Skip to content

Release Notes for XDR🔗

3.7 (July 10, 2025)🔗

Features

Docs

  • Sophos Endpoint Agent: Documentation for Sophos Endpoint Agent is now available. This feature is currently available by invitation only to select customers as part of an early access program.

3.6.36 (July 3, 2025)🔗

Features

Fixes

  • Advanced Search: Event queries filtered by schema now return accurate results.

3.6.35 (June 26, 2025)🔗

Features

  • IDR My Environment: On the My Environment page, the section formerly known as Users has been renamed Identities.

  • Open Findings in a New Tab: Findings Details pages can now be opened in new tabs.

  • Endpoint Agents Summary Table: Some enhancements have been made to the Endpoint Agents Summary table:

    • New Username filter

    • New optional table columns, including Health, Sensor Version, Users, and Created At.

    • The Health column replaces the Status column on exported CSV files.

Docs

  • Oracle Cloud: The Oracle Cloud doc has been updated with additional information for federated users.

3.6.34 (June 18, 2025)🔗

Features

  • Enhanced NDR Device Health and Performance Monitoring: NDR Device details in XDR have been enhanced with the following additional information:

    • The Health tab provides information on the outcome of health checks performed on the device.
    • The Charts tab displays visualizations of device performance.

  • Automations Configured Connections Filters: You can now search for configured connections by name and filter the Description and Tags columns.

Fixes

  • Notification Configurations: The Notification Configurations page displays only for tenants with relevant services as designed.

3.6.33 (June 12, 2025)🔗

Features

  • Automations Playbook Template Filters: Filters are available for Automations Playbook templates with various criteria.

  • Add Taegis™ NDR Bypass: A new Bypass tab in NDR Device details allows you to configure firewall rules that instruct the NDR Device to bypass the inspection engine for specified network traffic.

Fixes

  • Investigation Summary Report: The Investigation Overview funnel in the Investigation Summary Report now presents data correctly.

Docs

3.6.32 (June 5, 2025)🔗

Fixes

3.6.31 (May 29, 2025)🔗

Features

Fixes

  • Space Characters in Passwords: The system now properly supports internal space characters in user passwords as intended.

Docs

3.6.30 (May 22, 2025)🔗

Fixes

  • MITRE ATT&CK Charts in Custom Reports: Custom reports that include a pie chart using MITRE ATT&CK data no longer display an Unknown category and include a note explaining that the totals are counts of techniques and not counts of alerts.

  • Download Alert Flow Widget: The Alert Flow widget on Custom Dashboards now successfully downloads as PNG from the expanded view.

  • Time Frame on Custom Dashboards: Users with Viewer access to a Custom Dashboard can now adjust the time frame used for the widgets.

Docs

3.6.29 (May 15, 2025)🔗

Features

Fixes

3.6.28 (May 8, 2025)🔗

Features

Fixes

  • Playbooks with Duplicate Activities: When configuring certain playbooks, duplicate activities were present in the Configure Activities section, resulting in an error. This has been fixed.

  • Taegis MDR Dashboard in Japanese Language UI: Several display issues with the dashboard in the Japanese Language UI have been resolved.

  • IDR Findings Display Issue: The New label in finding details now displays correctly in dark mode.

  • IDR Identity Response Actions: Identity action menus were not loading response actions. This has been fixed.

Docs

  • Top Data Sources by Volume: Additional clarifying information has been added to the documentation for the Top Data Sources by Volume table.

3.6.27 (May 1, 2025)🔗

Features

  • My Dashboards: Users can now use Quick Links in My Dashboards to select pre-defined time windows beyond 30 days, including Last Month, Last Quarter, and Last Year views.

  • Automatic Investigations: Users can now view Rule Logs to view actions taken on an alert by Automatic Investigations, as well as any adjustments to rules and templates.

Fixes

  • Taegis XDR Trends Report: The Taegis XDR Trends Report now features accurate Japanese localization.

Docs

3.6.26 (April 24, 2025)🔗

Docs

3.6.25 (April 17, 2025)🔗

Features

  • Azure Government for Microsoft Defender Integration: For users opted in to Preview mode, Microsoft Defender integrations now support Azure Government tenants.

  • IDR Identity Details Credential Compromise Tab: Identity Details pages in IDR now have a Credential Compromise tab containing any breach data to which the identity is linked.

  • Notification Rules Supported Contact Methods: The Notification Rules table has been updated to display the contact methods supported by each rule.

Fixes

  • Alert Status Options: The correct alert status options now display when closing an investigation.

3.6.24 (April 10, 2025)🔗

Features

  • IDR My Environment Apps: Applications listed in the Apps view now have a selectable details page containing related findings and more.

  • Escalation Configurations: Points of Contact have been migrated from their previous tab to Escalation Policies.

Fixes

  • Custom Dashboards Create Report Error: Users opted in to Preview mode can now create reports from Custom Dashboards as intended.

Docs

  • Escalation Configurations: Documentation has been updated to reflect changes to Escalation Policies and the removal of the Points of Contact tab.

3.6.23 (April 3, 2025)🔗

Features

  • Data Ingress Chart: The Data Collector details summary now displays a Data Ingress graph within the Health section. This provides a recent history of the collector’s data flow over time.

Fixes

  • Persistent Alerts Filters: The Alerts table filters for “Include Options” (Custom Alerts, Triaged Alerts, OT Alerts) now persist even after navigating away from the page.

  • Identity Risk Posture Findings: Selecting a plot point within the Risk Posture Score Over Time graph produces a full list of findings that were either created, re-opened, dismissed, or resolved on the selected date, as intended.

  • Escalation Procedures: We have removed the field called Criteria/Attributes from the Escalation Procedures edit panel, as this is a read-only text box.

  • Completed Reports: The View All Completed Reports table again displays matching reports as intended.

  • HTML Tags in Comments: Basic HTML tags (such as <p>, <strong>, <ul>, and <ol>) now work as expected inside investigation comments.

  • Maintenance Windows: Maintenance windows for group policies were not aligning with your selected timezone. This has been fixed.

