Secureworks® Taegis™ XDR 3.3.13 ⫘
Thursday, April 25th, 2024 ⫘
Features ⫘
Updated Advanced Search Builder Experience ⫘
Advanced Search Builder has been enhanced with an intuitive data selection process, easy to build and understand boolean logic groups, and an effortless criteria-building experience. The Builder also now displays your query in Builder format as well as Query Language format as a visual aid to gain more experience with the Query Language. For more information, see Advanced Search Builder.
Cisco Duo Integration Added ⫘
XDR can now ingest and normalize data from Cisco Duo. For more information, see the Cisco Duo Integration Guide.
Imperva Cloud WAF Integration Added ⫘
XDR can now ingest and normalize data from Imperva Cloud WAF. For more information, see the Imperva Cloud WAF Integration Guide.
Fixes ⫘
Link to VirusTotal Missing ⫘
A link to open indicator information in VirusTotal was missing from the Threat Intelligence tab of Alert details. This has been fixed.
Additional Data Copied when Double Clicking Fields ⫘
When double clicking certain fields to copy the text, additional data was being copied. This has been fixed.
Docs ⫘
CrowdStrike Integration Guide Updated ⫘
Additional guidance for configuring a Falcon Data Replicator (FDR) feed to enable integration with XDR has been added to the CrowdStrike Integration Guide.
Secureworks® Taegis™ XDR 3.3.12 ⫘
Thursday, April 18th, 2024 ⫘
Fixes ⫘
Archived Investigations Retrieval Error ⫘
There was an error displaying archived investigations with certain filters. This has been fixed.
Playbook Execution Error Message ⫘
The error message for playbook execution failures did not display correctly under certain conditions. This has been fixed.
Report Date Correction ⫘
In some reports, the report generated date was incorrect. This has been fixed.
Alert JSON Status Fix ⫘
The alert status displayed incorrectly in an alert’s JSON view. This has been fixed.
Reporting Language ⫘
On certain reports, the selected language was not presented as requested. This has been fixed.
Secureworks® Taegis™ XDR 3.3.11 ⫘
Thursday, April 11th, 2024 ⫘
Features ⫘
Third-Party Tickets on Investigations ⫘
The Investigations summary table has a new column, Ticket, displaying the ticket number from a third-party vendor, such as ServiceNow. For more information, see Filter Investigations.
Fixes ⫘
Failure to Open iSensor Details ⫘
XDR was experiencing issues opening iSensor details from the Data Sources table. This has been fixed.
Response Actions ⫘
The drop-down list of Response Actions on Endpoint Agents is now sorted alphabetically.
Pivot Searches ⫘
Some pivot searches used the wrong schema for destination_url, which broke advanced search results. This has been fixed.
Secureworks® Taegis™ XDR 3.3.10 ⫘
Thursday, April 4th, 2024 ⫘
Features ⫘
Report Language Selection ⫘
When defining a report, you can select from a choice of English and Japanese at the last step. For more information, see Create Reports from a Template.
Playbook History Tab Renamed to Executions ⫘
The History tab on a playbook details page has been renamed the Executions tab. For more information, see Playbook Executions.
Playbook Audit Logs ⫘
Playbook instances now include a History tab containing an audit log of playbook updates and executions. For more information, see View Configured Playbook Audit Logs.
Suppression Rule Status Selection ⫘
When creating Suppression Rules, you can now define other statuses in addition to Suppressed. For more information, see Alert Suppression Rules.
Akamai Guardicore and API Protector Integration Added ⫘
XDR can now ingest and normalize data from Akamai Guardicore Segmentation. For more information, see the Akamai Guardicore Integration Guide.
Fixes ⫘
Playbook Version Ordering ⫘
When viewing playbook template versions, they were frequently unordered. This has been fixed.
Playbook Template Documentation Tab ⫘
Playbook templates now have a dedicated Documentation tab making playbook documentation easier to locate.
File Details Page not Displaying Details ⫘
When running a pivot search on a filehash, nothing was displayed in the File Details page. This has been fixed.
Secureworks® Taegis™ XDR 3.3.9 ⫘
Thursday, March 28th, 2024 ⫘
Features ⫘
View Alert Details ⫘
When viewing a table of alerts, such as in search results or from a dashboard, you can now open an alert detail in the same browser tab by selecting the alert’s title. The option to open it in a new tab is still available via the icon . For more information, see Alert Details.
