topic
Add a workflow to the Tasks tab	Now you can add a validated workflow with an intent of either Incident Response or Playbook directly to the tasks on the Playbooks page. When creating or editing a workflow using the Workflow Editor, click Share and choose Add to Playbook Task Catalog.	Workflow Editor Playbooks
Help update	Added a note to the SMTP Endpoint Target topic to explain why it no longer works for Gmail accounts.	SMTP Endpoint Target

Feature

Description

Help Topic

Add a workflow to the Tasks tab

Now you can add a validated workflow with an intent of either Incident Response or Playbook directly to the tasks on the Playbooks page.

When creating or editing a workflow using the Workflow Editor, click Share and choose Add to Playbook Task Catalog.

Workflow Editor

Playbooks

Help update

Added a note to the SMTP Endpoint Target topic to explain why it no longer works for Gmail accounts.

SMTP Endpoint Target

Assets

Feature	Description	Help Topic
Help update	The following update has been made to the Help: Added a note to the Devices topic to explain that it can take up to 15 minutes for new or updated rules to be applied to existing devices.	Devices

Feature

Description

Help Topic

Help update

The following update has been made to the Help:

Added a note to the Devices topic to explain that it can take up to 15 minutes for new or updated rules to be applied to existing devices.

Devices

Client Management

Feature	Description	Help Topic
Help update	The following update has been made to the Help: Added a note to the Deployment Management topic to clarify that Cisco Support does not assist with troubleshooting third-party software management tools.	Deployment Management

Feature

Description

Help Topic

Help update

The following update has been made to the Help:

Added a note to the Deployment Management topic to clarify that Cisco Support does not assist with troubleshooting third-party software management tools.

Deployment Management

Integrations

Feature	Description	Help Topic
Google Chronicle renamed to Google SecOps	The Google Chronicle integration has been renamed to Google SecOps.	—
Help updates	The following updates have been made to the Help: The following integration topics have been updated to include Detection findings in the What's Next section: Secure Endpoint Integration, Secure Network Analytics Integration, Secure Email Threat Defense Integration, Secure Access Integration, CrowdStrike Falcon Integration, Microsoft Defender for Endpoint Integration, Microsoft Defender for Office 365 Integration, SentinelOne Singularity Integration, and Proofpoint Threat Protection Integration. The Google SecOps integration has been tested and certified by Cisco Quality Assurance labs and it has been added to the Cisco and Third-Party Integrations and Supported Capabilities topic as supported third-party integration in Cisco XDR. Updated the Cisco Identity Intelligence Integration topic to include a list of supported integrations. Updated the Configure GCP to Generate VPC Flow Logs and Enable APIs section of the Google Cloud Platform Integration topic.	Secure Endpoint Integration Secure Network Analytics Integration Secure Email Threat Defense Integration Cisco Secure Access Integration CrowdStrike Falcon Integration Microsoft Defender for Endpoint Integration Microsoft Defender for Office 365 Integration SentinelOne Singularity Integration Proofpoint Threat Protection Integration Google SecOps Integration Cisco Identity Intelligence Integration Google Cloud Platform Integration

Feature

Description

Help Topic

Google Chronicle renamed to Google SecOps

The Google Chronicle integration has been renamed to Google SecOps.

—

Help updates

The following updates have been made to the Help:

The following integration topics have been updated to include Detection findings in the What's Next section: Secure Endpoint Integration, Secure Network Analytics Integration, Secure Email Threat Defense Integration, Secure Access Integration, CrowdStrike Falcon Integration, Microsoft Defender for Endpoint Integration, Microsoft Defender for Office 365 Integration, SentinelOne Singularity Integration, and Proofpoint Threat Protection Integration.
The Google SecOps integration has been tested and certified by Cisco Quality Assurance labs and it has been added to the Cisco and Third-Party Integrations and Supported Capabilities topic as supported third-party integration in Cisco XDR.
Updated the Cisco Identity Intelligence Integration topic to include a list of supported integrations.
Updated the Configure GCP to Generate VPC Flow Logs and Enable APIs section of the Google Cloud Platform Integration topic.

Secure Endpoint Integration

Secure Network Analytics Integration

Secure Email Threat Defense Integration

Cisco Secure Access Integration

CrowdStrike Falcon Integration

Microsoft Defender for Endpoint Integration

Microsoft Defender for Office 365 Integration

SentinelOne Singularity Integration

Proofpoint Threat Protection Integration

Google SecOps Integration

Cisco Identity Intelligence Integration

Google Cloud Platform Integration

Ribbon and Pivot Menu

Feature	Description	Help Topic
MITRE tactic updates in ribbon	The MITRE TTP widget in the upper right corner of an incident in the incidents app in ribbon is now a MITRE tactic tag. Click the tag to open the MITRE Tactics popup to view a list of tactics and techniques impacting the incident.	Incidents App

Previous Release Notes

To view the Release Notes for previous releases, see Previous Release Notes for Cisco XDR.