3.6.22 (March 27, 2025)🔗

Features

  • Taegis™ IDR Enhancements:

    • IDR users opted in to Preview mode can now integrate more than one Microsoft Entra ID Tenant from Identity Settings.

    • The Findings Table has been improved with additional filtering options:

      • Filter by First Seen and Last Seen time
      • Filter by the Reference Type of the finding (User, Application, Group, Tenant, or Device) to quickly view which objects have a related finding

    • You can now view which groups a user is part of from Identity Details pages.

  • Microsoft Entra Activity Reports Integration: Additional log types are now supported for ingestion and normalization.

Docs

  • Using the Countermeasures API: Additional information on the types of lists available via the API has been added.

  • Getting Started with the Endpoint Assets API: Examples for using the Endpoint Assets API are now available.

  • Taegis MDR Service Name Update: Documentation has been updated to reflect the service name change from Managed XDR to Taegis MDR.

3.6.21 (March 20, 2025)🔗

Features

Fixes

  • Explore Related Entities: In certain instances, the Explore Related Entities button when viewing alerts would not produce the intended results. This has been fixed.

  • Identity Term Optimizations: Identity is renaming a few fields for clarity:

    • Breached Sources → Sources
    • Plaintext breaches → Plaintext Passwords
    • Hash breaches → Hashed Passwords
    • Breached Email Accounts → Emails
    • High Profile Account Leaks → Admin Emails
    • Unique Passwords Breached → Unique Passwords

Docs

  • NDR Virtual Device Requirements: NDR Virtual Device requirements have been updated.

  • Microsoft Defender ATP Integration Guide Update: The integration guide for Microsoft Defender ATP has been updated.

3.6.20.1 (March 14, 2025)🔗

Features

  • Endpoint Agents Status Labels: We've made some improvements to several columns and filters on the Endpoint Agents Summary table:

    • The Last Seen column has been replaced by the Last Active column. If data was seen in the last 15 minutes, then it is considered active Now; if it was over 15 minutes ago, this field displays how long ago XDR received data (e.g. 3 days ago).

    • On the Agent Status Options table filter, instead of filtering by all agents seen in the last 30 days, you can now select Show Active Agents (those seen in the last 15 minutes) and Show Healthy Agents (those seen in the last 15 minutes to 30 days).

    • The Connection Status column, related to Taegis Endpoint Agents, has been removed from the summary table. It is still available in the summary table filters and the agent details page, however.

3.6.20 (March 13, 2025)🔗

Features

Fixes

3.6.19 (March 6, 2025)🔗

Features

  • Taegis Detection Browser: Users opted in to Preview mode can now access Detection Browser to view the full list of Taegis detectors and countermeasures and details of each.
  • EDR OCSF Integration: Users opted in to Preview mode can now configure an integration of an EDR product using the industry-standard OCSF data format.
  • Enhanced Email Notifications: Data Collector and Data Source Health email notifications were recently enhanced with additional details and troubleshooting information.

Fixes

  • Endpoint Agent Coverage Widget: The label coloring for the widget on the Security Posture Dashboard in dark mode has been fixed to improve readability.
  • Identity Details Activity Log: Event data found on the Activity Log tab of Identity Details was not loading in certain circumstances. This has been fixed.
  • Investigation Comments Truncated: The use of certain special characters in investigation comments were causing the comments to be truncated. This has been fixed.

3.6.18 (February 27, 2025)🔗

Fixes

  • Delete Dashboard Menu Option: The Delete Dashboard option in My Dashboards was missing from the Actions menu. This has been fixed.
  • Advanced Search Aggregate Function: An issue with the aggregate function not displaying results of event searches in Advanced Search has been fixed.

3.6.17 (February 20, 2025)🔗

Features

Fixes

  • Response Times: The Response Time widget on the MDR Dashboard was incorrectly calculating units as minutes instead of seconds. This has been fixed.

3.6.16 (February 13, 2025)🔗

Features

  • Identity Posture Check Preferences: Identity Settings now features a Posture Check Preferences tab, where you can view and configure posture checks within IDR.
  • Bulk Uninstall Taegis Endpoint Agents in XDR: The process to bulk uninstall Taegis Endpoint Agents in XDR has been enhanced with an added confirmation step to ensure the action is intentional.
  • IDR Group Details: Groups in Taegis™ IDR now feature a Details page with group metadata and associated identities.

Fixes

  • Error Adding User to Scheduled Report: An error displayed when attempting to add a new user to receive a scheduled report. This has been fixed.
  • Creating Playbook from Older Template Version: Selecting an older version of a playbook template to create a new instance now works without error.
  • Taegis MDR Dashboard Response Time Values: Response time values on the Taegis MDR Dashboard were displaying incorrect units. This has been fixed.

Docs

3.6.15 (February 6, 2025)🔗

Features

  • Export IDR Credential Compromise Data: Exporting data is now available from the Identity Credential Compromise page.

Fixes

  • Identity Finding Status Update: Altered Finding statuses would not consistently update when changing the Finding status until the page was refreshed. This has been fixed.

Docs

  • Taegis Documentation Site Migration: The Taegis Documentation site will be migrating to a new site and URL next week. A site-wide redirect will be in place on the original site to avoid any access issues. The new site comes with several enhancements, such as better search, tagging, appearance, usability, and mobile support. Please update your bookmarks to https://docs.taegis.secureworks.com.

  • Microsoft Defender ATP Integration Guide Update: The Microsoft Defender ATP Integration Guide has been updated.

  • Self-Service Demo Tenant Documentation: A guide for launching an XDR trial tenant is now available for prospect customers.

3.6.14 (January 30, 2025)🔗

Features

  • IDR Device Details: Devices in Taegis™ IDR now feature a Details page, allowing users to view further information for devices recorded in My Environment.

  • Taegis Endpoint Agent Group Policy Updates: The Taegis Endpoint Agent Group Policy page now provides a filterable table view of configured group policies.