Copy Link to Playbook Template Version ⫘
You can now copy a share link for a specific version of a playbook template. For more information, see Share a Playbook Template Version.
Automatic Mentions in Investigation Comments ⫘
When replying to a comment that used an @ mention on an investigation, the new comment automatically starts with an appropriate @ mention to ensure the party receives a notification. This automatic mention can be removed if unwanted. For more information, see Add Comments to an Investigation.
Enhanced Investigation Workflow ⫘
The enhanced experience when adding evidence to existing investigations and creating new investigations throughout XDR is now available to all users. For more information, see Start and Add to Investigations.
Export Dashboard and Widget Data ⫘
All users can now export dashboard and widget data to CSV and JSON files. For more information, see the Export Options section on Alert Triage, Security Posture, ManagedXDR, and My Dashboards.
Fixes ⫘
Data Collector Performance Tab ⫘
Users of our Japanese UI were experiencing issues with the date/time picker on the Data Collector Performance tab. This has been fixed.
Secureworks® Taegis™ XDR 3.3.8 ⫘
Friday, March 22nd, 2024 ⫘
Fixes ⫘
Pivot Search Fetch Error ⫘
Event and alert pivot searches by sensor ID were returning errors. This has been fixed.
Tag Removal Emails ⫘
A bug generating tag removal emails has been fixed.
Docs ⫘
Professional Services Overview ⫘
The Secureworks® Professional Services team is here to help you realize the full potential from your XDR investment if a higher level of support is desired. Our highly skilled consultants can help you deploy faster, optimize quicker, and accelerate your time to value. For more information, see Professional Services Overview.
Secureworks® Taegis™ XDR 3.3.7.1 ⫘
Tuesday, March 19th, 2024 ⫘
Features ⫘
Universal Login for XDR ⫘
Enhancements to the login experience for XDR are now available to all users. For more information, see Log In to XDR.
Secureworks® Taegis™ XDR 3.3.7 ⫘
Thursday, March 14th, 2024 ⫘
Features ⫘
Enhanced Investigation Workflow ⫘
For users opted in to Preview mode, XDR now provides a consistent experience when adding evidence to existing investigations and creating new investigations throughout XDR. For more information, see Start and Add to Investigations.
Fixes ⫘
Alert Triage Dashboard Links ⫘
Some links on the Alert Triage Dashboard opened the Alerts table without the expected filters applied. This has been fixed.
Hash Pivot Search Results ⫘
The Agents tab has been removed from hash pivot search results, as viewing all hosts a particular hash is found on is not currently supported.
Docs ⫘
Google Cloud Platform Integration Guide Updated ⫘
The Google Cloud Platform Integration Guide has been updated with additional guidance for configuring log inclusion filters for Cloud Audit, VPC Flow, Google Kubernetes Engine (GKE) Dataplane V2, and Security Command Center Findings logs.
Overriding and Extending Global Parsers Documentation ⫘
Documentation has been added that reviews how to override and extend global parsers when working with Custom Parsers. For more information, see Overriding and Extending Global Parsers.
Secureworks® Taegis™ XDR 3.3.6 ⫘
Thursday, March 7th, 2024 ⫘
Features ⫘
Penetration Test Detector ⫘
The Penetration Test Detector, now available in XDR, identifies when a potential penetration test is ongoing. For more information, see Penetration Test Detector.
Akamai App and API Protector Integration Added ⫘
XDR can now ingest and normalize data from Akamai App & API Protector (formerly known as Kona Site Defender or Web Application Protector). For more information, see the Akamai App and API Protector Integration Guide.
Email Notification Language Preference ⫘
You can now set your language preference for email notifications to English or Japanese -日本語. For more information, see User Profile & Settings.
Entity Graph Relationships and Details Tabs ⫘
Entity Graph has been updated with a Relationships tab that displays a table of the relationships associated with the investigation, and a Details tab that displays entity, relationship, and alert details as you select these while exploring a graph. For more information, see Entity Graph.
Fixes ⫘
PDF Export Formatting ⫘
Inline and block code in investigation summaries were not rendering correctly in PDF exports. In addition, reports that use a horizontal stacked bar chart rendered unreadable in the PDF output. Both issues have been fixed.
Alerts Table Usability ⫘
A bug has been fixed where adding a large number of filters to the Alerts table resulted in the table becoming obscured from view and inaccessible.
