Release Notes for Cisco XDR 2.45
Release Date: July 7, 2025
New Features and Updates

No new customer-facing features or updates in this release.

No new customer-facing features or updates in this release.

Feature |
Description |
Help Topic |
---|---|---|
Risk score enhancements |
Improvements have been made to the TTP-based risk of financial loss used to calculate the risk scores for techniques displayed on the MITRE ATT&CK® Coverage Map page. This update reflects the latest insight into cyber risks and losses and it leverages a comprehensive new dataset, encompassing over 90,000 cyber incidents, and derived from credible and publicly verifiable sources. By integrating new data on risk into the assessment, the updated score provides a more precise and contextualized evaluation of threats. Over 110 MITRE TTP risk score values have been revised to align with the current threat landscape, resulting in an improved risk score and more effective incident prioritization tailored to today's risks. |
— |
View issues menu option removed from Options menu in dashboard card |
The View issues menu option has been removed from the Options menu when you click the |
|
Help update |
The following update has been made to the Help:
|

Feature |
Description |
Help Topic |
---|---|---|
Delete incident dialog box update |
The dialog box that appears when you delete an incident has been updated with a new Confirm Delete title and the check box to confirm the deletion before you can click Delete has been removed. |
|
Execute button update on Response page |
The Execute button in the observables drawer on the Response page has been moved from the upper portion of the drawer to the lower portion of the drawer. |
|
Incident priority score enhancements |
Improvements have been made to the TTP-based risk of financial loss used to calculate the priority score for new incidents after the 2.45 (July 7th, 2025) release. This update reflects the latest insight into cyber risks and losses and it leverages a comprehensive new dataset, encompassing over 90,000 cyber incidents, and derived from credible and publicly verifiable sources. By integrating new data on risk into the assessment, the updated score provides a more precise and contextualized evaluation of threats. Over 110 MITRE TTP risk score values have been revised to align with the current threat landscape, resulting in an improved incident priority score and more effective incident prioritization tailored to today's risks. |
— |
Last seen added to Event drawer |
The Event drawer on the Detection page in incident details now displays the Last seen date and time, if applicable. |
|
Help updates |
The following updates have been made to the Help:
|

Feature |
Description |
Help Topic |
---|---|---|
Last seen added to Event drawer |
The Event drawer on the Investigation Results page now displays the Last seen date and time, if applicable. |

Feature |
Description |
Help Topic |
---|---|---|
Judgments table updates |
The Reason column has been removed from the judgments table in the Judgments tab, and the Confidence column has been added to the table. It displays the confidence level of the system that produced the data of its accuracy. |
|
Events table update |
The Title column has been removed from the events table in the Events tab. |
|
Help updates |
The following updates have been made to the Help:
|

Feature |
Description |
Help Topic |
---|---|---|
Help updates |
These updates have been made to the Help:
|

Feature |
Description |
Help Topic |
---|---|---|
User Details drawer |
User names and email addresses included in the Users seen column on the Devices page, the Users section of the Device Details drawer, and the Associated users on the Device Overview tab on the Device Details page now open the User Details drawer to provide a summary of the selected user's information. |
|
Google Cloud Platform support |
The Google Cloud Platform third-party integration is now supported source for the Devices page. |
|
Help updates |
The following updates have been made to the Help:
|

Feature |
Description |
Help Topic |
---|---|---|
Help update |
The following update has been made to the Help:
|

Feature |
Description |
Help Topic |
---|---|---|
On-Premises Appliances page updates |
The previous Generate Token and Delete icons in the Actions column are now menu items when you click the new |

Feature |
Description |
Help Topic |
---|---|---|
Google Cloud Platform integration added to Integrations page |
The Google Cloud Platform integration has been added to the Third-Party tab on the Integrations page. Cisco XDR consumes network traffic data, including Virtual Private Cloud (VPC) flow logs, from your Google Cloud Platform (GCP) public cloud network. It then performs dynamic entity modeling by running analytics on that data to detect threats and indicators of compromise. Cisco XDR consumes VPC flow logs directly from your GCP account using across-account IAM service account with the proper permissions. If you have an existing Google Cloud Platform integration through Secure Cloud Analytics, you will continue to ingest the configured Virtual Private Cloud (VPC) flow logs. However, you will not be able to update your GCP service account credentials using the Secure Cloud Analytics portal. We recommend moving your GCP integration configuration to Cisco XDR to take advantage of the Workload Identity Federation (WIF) credentials, and then deleting the integration in Secure Cloud Analytics to avoid duplicate data ingestion. |
Cisco and Third-Party Integrations and Supported Capabilities |
Attack Surface Management integration removed from Integrations page |
The Attack Surface Management integration has been removed from the Cisco tab on the Integrations page due to the End-of-Life announcement of Cisco Attack Surface Management. For more information, see End-of-Sale and End-of-Life Announcement for the Cisco Attack Surface Management (formerly known as Secure Cloud Insights). If you have an existing Attack Surface Management integration configured, you can continue to access the dashboard cards in Control Center. |
Cisco and Third-Party Integrations and Supported Capabilities |
Help updates |
The following updates have been made to the Help:
|
Cisco and Third-Party Integrations and Supported Capabilities Microsoft Graph Security API Integration Rubrik Security Cloud Integration Omnissa Workspace ONE UEM Integration Palo Alto Networks Firewalls with Strata Logging Service Integration Palo Alto Networks Cortex XDR Integration Radware Cloud DDoS Protection Service Integration |

No new customer-facing features or updates in this release.

No new customer-facing features or updates in this release.
Previous Release Notes
To view the Release Notes for previous releases, see Previous Release Notes for Cisco XDR.