Fixes

  • Login Session Timeouts: The MFA login process timeout has been increased to allow a longer period of time before email MFA codes expire before using them.

  • Scheduled Report Creation in Japanese Language UI: Scheduled Custom Reports created in Japanese Language UI now work as expected.

  • Custom Automations Connector Builder: Edits to an existing custom Automations Connector can now be published as expected.

  • Escalation Policy Documentation Link: A broken link to the documentation for Escalation Policies has now been fixed.

3.6.13 (January 23, 2025)🔗

Features

  • Identity Credential Compromise: The new Identity Credential Compromise page lets you explore all historical breach data that we have collected based on your Configured Domains.

Fixes

  • Group Policy Sorting: Sorting the group summary table by group policy name now works as intended.

3.6.12 (January 16, 2025)🔗

Features

  • New Custom Connector Authentication Option: Azure Client Certificate is now an option for authentication when creating a custom connector.

Fixes

  • XDR Trends Report Critical Alert Count: The XDR Trends Report now displays the correct count of critical alerts in the Critical and High Alert Volume: Period Comparison chart.

  • Playbook Execution Chart Timestamps: Timestamps on the Playbook Executions chart in configured playbooks did not align with the correct execution count when viewing certain time periods. This has been fixed.

3.6.11 (January 9, 2025)🔗

Features

  • Escalation Policies: More than three contacts can now be defined for Taegis MDR SOC Escalation Calls. Existing Points of Contact have been migrated to the new default escalation policy. Customers can view and compare these policies by navigating to Tenant Settings > Notification Configurations from the Taegis Menu.

  • Identity Findings History: Findings now show a History tab containing Finding activity such as the new Closed By and Closed At fields tracking when a finding was closed and by whom.

Fixes

  • Playbook Editing: Under certain conditions, playbook drop-down selections could not be made. This has been fixed.

  • Alert Triage Dashboard Date Picker: Under certain conditions, the date picker would cause an error on the Alert Triage Dashboard. This has been fixed.

Docs

  • Agent Migrator Script Updates: The PowerShell Agent Migrator script that aids in the migration from Red Cloak Endpoint Agent to Taegis Endpoint Agent has been updated to version 2.5.

  • Custom Parser Documentation Refresh: The Custom Parser Documentation has been enhanced with up-to-date instructions, examples, and additional images.

3.6.10 (December 18, 2024)🔗

Features

  • Filter Event Searches by Alerts: Both the Advanced Search Query Language and the Advanced Search Builder now allow you to filter event searches based on the presence of alerts. Use the syntax alert.resource_id to identify events that have triggered alerts.

  • Download PNG of Identity Risk Score: You can now export the Identity Risk Posture Score line graph as a .PNG file.

  • MITRE ATT&CK Alert Heatmap Widget: For users opted into Preview mode, a new My Dashboard widget is available. The MITRE ATT&CK Alert Heatmap widget helps identify the most commonly observed MITRE ATT&CK techniques across all alerts and allows for quick filtering of alerts by technique.

  • Horizontal Stacked Bar Chart: For users opted into Preview mode, you can now create custom reports using the horizontal stacked bar chart, which is appropriate for observing a part-to-whole trend of multiple series of data.

  • Snowflake Integration: For users opted into Preview mode, XDR can now ingest and normalize logs from Snowflake.

  • IDR Increases Monitored Primary Domains: The number of primary domains to be monitored with IDR has increased from 5 to 20.

Fixes

  • Investigation Summary Funnel Chart: The funnel chart on the Investigation Summary Report is displaying consistently again.

3.6.9 (December 12, 2024)🔗

Features

  • Identity Risk Posture Score Page Column Preferences: Column preferences made on the Identity Risk Posture Score page now save to your user preferences and persist across sessions.

  • Export Users from Identity My Environment: You can now export the full or filtered list of users from the Identity My Environment page to CSV.

  • Automation Actions Design Improvements: The Automation Actions page has been improved with tabs for configured actions and available actions, which can now be filtered by category.

  • Playbook Execution Task Details: Each detailed view of a task within a Playbook Execution now contains Input and Output tabs that display the JSON values from that specific task.

Fixes

  • Python SDK Authorization: Authorization to the Python SDK now works as expected.

  • Missing Horizontal Scrollbar: The horizontal scrollbar now appears as designed in Advanced Search results and the Related Alerts and Events Timeline view.

  • Investigation Comment Mentions: Investigation comment @mentions default to the appropriate @secureworks value for customers.

  • Endpoint Agent Groups Table Sort: The column sort function now works correctly on the Agent Groups Summary page.

  • Investigations Error Message: A No Investigations Found error message persisted even when filters were updated and matching investigations were found. This has been fixed.

  • Cloud API Export: The Status column in CSV exports of the Cloud API page now populates with accurate data.

  • Endpoint Agents Downloads: Intermittent access issues to the Endpoint Agents Downloads page using Firefox have been fixed.

  • Custom Date Picker Time: The custom date picker throughout XDR now uses the time at which the end date selection is made rather than the time the page was last refreshed in the browser.

3.6.8 (December 5, 2024)🔗

Features

  • Affected Entities Alert Section: Alert details now include an Affected Entities section displaying Threat & At-Risk Entities and Affected Agents.

  • Alert Details Header: Alerts now have a persistent Alert Details Header containing a dropdown to select alert Status and fields that display the Status Reason and any investigations the alert is added to.

  • Filtering and Sorting in Investigation Events Tab: Events added to an investigation can now be filtered and sorted within certain columns for detailed triage.

Fixes

  • Japanese Language Advanced Search Content: The descriptions of Advanced Search terms in the Japanese version of Secureworks® Taegis™ XDR have been edited to align with the detail provided in the English version.

  • Taegis Endpoint Agent CSV Export: CSV exports of Taegis Endpoint Agent Groups would display incorrect Agent Release Channel details.

Docs

3.6.7.1 (November 27, 2024)🔗

Docs

3.6.7 (November 21, 2024)🔗

Features

  • Identity Risk Posture Score Page: A new Identity Risk Posture Score Page is now available for IDR customers to track how the Posture Score is changing over time.