Auto Investigation Descriptions Truncated ⫘
Longer descriptions for Auto Investigation templates were truncated in the card view and could not be fully viewed without opening the template. This has been fixed.
Endpoint Agent Details History ⫘
The “See History“ link on an Endpoint Agent details page works as expected now.
Alerts with 0.01 Severity ⫘
Alerts with 0.01 severity (Informational) were not displaying their severity levels properly. This has been fixed.
Alerts with Process Events ⫘
XDR performance has improved for alerts with 300+ related process events.
Alerts with Affected Agents ⫘
Some alerts did not show affected agents. This has been fixed.
Secureworks® Taegis™ XDR 3.3.5.2 ⫘
Thursday, February 29th, 2024 ⫘
Features ⫘
Cato Networks Integration Added ⫘
XDR can now ingest and normalize data from Cato Networks. For more information, see the Cato Networks Integration Guide.
Secureworks® Taegis™ XDR 3.3.5.1 ⫘
Thursday, February 22nd, 2024 ⫘
Features ⫘
Windows Taegis Endpoint Agent Advanced Kernel Telemetry Setting ⫘
The Advanced Kernel Telemetry setting for Windows Taegis Endpoint Agents is now disabled by default both at a tenant level and in new groups to prevent compatibility issues on Windows endpoints with other security products. You can now configure this setting at a tenant level in Agent Settings and at a group level in Group Configuration.
Cloudflare Integration Added ⫘
XDR can now ingest and normalize data from Cloudflare. For more information, see the Cloudflare Integration Guide.
Secureworks® Taegis™ XDR 3.3.5 ⫘
Thursday, February 15th, 2024 ⫘
Features ⫘
Automations Connections Redesign ⫘
Automations > Connections in XDR has been renamed to Automations > Connectors. The page has also been redesigned to streamline configured connections in a Connections tab and connector templates in a Connector Library tab. For more information, see Configured Connections and Connector Library.
Export Dashboard and Widget Data ⫘
For users opted in to Preview mode, you can now export dashboard and widget data to CSV and JSON files. For more information, see the Export Data section on Alert Triage, Security Posture, ManagedXDR, and My Dashboards.
Fixes ⫘
Date Picker Custom Range Not Scrolling ⫘
The Custom Range tab of date pickers throughout XDR were not scrolling correctly. This has been fixed.
Pasting into Suppression Rule Fields Overwriting Content ⫘
Pasting text into certain fields when configuring a suppression rule was overwriting all content already present in the field. This has been fixed.
Docs ⫘
Log In to Secureworks® Taegis™ XDR Updated ⫘
The login instructions have been updated to reflect changes for users opted in to Preview mode, which will soon become the default login experience.
Secureworks® Taegis™ XDR 3.3.4.1 ⫘
Tuesday, February 13th, 2024 ⫘
Features ⫘
Google Cloud Platform Integration Added ⫘
XDR can now ingest and normalize data from Google Cloud Platform (GCP). For more information, see the Google Cloud Platform Integration Guide.
Nozomi Guardian Integration Added ⫘
XDR can now ingest and normalize data from Nozomi Guardian for tenants with Taegis™ XDR for OT. For more information, see the Nozomi Guardian Integration Guide.
Secureworks® Taegis™ XDR 3.3.4 ⫘
Thursday, February 8th, 2024 ⫘
Features ⫘
XDR Mobile App ⫘
A new mobile experience for XDR users is now available. For a feature overview video and installation information, see XDR Mobile App.
iSensor Change Management Report Template ⫘
Customers with iSensors can now create iSensor Change Management Reports that display detailed information about signature and ruleset updates made for each iSensor. For more information, see iSensor Change Management Report.
Investigations Table Filters Menu Preference ⫘
The investigations table now stores the open and close state of the filters menu as a user preference when you navigate from the page. For more information, see Filter Investigations.
Secureworks® Taegis™ XDR 3.3.3 ⫘
Thursday, February 1st, 2024 ⫘
Features ⫘
Custom Alerts and Filter Options Renamed ⫘
On the Alert Triage Dashboard and Alerts page, My Alerts are now named Custom Alerts and Alert Options is now called Include Options. Additionally, the labels within Include Options have been updated and a tooltip is now included. Note that previous preferences for Include Options will not persist. Toggle the options to re-save your preferences. For more information, see Alert Triage Dashboard and Filter for Alerts.
