Release Notes for Cisco XDR 2.44

Getting Started

No new customer-facing features or updates in this release.

Navigate Cisco XDR

No new customer-facing features or updates in this release.

Control Center

No new customer-facing features or updates in this release.

Incidents

Feature	Description	Help Topic
Display Settings drawer updates	The following updates have been made to the Display Settings drawer when you click the (Settings) icon in the incidents table: The previous Select columns drawer had been renamed to Display Settings. When you click Reset to defaults in the Display Settings drawer, it now resets the table column settings to its default values. Previously, it displayed all the columns in the incidents table.	Incidents
Attack graph updates	The following updates have been made to the attack graph in incident details: The Orientation icon has been replaced by the new (Layout) icon in the graph controls with the following menus: Organic, Lens, Structural, Radial, Sequential Down, Sequential Up, Sequential Right, and Sequential Left. The / (Group/Ungroup) icon has been added to the graph controls. Click the Group or Ungroup icon to group or ungroup the nodes on the graph based on node conditions, node count, and user selection.	Overview
Actions Taken panel update	The Actions Taken panel in the Node drawer now displays observable data for the remedial actions, if available.	Overview
Help update	The following update has been made to the Help: Updated the Incident Rules link to Incident Response Rules in the Assignment Rules topic.	Assignment Rules

Investigate

Feature	Description	Help Topic
Relations graph update	The previous Sequential menu option in the graph controls when you click the (Layout) icon has been updated to Sequential Down, Sequential Up, Sequential Right, and Sequential Left.	Relations Graph
Actions Taken panel update	The Actions Taken panel in the Node drawer now displays observable data for the remedial actions, if available.	Investigation Results

Intelligence

No new customer-facing features or updates in this release.

Automate

Feature	Description	Help Topic
Rate limits	To preserve resources and ensure the integrity and performance of the platform, the system is allowed to process up to 50,000 events within each 24-hour period. If 100% of the daily limit is reached, any excess event is rejected, and you receive a notification event in the event history and a system notification in the XDR header stating when the limit will be reset.	Automation Rules
Help updates	These updates have been made to the Help: Added a note about the upload and download activities to the File Operations topic. Added the size limits for emails to the Email Rule topic. Added the payload size limit for webhooks to the Webhook Rule topic. Added a link to Cisco XDR Connect to the Workflows topic.	File Operations Email Rule Webhook Rule Workflows

Feature

Description

Help Topic

Rate limits

To preserve resources and ensure the integrity and performance of the platform, the system is allowed to process up to 50,000 events within each 24-hour period. If 100% of the daily limit is reached, any excess event is rejected, and you receive a notification event in the event history and a system notification in the XDR header stating when the limit will be reset.

Automation Rules

Help updates

These updates have been made to the Help:

Added a note about the upload and download activities to the File Operations topic.
Added the size limits for emails to the Email Rule topic.
Added the payload size limit for webhooks to the Webhook Rule topic.
Added a link to Cisco XDR Connect to the Workflows topic.

Assets

Feature	Description	Help Topic
Google Chromebooks support	The Google Chromebooks third-party integration is now supported for device data on the Devices page.	Devices
Help updates	The following updates have been made to the Help: Added Google Chromebooks to the Sources topic. Renamed the VMWare Workspace One UEM integration to Omnissa Workspace ONE UEM in the Sources topic.	Sources

Feature

Description

Help Topic

Google Chromebooks support

The Google Chromebooks third-party integration is now supported for device data on the Devices page.

Devices

Help updates

The following updates have been made to the Help:

Added Google Chromebooks to the Sources topic.
Renamed the VMWare Workspace One UEM integration to Omnissa Workspace ONE UEM in the Sources topic.

Sources

Client Management

Feature	Description	Help Topic
Help updates	The following updates have been made to the Help: Added a note to the Create Deployment topic explaining that modules with a specific release version selected in a deployment will be disabled if the version has been deprecated. Added the Operating System and Architecture Support section to the Create Deployment topic.	Create Deployment

Feature

Description

Help Topic

Help updates

The following updates have been made to the Help:

Added a note to the Create Deployment topic explaining that modules with a specific release version selected in a deployment will be disabled if the version has been deprecated.
Added the Operating System and Architecture Support section to the Create Deployment topic.

Create Deployment

Administration

No new customer-facing features or updates in this release.

Integrations

Feature	Description	Help Topic
VMWare Workspace One UEM integration renamed to Omnissa Workspace ONE UEM	The VMWare Workspace One UEM integration has been renamed to Omnissa Workspace ONE UEM.	Cisco and Third-Party Integrations and Supported Capabilities
Google Chromebooks integration added to Integrations page	The Google Chromebooks integration has been added to the Third-Party tab on the Integrations page. Google Chromebooks run Google's Chrome OS, a lightweight operating system designed primarily for web-based applications that has cloud storage, the best of Google built-in, and multiple layers of security. The Google Chromebooks integration allows you to retrieve enrolled ChromeOS device's properties automatically from Google Cloud Platform providing visibility and detections for this device type.	Cisco and Third-Party Integrations and Supported Capabilities Google Chromebooks
Slack integration scopes updated on Slack integration page	The required scopes for the Slack integration on the Integrations page have been updated to include additional scopes needed for the notification feature. If you have an existing Slack integration configured, you must update the scopes for your Slack app to match the scopes listed for the Slack integration in Cisco XDR. After you update the scopes, you will need to reinstall the Slack app to your workspace to allow the new scopes to take effect. For details, including the updated scopes list, see the Integration Guide area on the Slack integration page in Cisco XDR.	—

Feature

Description

Help Topic

VMWare Workspace One UEM integration renamed to Omnissa Workspace ONE UEM

The VMWare Workspace One UEM integration has been renamed to Omnissa Workspace ONE UEM.

Cisco and Third-Party Integrations and Supported Capabilities

Google Chromebooks integration added to Integrations page

The Google Chromebooks integration has been added to the Third-Party tab on the Integrations page. Google Chromebooks run Google's Chrome OS, a lightweight operating system designed primarily for web-based applications that has cloud storage, the best of Google built-in, and multiple layers of security. The Google Chromebooks integration allows you to retrieve enrolled ChromeOS device's properties automatically from Google Cloud Platform providing visibility and detections for this device type.

Cisco and Third-Party Integrations and Supported Capabilities

Google Chromebooks

Slack integration scopes updated on Slack integration page

The required scopes for the Slack integration on the Integrations page have been updated to include additional scopes needed for the notification feature. If you have an existing Slack integration configured, you must update the scopes for your Slack app to match the scopes listed for the Slack integration in Cisco XDR. After you update the scopes, you will need to reinstall the Slack app to your workspace to allow the new scopes to take effect. For details, including the updated scopes list, see the Integration Guide area on the Slack integration page in Cisco XDR.

—

Ribbon and Pivot Menu

No new customer-facing features or updates in this release.

Resources

No new customer-facing features or updates in this release.

Release Notes for Cisco XDR 2.44

New Features and Updates

Previous Release Notes