  • Identity Details Insights Tab: IDR customers can now adjust the period used in the Open Alerts section of the Identity Details Insights tab.

  • Integrate Cisco Umbrella via a Cisco-Managed S3 Bucket: Cisco Umbrella can now be integrated with XDR via a Cisco-managed S3 bucket in addition to the current transport path that leverages a customer-managed S3 bucket.

Fixes

  • Schema Fields Not Displaying: Schema fields now correctly display in the Advanced Search Schema Browser.

Docs

  • Log In to XDR: Log In to XDR has been updated to support the authentication provider migration. The legacy content is still available for users who have not yet been invited to migrate their account.

  • Power BI for XDR: The Power BI template and instructions have been updated to assist users with advanced reporting capabilities.

  • API Credential Creation Scripts: The API authentication documentation has been updated with new scripts to assist users in API credential creation.

  • Taegis Endpoint Agent Changelog Presentation: Taegis Endpoint Agent Changelog has been improved by moving any interim pre-Production Stable release versions to a collapsed section at the end of the associated Production Stable note. Click to expand those sections to view the previous versions that were not promoted to Production Stable.

3.6.6 (November 14, 2024)🔗

Features

  • Authentication Provider Migration: A new login screen has been introduced this week in Taegis as part of the upcoming transition to a new authentication provider that affects all tenants. To accommodate this transition, specific actions are required for every tenant depending on the tenant's authentication type. These actions must be completed after November 11th and before the end of December.

  • If you have Single Sign On (SSO), a Tenant Administrator needs to make a change on behalf of the entire tenant.

  • If you use a Password paired with Multi-Factor Authentication (MFA), each tenant user will need to re-verify their credentials using the new system.

  • Identity Findings Table Enhancements: The Identity Findings page can now be filtered by Display Name and Finding Title. Additionally, the Identity Findings table now includes more columns such as Last Seen and Last Modified.

  • Identity My Environment Sort: A new sort option is available for the My Environment table to quickly find identities with the oldest password age.

  • Add an Integration Enhancements: The Add an Integration page now displays available integrations as Optimized or Custom.

Fixes

  • Investigation Summary Funnel: When new data is retrieved for the Investigation Summary Funnel, the vertical funnel values did not change. This has been fixed.

  • Deprecated Playbooks: A warning banner now displays if a user is using a deprecated playbook version.

  • Investigation Code Blocks: The code blocks were not rendering properly within Investigation Summaries. This has been fixed.

  • Contact Phone Number Extensions: Phone numbers with extensions were not displaying correctly. This has been fixed.

3.6.5 (November 8, 2024)🔗

Features

  • Playbook Template Deprecation: You can now deprecate playbook templates and playbook template versions when there is a newer alternative available. For more information, see Deprecate a Playbook Template and Deprecate a Playbook Template Version.

  • Event Preview from Identity Details: When viewing the Activity Log on an Identity Details page, you can now preview the events in a side panel before opening them in a new tab. For more information, see Activity Log Tab.

  • Bring Your Own Threat Intelligence: The Bring Your Own Threat Intelligence (BYOTI) Detector and related integrations have left Preview mode and are now generally available. See the links below for more information:

  • BYOTI Detector

  • AlienVault OTX
  • Anomali
  • TAXII 2.1

Fixes

  • Automatic Investigations: The per-page count on the Automatic Investigations table now persists as expected.

3.6.4 (October 31, 2024)🔗

Features

  • New AI Features in Preview: Secureworks® Taegis™ XDR now features generative AI capabilities in Alerts for users opted in to Preview mode. For more information, see Alert Details.

  • Alert Analysis: AI Alert Analysis provides easy-to-understand summaries and context for alerts, helping analysts quickly investigate and respond.

  • Detection Logic Explanation: The Detection Logic Explainer summarizes the detection logic behind Taegis Watchlist alerts.

  • Command Line and Scriptblock Explanation: This feature translates complex command lines and Scriptblocks into clear, readable language, simplifying analysis.

  • NDR Device Maintenance Windows: For customers with an NDR Device, the ability to configure a maintenance window that fits your schedule is now generally available. For more information, see NDR Device Maintenance Tab.

Fixes

  • Taegis Agent File Analysis Settings: Taegis Endpoint Agent File Analysis policy settings now display correctly in the Groups table view.

3.6.3 (October 24, 2024)🔗

Features

  • Customize Taegis Actions Name and Description: You can now customize the name and description when adding or editing Taegis Actions. For more information, see Taegis Actions.

  • Export Entities from Investigations: You can now generate a CSV export of all or selected entities from the Entities sub-tab of an investigation's Evidence tab. For more information, see Investigation Evidence.

  • Export Identity Findings: IDR customers can now generate a CSV export of findings from the Identity Findings table. For more information, see Identity Findings Table.

  • Update Cloud API Integration Parameters: Additional Cloud API integrations now support certain parameter updates via XDR. For more information, see Cloud API Integration Update Overview.

Fixes

  • Event Volume by Type Formatting: The Event Volume by Type in the Investigation Summary Report is now correctly formatted as a distinct count rather than as bytes.

  • Delete Cloud API Integration: The Cloud API Integrations table now displays the Delete action only for authorized user roles.

  • Custom Rule Circuit Breaker: The circuit breaker message now displays as intended for Custom Rules that exceed the maximum amount of created alerts.

3.6.2 (October 17, 2024)🔗

Features

  • NDR Device Maintenance Windows: For customers with an NDR Device who have opted in to Preview mode, you can now configure a maintenance window that fits your schedule for future maintenance. For more information, see NDR Device Maintenance Tab.

  • Identity Enhancements: For IDR customers, we’ve made enhancements to several Identity pages, including tooltips around the My Environment page and clearer labels on Identity Details graphs. See Identity documentation for more information.

  • Taegis Endpoint Agent Group Policies and Tamper Protection: Group Policies and the Tamper Protection setting have left Preview mode and are now generally available. For more information on this enhancement, see the Enhancements to Taegis Endpoint Agent Groups and Settings Knowledge Base article.