Threat Score Added to Alerts Table of Entity Graph ⫘
For users opted in to Preview mode, the Alerts table within Entity Graph has been updated with a column for Threat Score. For more information, see Entity Graph Alerts Tab and Threat Score.
Automations Connections Redesign ⫘
In a coming release, Automations > Connections in XDR will be renamed to Automations > Connectors. The page will also be redesigned to streamline configured connections in a Configured tab and connector templates in a Templates tab of one page. This will replace the current separate Connector Library location of templates. This change is currently scheduled for February 15th. For more information, see Configured Connections and Connector Library.
Docs ⫘
Windows Taegis Endpoint Agent Known Compatibility Issues ⫘
Taegis Endpoint Agent Known Issues has been updated with information on the interoperability of the Windows agent with other security products.
Secureworks® Taegis™ XDR 3.3.2 ⫘
Thursday, January 25th, 2024 ⫘
Features ⫘
Data Collector Performance and Maintenance Tabs ⫘
Data Collector details now include two new tabs. The Performance tab presents insightful data about the collector throughput and overall performance. The Maintenance tab presents information on upcoming and completed service maintenance and the ability to configure a maintenance window that fits your schedule for future maintenance. For more information, see Manage Data Collectors.
Archive and Restore Multiple Investigations ⫘
The ability to archive and restore multiple investigations at once has been added to the Investigations table. For more information, see Archive Investigations and Restore Archived Investigations.
View Tags on Investigations Table ⫘
A Tags column is now available to add to the Investigations table to quickly view the tags that have been added to each investigation. For more information, see Filter Investigations.
Create Advanced Suppression Rules from Query Language ⫘
For users opted in to Preview mode, advanced suppression rules can now be created to match on an alert's underlying event data using Query Language, leveraging elements such as process.commandline
, process
, parent_image_path
, and other event schemas. For more information, see Alert Suppression Rules.
Fixes ⫘
Endpoint Agent Details Alerts Not Loading ⫘
Alerts were not loading in the Endpoint Agent detailed view. This has been fixed.
Archived Investigations Incorrectly Displaying in Table ⫘
Older archived investigations were displaying in the Investigations table with the Only Show Archived filter toggled off. This has been fixed.
Share Links for Alert Suppression and Custom Alert Rules Not Working ⫘
Share links for alert suppression and custom alert rules were redirecting to the landing page rather than the rule. This has been fixed.
Docs ⫘
New User Walkthrough Added to Taegis Endpoint Agent Introduction ⫘
The Taegis Endpoint Agent Introduction has been redesigned to include a new user walkthrough to guide your experience with the agent and assist with installation, troubleshooting, and use of the Taegis Endpoint Agent.
Windows Taegis Endpoint Agent Migrator PowerShell Script Updated ⫘
The PowerShell script for Windows agent installations has been updated at Install Windows Taegis Endpoint Agent Using PowerShell Script.
Secureworks® Taegis™ XDR 3.3.1 ⫘
Thursday, January 18th, 2024 ⫘
Features ⫘
Windows Taegis Endpoint Agent Migrator PowerShell Script ⫘
A PowerShell script that automates the validation of prerequisites for the Windows Taegis Endpoint Agent is now available. The script can be used for migrations from Red Cloak™ Endpoint Agent to Taegis Endpoint Agent, or for brand new installations. For more information, see Install Windows Taegis Endpoint Agent Using PowerShell Script.
Windows Taegis Endpoint Agent Advanced Kernel Telemetry Setting ⫘
For users opted in to Preview mode, Advanced Kernel Telemetry for Windows Taegis Endpoint Agents can now be disabled at the tenant level if you are experiencing compatibility issues with third-party security products. For more information, see Agent Settings.
Secureworks® Taegis™ XDR 3.3 ⫘
Thursday, January 11th, 2024 ⫘
Features ⫘
Enhanced Investigations Table ⫘
The Investigations table in XDR has been redesigned with streamlined navigation, enhanced filters, and quick access actions. For more information, see Work an Investigation.
Entities Added to Investigation Evidence Tab ⫘
The investigation details Evidence tab now includes an Entities sub-tab with a table of involved entities that provides the ability to view entity details and take response actions. For more information, see Investigation Evidence.
CSV Exports Renamed Data Exports ⫘
The CSV Exports page in XDR has been renamed to Data Exports. For more information, see Data Exports.