  • Automations Enhancements: The following features and enhancements to Automations are now available:

  • Use CEL Explorer to test CEL expressions against a specific type of input so that you can see the outcome of the expression for use in your configurations. For more information, see CEL Explorer.

  • The Playbook Template Steps view was enhanced with a refreshed design that supports drilling into steps to view details and code subsets, tooltips to view conditions, and the ability to expand and collapse a code segment with an iteration or branch. For more information, see Template Steps.

  • Simplified Automation Actions are now generally available to configure response and enrichment actions with just a few clicks. For more information, see Taegis Actions.

  • Provider Exclusion for Microsoft Graph Security Integration: The Microsoft Graph Security integration has been enhanced with Provider Exclusion, which allows you to choose Providers you wish to exclude from log collection. For more information, see the Microsoft Graph Security Alerts Integration Guide.

Fixes

  • Tagging Secureworks in Comments: Investigation comments tagging @secureworks now alert the Secureworks team consistently.

  • Deleting Cloud APIs: Deleting Cloud API integrations has been restricted to Tenant Admins, as intended.

Docs

3.6.1 (October 10, 2024)🔗

Features

  • Taegis Endpoint Agent Group Policies: Group Policies, now available in Preview mode, consolidate all Taegis Endpoint Agent settings into policies that are assigned to groups. No action is required, as your configuration has been automatically transitioned to group policies that we recommend you review. At initial launch, your current configuration can only be edited in group policies due to the data migration needed for the enhancements. To review or alter your settings, ensure you are in Preview mode, and see Group Policies. For more information on this enhancement, see the Enhancements to Taegis Endpoint Agent Groups and Settings Knowledge Base article.

  • View CTU Publications from Alerts: For users opted into Preview mode, alert details now display a link to Secureworks Counter Threat Unit™ (CTU) publications if the alert is associated with a CTU-published Malware Family or Threat Group. For more information, see Alert CTU Publications.

  • Access Entity Graph from Alerts: You can now access Entity Graph from alert details to explore the entities and relationships associated with the alert. For more information, see Explore an Alert in Detail with Entity Graph.

  • Symantec Endpoint Protection Integration: XDR can now ingest and normalize logs from Symantec Endpoint Protection. For more information, see the Symantec Endpoint Protection Integration Guide.

Fixes

  • Investigation Summary Report Formatting: The Investigation Overview funnel chart formatting has been updated to prevent issues with displaying larger values.

Docs

  • Cloudflare Integration Guide Updated: Additional guidance has been added to the Cloudflare Integration Guide to make configuration easier.

3.6 (October 10, 2024)🔗

Features

  • New Navigation Experience: We are pleased to announce a new and improved navigation experience in Secureworks® Taegis™ XDR that simplifies navigation and includes a new section on Taegis Solutions for Secureworks customers. The redesigned experience relocates everything from the top menu bar to the Taegis Menu. Now you can find Quick Search, tenant information, core Taegis platform areas, notifications, help, documentation, your profile, and live chat all on the left side of the application.

    Notable changes include:

    • The Tenant Display provides information about your tenant, your user role, and the tenant's subscribed services.
    • For multi-tenant customers, an optimized Switch Tenant experience is available.
    • The navigation options remain the same, while Automations move above Endpoint Agents, and Reports and Downloads move above Tools.
    • Two pages move from Tenant Settings: Rules can now be found under Alerts, and Auto Investigations can be found under Investigations.
    • Introducing the Taegis Solutions section for Secureworks customers, containing IDR, NDR, VDR, and Taegis MDR.

    For more information, see our Navigation documentation.

3.5.5 (October 3, 2024)🔗

Features

  • IDR Alert Enrichment: For IDR customers, alerts with applicable identity information are now correlated and enriched with user information collected with the IDR module. For more information, see IDR Findings.

Fixes

  • Investigation Hard Refresh: The Investigation Alerts table would show alerts inconsistently upon a hard refresh. This has been fixed.

  • Report Builder Templates: Under certain conditions, the Report Builder would fail to load a template. This has been fixed.

  • Draft Investigation Assignment: An investigation could not be reassigned while the investigation was in draft status. This has been fixed.

Docs

  • IDR Integration Guide Updated: Values in the JSON code block for Azure permissions have been updated to make configuration easier.

3.5.4.1 (September 27, 2024)🔗

Features

  • Automations Improvements: The following improvements have been made to Automations in XDR:
  • CEL Syntax Helper: A CEL Syntax Helper displays where applicable to provide common CEL expression examples for automation configurations, making it easier to configure filters for playbooks and actions.
  • Playbook Configuration: Playbooks now only allow configuration of options that are supported by the playbook template, reducing misconfiguration of more complex playbooks. Unsupported options are greyed out and cannot be configured.

For more information, see Automations Overview.

  • Simplified Automation Actions: Users opted in to Preview mode can now configure response and enrichment actions with just a few clicks. Choose from over a dozen currently available actions, with additional actions scheduled to be released every quarter. For more information, see Taegis Actions.

Docs

3.5.4 (September 26, 2024)🔗

Features

  • Assign Investigations by Email Address: When assigning investigations, you can now search for a user by their email address, in addition to by their name. Start typing their email to narrow down the matching list. For more information, see Hand Off an Investigation.

Fixes

  • Playbook Execution History: We have made improvements to address issues with playbook execution caching and pagination.

3.5.3 (September 19, 2024)🔗

Features

  • Set Identity as Landing Page in XDR: You can now select the Identity section of XDR as your landing page in User Profile & Settings. For more information, see Customize Your View.

  • Data Collector Performance Graphs Improved: The resolution of Data Collector Performance graphs has been increased to more clearly display graph details. For more information, see Manage Data Collectors.

  • Points of Contact Moved from Tenant Profile: The Points of Contact section used for security escalations has been moved from Tenant Profile to a new Notification Configurations page under Tenant Settings. For more information, see Notification Configurations.

Fixes

  • Netflow Event Addresses Reversed: Inbound Netflow events from endpoint agents now display the correct local and remote addresses.

  • Playbook Instance Configuration: When editing a playbook instance, the configuration now consistently displays in the Activity Connections section.

  • Trends Report Investigation Overview Values: Values in the Investigation Overview funnel graph of the Trends Report are now consistent with the values in the same graph of the Investigation Summary Report.

Docs

  • Getting Started with Taegis Endpoint Agent: A new Getting Started with Taegis Endpoint Agent guide is now available to help you get started with our latest endpoint security solution.

  • Red Cloak End of Support Customer Notice: The Red Cloak End of Support customer notice is now available with information on our endpoint protection evolution and resources for migration.

  • Cloud API Integration Update Overview: The Cloud API Integration Update Overview has been updated with additional Cloud API integrations that support certain parameter updates via XDR.

3.5.2 (September 12th, 2024)🔗

Fixes

  • Adding NDR Device HOME_NET Entries: The Add Row button now works correctly when populating NDR Device HOME_NET entries.

  • Archiving Multiple Investigations from Table: The Actions button now includes an option to archive when selecting multiple investigations.

  • Custom Parser Field Values Not Displaying in Search: Custom Parser field values now display when queried in Advanced Search.

Docs

  • IDR Configuration Documentation and FAQ Updates: The configuration instructions for Taegis™ IDR have been updated for clarity and additional FAQ details have been added. For more information, see IDR Integration Guide and IDR Overview.

3.5.1 (September 5, 2024)🔗

Features

  • Playbook Execution Inputs, Outputs, and Target Resource: You can now view a JSON of the inputs and outputs of a specific playbook execution when drilling down into its details. On the same view, there is now a link to the Target Resource where applicable. For more information, see View Playbook Executions and Failures.

  • Cloud API Integration Update: The Cloud API Integration Update feature allows you to update select configuration parameters of supported and existing Cloud API Integrations. For example, this feature can be leveraged for certificate updates, private key updates, or for renaming an existing integration. For more information, see Cloud API Integration Update Overview.

Fixes

  • Investigation Comments: Improvements to the commenting system in Investigations ensure users are correctly notified of any @ mentions.

  • Column Resizing: In some tables, when new data loaded during infinite scroll, column width preferences were reverting to default. Resized columns now persist.

  • Items Per Page: The Items per Page preference that you select on tables (i.e., changing from 25 to 100 items per page) now persists even if you navigate away from the page.

  • Scriptblock Events: Some scriptblock event details were not loading. This has been fixed.

Docs

3.5 (September 3, 2024)🔗

Features

  • Taegis™ IDR is now available: Taegis™ IDR is a software add-on module that helps improve your security posture by continuously monitoring for identity risks and misconfigurations while providing dark web intelligence on compromised credentials. With IDR, you will receive a list of prioritized findings and an Identity Risk Posture rating based on your current exposures within minutes of setup.

For more information, start with our Identity Overview and check out this new feature in app by selecting Identity in the navigation menu.

3.4.16 (August 29, 2024)🔗

Features

  • Request to Fetch File for Analysis: From within Alerts and Events, you can now request to fetch file information which will populate in the relevant Alert details. For more information, see File Details.

Fixes

  • Data Sources Table Filters: In some environments, the Data Sources table filters did not filter according to the user's selection. This has been fixed.

  • Investigations Table Column Size Preference: The Investigations table column sizes would reset after a refresh when resized. This has been fixed.

  • Entity Graph Node Details Empty Upon Collapsing Table Drawer: When collapsing the table drawer for a selected node, the entity details appeared empty even after reselecting the node. This has been fixed.

  • Hostname Link in Entity: When selecting the hostname hyperlink within a host entity, an error would be returned. This has been fixed.

  • Advanced Search 'Time Ago' Calculation Incorrect: The 'Time Ago' column in Advanced Search was not properly calculating time. This has been fixed.

Docs

  • XDR Python SDK Proxy Configuration: Documentation detailing proxy configuration for Secureworks® Taegis™ XDR Python SDK is now available.

3.4.15 (August 22, 2024)🔗

Features

  • Microsoft Azure Flow Logs Integration: XDR can now ingest and normalize flow logs from Microsoft Azure Network Watcher. For more information, see the Flow Logs from Microsoft Azure Network Watcher Integration Guide.

  • Investigation Table Filters: Two new filters have been added to the Investigations summary table: Created and Updated. Use the date/time pickers to set a specific time or a range for matching investigations. For more information, see Filter Investigations.

  • Entity Enrichment: The panel that displays entity enrichment data on an investigation has been improved to better display larger data sets. For more information, see Entities.

Fixes

  • Deprecated Fields in Advanced Search Builder: Some saved searches that pre-date the Advanced Search Builder enhancements may contain deprecated fields. The Builder now alerts you if a field needs to be replaced. For more information, see Advanced Search Builder.

Docs

3.4.14 (August 15, 2024)🔗

Features

  • Trends Report is Now Available: The Trends Report, which displays trending insights on alerts, investigations, and data usage on demand, is now generally available. See Trends Report for more information.

  • Palo Alto Prisma Access Integration: XDR can now ingest and normalize data from Palo Alto Prisma Access. For more information, see the Palo Alto Prisma Access Integration Guide.

Fixes

  • Audit Log Chart Error: If no results are found in an Audit Log search, the chart would display an error. This has been fixed.

  • Investigation Filter Error: Searching for specific assignees on the Investigations page would sometimes yield no results. This has been fixed.

Docs

3.4.13 (August 8, 2024)🔗

Features

Fixes

  • Alerts Not Updating on Endpoint Details Refresh: The Refresh action on Endpoint details pages was not updating the alerts table. This has been fixed.

  • Investigations Filters Not Working in Preview: A bug has been fixed where certain filters on the Investigations page were not working in Preview mode.

  • Red Cloak Endpoint Agent Isolation Status Incorrect: In some instances, the isolation status for Red Cloak Endpoint Agents was stuck in an incorrect state. This has been fixed.