Fixes ⫘
Entities Persisted in Alert Preview Side Panels ⫘
Some entities displayed in alert preview side panels were persisting to subsequent alert previews opened from the table in the background without closing the initial alert first. This has been fixed.
Investigation PDF Export Formatting Issue ⫘
A bug has been fixed where investigation PDF exports were truncating certain sections and tables.
Incorrect iSensor Registration Status ⫘
A bug causing iSensor registration statuses to incorrectly display as expired has been fixed.
Incorrect Endpoint Response Actions ⫘
Response actions were appearing in the actions menu of endpoint summary views for incorrect endpoint types. This has been fixed.
Secureworks® Taegis™ XDR 3.2.42 ⫘
Thursday, December 14th, 2023 ⫘
Features ⫘
User Profile & Settings Redesigned and Enhanced ⫘
User Profile & Settings in XDR has been updated with a two-column layout, collapsable sections, and the addition of options to set a landing page in XDR and to reset all your preferences. For more information, see User Profile & Settings.
Renew Taegis Endpoint Agent Registration Keys ⫘
Taegis Endpoint Agent registration keys are designed to provide secure and controlled access to the Taegis Endpoint Agent. The registration key expiration is used to enhance the security of our agent and protect it from unauthorized use. In addition to viewing the registration key and expiration from Group Configuration in XDR, you can now manually renew a key. For more information, see Registration Keys.
Endpoint Agents Cloud Provider Indicators ⫘
For users opted in to Preview mode, the Endpoint Agents Summary table now includes an icon next to hostnames of endpoints that are identified as cloud assets to indicate the cloud provider. For more information, see Identify Cloud Instances.
Taegis Endpoint Agent Auto Archive Setting ⫘
Auto Archive for Taegis Endpoint Agents can now be configured at the tenant level in addition to group level. For more information, see Agent Settings.
Related Investigations Added to Alert Details ⫘
The Insights tab of alert details now includes a section of open and closed investigations related to entities associated with the displayed alert. For more information, see Related Investigations.
Secureworks® Taegis™ XDR 3.2.41 ⫘
Thursday, December 7th, 2023 ⫘
Features ⫘
Alert Threat Score ⫘
Threat Score has left Preview mode and is now generally available. For more information, see Threat Score.
Export Data from Report Templates to CSV and JSON ⫘
You can now generate a CSV and/or JSON file that contains the non-aggregated data with the PDF for report templates. For more information, see Create Reports from a Template.
Fixes ⫘
Hostnames Persisted in Alert Preview Side Panels ⫘
Hostnames displayed in alert preview side panels were persisting to subsequent alert previews opened from the table in the background without closing the initial alert first. This has been fixed.
Data Collector Health Graph Timestamps ⫘
Data Collector Health graph timestamps were not reflecting the time zone preference set in User Profile & Settings. This has been fixed.
Secureworks® Taegis™ XDR 3.2.40 ⫘
Friday, December 1st, 2023 ⫘
Features ⫘
Alert Threat Score ⫘
For users opted in to Preview mode, Threat Score is a new contextually aware priority value assigned to alerts by the patent-pending Taegis™ Prioritization Engine. The score ranges from 0 - 10 with a higher score representing a higher risk to your organization. For more information, see Threat Score.
Manage iSensors ⫘
You can now view your organization’s current integrated iSensors, monitor their health, and manage their rules and registration on the iSensor page. For more information, see Manage iSensors.
Custom Reports Search Query ⫘
Custom reports created from an advanced search now include the search query in an appendix of the report PDF to more easily identify the data being reported. For more information on Custom Reports, see Configure Custom Reports.
Fixes ⫘
Incorrect Data in XDR User Admin Summary Report ⫘
Some XDR User Admin Summary Reports included active users in the Inactive Users section and did not show users that were deactivated in the Registration Status Changes section. These issues have been fixed.
Criteria for Suppression Rule Not Populating ⫘
A bug has been fixed where the Suppression Rule criteria list was intermittently not populating when creating a rule directly from an alert.
MITRE Mapping Not Presented ⫘
Some alerts with MITRE information present in the JSON of the alert did not present that MITRE info in the XDR UI or reports. This has been fixed.