Docs

  • Using the Notifications API: Documentation has been added that reviews how to update notification preferences of other users via API. For more information, see Using the Notifications API.

  • Troubleshoot Blocked User Account Issues: Guidance for troubleshooting blocked XDR user accounts is now available.

  • Professional Services Custom Automation Services: A new document reviewing the Secureworks® Professional Services team's Custom Automation Services is now available. For more information, see Custom Automation Services.

3.4.12 (August 1, 2024)🔗

Features

  • Playbook Executions Graph Enhancements: The Playbook instance details graph is now presented in a bar chart, includes additional execution states ('started,' 'timed out,' 'canceled'), features updated color coding for 'timed out' executions, and displays whole numbers on the y-axis. For more information, see Playbook Executions.

Fixes

  • Investigations Filters Not Working: On the Investigations page, the Creator and Assignee filters were not working as expected. This has been fixed.

  • Incorrect Response Times in XDR Trends Report: In the XDR Trends report, response times were displayed incorrectly. This has been fixed.

Docs

  • Data Source Integration Enhancements: Integration documentation has been enhanced with better presentation of all available options to integrate your data sources into XDR:

  • Within the Integrate with XDR folder in the docs side navigation, the Forward Data to XDR folder has been renamed Add Data Sources.

  • Within Add Data Sources, a new Custom Integrations folder has been added with docs that review available custom transport methods that can be used for custom integrations.
  • New folders have been added for docs for each main cloud provider: AWS, Azure, and Google Cloud Platform (GCP).
  • A new section has been added to the Glossary with terms related to integrating data sources.

For more information on integrating data sources, see Data Sources in the Integration Overview.

3.4.11 (July 25, 2024)🔗

Fixes

  • Custom Dashboards Export Data: The ability to export data for Custom Dashboards in CSV or JSON was missing. This has been fixed.

  • Alert Volume by Sensor Type Report Fix: For certain report types, no data would be shown even when data is available. This bug has been fixed.

Docs

  • PowerBI for XDR Updates: The guide for using PowerBI for XDR has been updated with new features. Further, important fixes are available in the latest version of the Power BI integration for XDR. For more information, see the Power BI for XDR changelog for full change details.

3.4.10 (July 17, 2024)🔗

Features

  • Create Multi-Event Queries with Advanced Search Builder: Advanced Search Builder now supports multi-event queries, enabling more robust data analysis and reporting from Builder. For more information, see Advanced Search Builder.

  • Secureworks® Taegis™ MDR Plus: Taegis MDR Plus is now available as a new service level option of Taegis MDR. For more information, see Secureworks® Taegis™ MDR Plus.

  • Bulk Remove Tags from Endpoints: You can now bulk remove tags from one or more endpoints at once from the Endpoint Agents Summary table. For more information, see Bulk Remove Tags from Multiple Endpoints.

Docs

3.4.9 (July 11, 2024)🔗

Features

  • Improved Mobile App Table View: The improved Mobile App table view on the Alerts and Investigations pages has left Preview mode and is now generally available. For more information, see Optimize the XDR Mobile App View.

  • Taegis XDR Trends Report Template : For users opted in to Preview mode, you can now create an XDR Trends Report of aggregate data on investigations, alerts, and data usage from a predefined template. For more information, see XDR Trends Report.

  • Automated Enrichment via Playbooks: Enrichment Actions can now be configured to connect external tools to pull in additional information into Alerts or Investigations. Further, custom playbooks can be built and leveraged for data enrichment to perform external analysis such as using ChatGPT to explain elements of an investigation or alert using customized prompts. See this Knowledge Base article for configuration steps.

Fixes

  • Entity Graph Alert Selection: Manually selecting Entities and Relationships would automatically select Alerts too even if not manually selected. This has been fixed to reflect the expected behavior.

Docs

  • Integrate Qualys with VDR for Ingest into XDR's Vulnerabilities Feature: VDR can ingest Qualys data that will populate Vulnerability information in XDR when applicable. More information is here and the set up guide is here.

3.4.8 (June 27, 2024)🔗

Features

  • Entity Graph Now Available: Entity Graph is now generally available to all users. This powerful addition to our XDR platform provides enhanced visibility with a live, visual representation of entity relationships. Explore related entity activity and add relevant alerts and events to investigations to simplify investigative and decision-making processes. For more information, see Explore an Investigation in Detail with Entity Graph.

  • Microsoft Azure Data Sources Added: XDR can now ingest and normalize data from Azure Firewall, Azure Front Door, and Azure Application Gateway via Azure Event Hubs.

  • Taegis Endpoint Agent Maintenance Windows: Maintenance windows, now generally available, allow you to limit when automatic updates for the Taegis Endpoint Agents assigned to a group could occur. For more information, see Maintenance Windows.

Fixes

  • Custom Alerts on Endpoint Agents: The alerts table of an endpoint agent details page did not display custom alerts in the list as expected. This has been fixed.

  • Roles & Permissions Exports: Exported CSV and XLS files from the Roles & Permissions page were not formatted clearly. This has been fixed.

  • Unknown Hostnames in Reports: There was a discrepancy in the Alert Summary Report between the count of alerts generated from an unknown hostname and the count of the alerts whose hostname is NULL. This has been fixed.

3.4.7 (June 20, 2024)🔗

Features

  • Improved Mobile App Table View: For users opted in to Preview mode using the Mobile App, a new option has been added to tables on the Alerts and Investigations pages to better present this data on mobile device screens. For more information, see Optimize the XDR Mobile App View.

Docs

  • Professional Services API Reporting: The Secureworks® Professional Services team have released a new offering to support unique reporting needs via the XDR API's. For more information, see API Reporting.

Fixes

  • UserID Alert Entity Enhancements:
  • Thirdparty Alerts containing a UserID field will now populate a UserID Alert entity instead of the userName entity.

  • Username event fields will no longer populate multiple username Alert entities, and instead populate only the corresponding Source or Target type.