Secureworks® Taegis™ XDR 3.2.39 ⫘
Thursday, November 16th, 2023 ⫘
Features ⫘
Manage iSensors ⫘
For users opted in to Preview mode, you can now view your organization’s current integrated iSensors, monitor their health, and manage their rules and registration on the iSensor page. For more information, see Manage iSensors.
Excessive Playbook Executions Notification ⫘
You can now enable notifications for excessive playbook executions from your User Profile & Settings. For more information, see Notification Preferences.
Fixes ⫘
Scheduled Reports Not Executing ⫘
In certain situations, scheduled reports did not run on the correct date. This has been fixed.
Docs ⫘
Lambda Migration ⫘
Documentation has been added with instructions for updating the Secureworks® Taegis™ XDR Lambda function used in Amazon integrations. For more information, see Lambda Migration.
Provided Data from Integrations ⫘
The tables of provided data from integrations on Capabilities at a Glance have been updated. For more information, see Provided Data from Integrations.
Secureworks® Taegis™ XDR 3.2.38 ⫘
Thursday, November 9th, 2023 ⫘
Features ⫘
Entity Graph Now Available ⫘
For users opted in to Preview mode, you can now access Entity Graph, a powerful addition to our XDR platform that provides enhanced visibility. The Entity Graph offers a live, visual representation of entity relationships, simplifying security investigations and decision-making processes. For more information, see Explore an Investigation in Detail with Entity Graph.
Investigation Enhancements ⫘
For users opted in to Preview mode, a new Entities sub-tab is now available under the Evidence tab allowing you to view details and respond to individual entities that are part of an investigation. The audit history has been moved to a new top-level History tab along with the Timeline view. For more information, see Investigation Evidence and Investigation Timeline.
Fixes ⫘
Unsortable Columns in Investigations Table ⫘
Columns in the Investigations table that do not support sorting can no longer be clicked as if they do.
Docs ⫘
Security Posture Dashboard Event Pipeline Widget ⫘
Documentation regarding the date range used for the data populating the Event Pipeline widget has been updated. For more information, see Event Pipeline.
Secureworks® Taegis™ XDR 3.2.37 ⫘
Thursday, November 2nd, 2023 ⫘
Features ⫘
Legacy Response Actions to be Removed ⫘
Legacy response actions have been replaced by playbook-driven actions. After configuring these actions via playbooks, the legacy response actions such as Disable User, Isolate Host and Disrupt Process for Red Cloak, and Block IP for iSensor, are no longer available. These legacy actions will be removed beginning November 6, 2023. While most customers have already adopted the playbook-based response actions, we wanted to provide notification for customers that have not yet adopted the new response actions. Please ensure you have configured response action playbooks for your environment prior to November 6 to assure no interruptions. For more information about response actions, see the Automations Documentation.
Fixes ⫘
Issues with Events Export to CSV from Alerts ⫘
The CSV export of events from an alert did not include all columns and contained improperly formatted data. This has been fixed.
Advanced Search for Fields Containing Hostname ⫘
When running an advanced search query with an event field containing the word hostname, an incorrect Looking up hostname(s) message displayed. This has been fixed.
Enterprise SSO Draft Connections Not Editable ⫘
SSO connections in Draft status can now be selected from the Enterprise SSO page to complete configuration.
Secureworks® Taegis™ XDR 3.2.36 ⫘
Thursday, October 26th, 2023 ⫘
Features ⫘
Custom Roles ⫘
Custom Roles is now generally available and allows you to create and manage custom user roles using the categories and permissions detailed in User Roles to tailor access for your tenant users to your needs. For more information, see Custom Roles.
Registration Key Expiration Added to Group Configuration Table and Details ⫘
The Taegis Endpoint Agent Group Configuration table and details now display registration key expiration dates. For more information, see Group Configuration.
Reset Multi-Factor Authentication in App ⫘
For users opted in to Preview mode, you can now reset your multi-factor authenticator from your User Profile and Settings in XDR. For more information, see Security Settings.
Fixes ⫘
Add Custom Role Action Removed for Tenant Analysts ⫘
Tenant Analysts can no longer add a custom role, as designed.
Pivot Searches Not Loading Events ⫘
Fixed an issue where a pivot search on certain field types would not present the Events tab in the results.
Secureworks® Taegis™ XDR 3.2.35 ⫘
Thursday, October 19th, 2023 ⫘
Features ⫘
Configured Response Actions Added to Subscriptions ⫘
The Subscriptions page in XDR now displays a table with configured response actions for the tenant. For more information, see Subscriptions.
TAXII 2.1 Integration ⫘
For users opted in to Preview mode, the TAXII 2.1 integration is now available to ingest threat indicators into XDR to generate alerts via the Bring Your Own Threat Intel Detector. For more information, see TAXII 2.1 Integration Guide.
Export Data from Report Templates to CSV and JSON ⫘
For users opted in to Preview mode, you can now generate a CSV and/or JSON file that contains the non-aggregated data with the PDF for report templates. For more information, see Create Reports from a Template.
Fixes ⫘
Hostname Field Error When Adding Collector ⫘
The Hostname field used when configuring DHCP for a data collector was accepting unsupported characters and displaying an unrelated error message. This has been fixed.
Incorrect Data from Report Templates ⫘
Report templates used for time periods greater than 90 days incorrectly presented zero data in charts for the final month. This has been fixed.
Docs ⫘
Common Expression Language Macros ⫘
The documentation for Common Expression Language (CEL) macros used in Automations has been reorganized and improved with additional macros, examples, and explanations.
Secureworks® Taegis™ XDR 3.2.34 ⫘
Thursday, October 12th, 2023 ⫘
Features ⫘
Custom Roles ⫘
For users opted in to Preview mode, you can now create and manage custom user roles using the categories and permissions detailed in User Roles to tailor access for your tenant users to your needs. For more information, see Custom Roles.
Anomali Integration ⫘
For users opted in to Preview mode, the Anomali integration is now available to ingest threat indicators into XDR to generate alerts via the Bring Your Own Threat Intel Detector. For more information, see Anomali Integration Guide.
Fixes ⫘
Auto Investigation Template Description Not Editable ⫘
The description field for Automatic Investigation templates was not present when editing a configured template. This has been fixed.
Pivot Search for DNS Events Used Incorrect Query ⫘
A bug has been fixed where some pivot searches for DNS events from a data source were using an incorrect query.
Docs ⫘
Okta Integration Guide Updated ⫘
The Okta Integration Guide has been updated with additional procedural guidance and updated list of events received from Okta.
Secureworks® Taegis™ XDR 3.2.33 ⫘
Thursday, October 5th, 2023 ⫘
Features ⫘
Endpoint Agent Details Redesigned ⫘
The Endpoint Agent detailed view has been redesigned to eliminate tabs and provide access to details, alerts, and history from a single view. For more information, see Manage Endpoint Agents.
Fixes ⫘
ServiceNow Bidirectional Outbound Playbook Comments ⫘
Comments added to investigations were not syncing to ServiceNow work notes. This has been fixed.
Hostname Links in Event Details Broken ⫘
A bug has been fixed where hostname links in event details pages were broken.
Automatic Investigations Template View Not Persisting ⫘
Selecting the option to view auto investigation templates in list view was not persisting. This has been fixed.
Docs ⫘
Amazon CloudWatch Logs ⫘
Documentation has been added that reviews how to ingest data from sources produced by CloudWatch Logs. For more information, see Amazon CloudWatch Logs Integration Guide.
Bring Your Own Threat Intelligence API ⫘
Documentation has been added for the Bring Your Own Threat Intelligence (BYOTI) API. For more information, see Using the BYOTI API and BYOTI GraphQL API.
Secureworks® Taegis™ XDR 3.2.32 ⫘
Thursday, September 28th, 2023 ⫘
Features ⫘
Bring Your Own Threat Intelligence ⫘
The new Bring Your Own Threat Intelligence (BYOTI) Detector is now available in XDR and enables you to integrate Threat Intel indicator lists and generate alerts when those indicators are found in normalized telemetry. This detector requires a supported Threat Intel integration, which currently includes AlienVault OTX.
Taegis Endpoint Agent Group File Collection ⫘
You can now enable or disable implicit file collection for Taegis Endpoint Agents at a group level. For more information, see Group Configuration.
Manage Users Enhanced ⫘
Manage Users in XDR has been enhanced with improved filter options, visual indicators for users added as points of contact in escalation lists, and other improvements. For more information, see Manage Users.
Share Auto Investigation Templates ⫘
You can now share direct links to automatic investigation templates. For more information, see Share Automatic Investigation Templates.
Actions Added to Alerts Tab of Endpoint Agent Details ⫘
An actions menu has been added to the Alerts tab of the Endpoint Agent detailed view. For more information, see Manage Endpoint Agents.