  • @user Logical Type Improvements: The @user logical type will now cover sourceUsername and targetUsername fields across relevant schemas.

  • Investigation Comments via API: Investigation comments pulled via API displayed random characters. This has been fixed.

  • User Admin Summary Report Fixes: The User Admin Summary report now displays the roles of active users, and correctly displays deactivated users as inactive.

  • Taegis MDR Dashboard Initial Access Vectors Value: The Taegis MDR Dashboard Initial Access Vectors widget displayed odd results and values. This has been fixed.

3.4.6 (June 13, 2024)🔗

Features

  • Taegis Endpoint Agent Maintenance Windows: For users opted in to Preview mode, you can now create maintenance windows to limit when automatic updates for the agents assigned to a group could occur. For more information, see Maintenance Windows.

  • Taegis Endpoint Agent Tamper Protection: For users opted in to Preview mode and with a supported agent version, Tamper Protection adds a layer of security around the manual removal of agents from user systems. For more information, see Tamper Protection.

Docs

  • Amazon AWS Lambda Update Guide: A new guide provides instructions for updating the XDR Lambda function used in integrations such as Amazon AWS. For more information, see Amazon AWS Lambda Update.

Fixes

  • Automated Calls for High-Severity Investigations: Some high-severity investigations did not trigger automated call alerts as expected. This has been fixed.

  • Closed Investigation Alert Labels: After closing an investigation, some related alerts were not accurately labeled according to the documentation. This has been fixed.

  • Report Creator Name: The creator's name wasn’t appearing on some reports. This has been fixed.

  • Microsoft Graph API Connection: The "Test" button was missing from the Microsoft Graph API connection Config section. This has been fixed.

3.4.5 (June 6, 2024)🔗

Features

Fixes

  • Incorrect Data Source Link: Selecting a data source from the Health section of Data Collector details would sometimes lead to an incorrect source. This has been fixed.

3.4.4 (May 30, 2024)🔗

Features

  • Stolen User Credentials and Impossible Travel Detectors: The Stolen User Credentials and Impossible Travel Detectors are now available in XDR and supersede the previous Stolen Credentials Detector. For more information, see Stolen User Credentials and Impossible Travel.

Fixes

  • Bar Chart Report Errors: Certain reports with stacked bar charts sometimes showed an "Unknown" error. This has been fixed.

  • Entity Graph Improvements: Several fixes and enhancements are now available for Entity Graph, which is in the Preview release ring.

    • A slight delay would occur when adding items to an investigation that affected Entity Graph's display. This has been fixed.
    • Overlapping labels have been optimized in the Entity Graph display.
    • Entity node name truncation displays have been optimized.
    • Entity node tabs would sometimes show the previously selected node's information. This has been fixed.

  • Taegis Endpoint Agent File Analysis Status: The File Analysis feature would show as enabled even when disabled. This has been fixed.

  • NDR Devices List View: NDR Devices would show in card view but not in list view. This has been fixed.

3.4.3 (May 23, 2024)🔗

Features

  • Affected Agents Date Range: On the Alert Details page, the Affected Agents section now only shows agents that have seen activity within 90 days of the alert's creation. For more information, see Alert Details Summary Tab.

  • Vulnerability Management: For XDR tenants that also subscribe to Secureworks® Taegis™ VDR, a new Vulnerability Management page presents vulnerabilities observed by VDR on endpoints in XDR. For more information, see Vulnerability Management.

Docs

  • Virtual NDR Integration Guide: A new guide for installing and registering virtual NDR Devices is now available. For more information, see the Virtual NDR Integration Guide.

3.4.2 (May 16, 2024)🔗

Fixes

  • Domain Filtering on Alerts: The Alerts page was not displaying alerts filtered by domain. This has been fixed.

  • Suppression Rules Missing Criteria: When creating Suppression Rules, specific criteria was missing. This has been fixed.

  • Suppressing Taegis Watchlist Alert Errors in Japanese UI: Using Taegis Watchlist detector as Suppression Rule criteria in the Japanese UI would present an error. This has been fixed.

  • Data Export from My Dashboards with no Data: Exporting data from a My Dashboards custom dashboard with no widget will now issue a warning.

Docs

  • Revamped Getting Started Section: Getting Started documentation has been revamped with improvements. Get Started with XDR has been renamed to Getting Started and updated with new details. New Navigation and Taegis Help Resources pages now feature in the Getting Started section.

3.4.1 (May 9, 2024)🔗

Features

  • Automation Actions Friendly Names: Automation and APIs play a crucial role in the Taegis platform by streamlining processes and eliminating repetitive tasks. When records are modified within the Taegis platform by configured Automation playbooks rather than a logged-in user, the change details are now captured as friendly identity names in the Created By and Updated By fields to represent Automation actions. These changes will be rolled out incrementally across the platform over the next two months. For more information, see Friendly History Field Names.

  • Include Disabled Playbooks Toggle: The Playbooks table now excludes disabled playbooks from view by default. To return them to view, select the Include Disabled toggle above the table. For more information, see Configured Playbooks.

Fixes

  • Missing Actions on Alert Details Events Tab: The options to add events to a new or existing investigation were missing from the actions menu in the Events tab of Alert Details. This has been fixed.

Docs

3.4 (May 8, 2024)🔗

Features

  • iSensor Is Now Taegis NDR: Taegis™ NDR is a network detection and response solution that represents an evolution of iSensor and seamlessly integrates with XDR to provide a comprehensive approach to threat prevention and response. With this change:

    • You will start to see the name Taegis™ NDR in place of iSensor starting on May 8.
    • While we have new features and will continue to add more, there are no changes to your current contract or pricing.
    • Your current network-based protection will not be disrupted and there are no steps that you need to take.

    Be sure to keep an eye out for more exciting news as we add even more capabilities to Taegis™ NDR. For more information, see Taegis™ NDR Overview.

  • Edit NDR Device Variables: You can now edit the HOME_NET, EXTERNAL_NET, and HTTP_PORTS variables on your NDR Devices. For more information, see Manage NDR Devices Customization Tab.