Fixes ⫘
Investigations Issue ⫘
Fixed a bug affecting the ability to load and close investigations.
Reports Aggregated by Resource Field Failing ⫘
Fixed an issue where reports aggregated by the resource field were failing with errors.
Docs ⫘
NXLog Template Updated ⫘
The Windows Event Log NXLog template has been updated. See NXLog Template Downloads.
Automatic Investigations ⫘
Documentation for Automatic Investigations has been updated with additional guidance. See Automatic Investigations.
Secureworks® Taegis™ XDR 3.2.31 ⫘
Friday, September 22nd, 2023 ⫘
Features ⫘
Okta Integration Enhanced ⫘
The Okta integration has been enhanced with improvements to the configuration process. For more information, see Okta Integration Guide.
Pass the Ticket Detector Removed ⫘
The Pass the Ticket Detector is being decommissioned. For the full list of detectors, see Detectors Overview.
Investigation Tags Now Available ⫘
You can now add tags to investigations. For more information, see Work an Investigation.
Fixes ⫘
Date/Time Picker Display Issue ⫘
Fixed an issue where the date/time picker did not display correctly due to browser zoom settings.
Playbook Execution Line Chart Colors ⫘
Playbook execution line charts now display the correct colors for executions and failures.
Opening Comments in Investigation Truncates Title ⫘
Fixed an issue where the investigation title was truncated when investigation comments were expanded.
Secureworks® Taegis™ XDR 3.2.30.1 ⫘
Friday, September 15th, 2023 ⫘
Features ⫘
Export Dashboards and Widgets to PNG ⫘
You can now export both dashboards and individual dashboard widgets to a PNG image. For more information, see Alert Triage Dashboard, Security Posture Dashboard, Secureworks® Taegis™ ManagedXDR Dashboard, and My Dashboards.
Secureworks® Taegis™ XDR 3.2.30 ⫘
Thursday, September 14th, 2023 ⫘
Features ⫘
File Analysis Detector ⫘
The File Analysis Detector, now available in XDR, identifies malicious files on endpoints with the Taegis Endpoint Agent. For more information, see File Analysis Detector.
Collector API Query Deprecation and New Datasource API ⫘
On October 14, 2023, the existing getDataSourceMetrics query used to fetch datasource metrics will be deprecated in favor of the new Datasource GraphQL API exposing getDataSourceLastSeenAsset, which provides the same functionality as well as new capabilities such as deleting data sources. For more information, see Datasource GraphQL API.
Taegis™ Agent Settings ⫘
For tenants using the Taegis Endpoint Agent, a new Agent Settings page is now available. For more information, see Agent Settings.
Fixes ⫘
Alerts Not Loading ⫘
A bug affecting alert loading has been fixed.
Automation Connection Buttons Unresponsive ⫘
The Edit button on configured connections and Add Connection button on connectors were unresponsive in the Japanese UI. This has been fixed.
Reports Formatting Issue ⫘
A bug where the table of contents in Japanese reports was improperly formatted has been fixed.
Copied IP Addresses Included Extra Characters ⫘
A bug where double-clicking to copy an IP address in XDR included extra characters has been fixed.
Docs ⫘
Taegis™ Magic Jupyter Integration Overview ⫘
Overview documentation for Taegis™ Magic Jupyter Integration, a Jupyter Notebook and Command Line Interface for interacting with the Secureworks® Taegis™ security platform, is now available. See Taegis™ Magic Jupyter Integration.
Threat Hunting with Jupyter Notebooks ⫘
Documentation describing the tools and workflows that enable threat hunting procedures using Jupyter Notebooks is now available. See Hunting with Jupyter Notebooks.
Secureworks® Taegis™ XDR 3.2.29 ⫘
Thursday, September 7th, 2023 ⫘
Fixes ⫘
Auto Investigation Optimizations ⫘
The view has been optimized to allow for better filtering when viewing Automatic Investigations. In addition, the window close button has been fixed as the window would not close in some instances.
Error Message Optimizations ⫘
For some event and pivot search screens, errors would display incorrectly. This has been fixed.
Report Time Errors ⫘
Reports were showing different times between the English version and Japanese versions of the same report. This has been fixed.
Secureworks® Taegis™ XDR 3.2.28.1 ⫘
Friday, September 1st, 2023 ⫘
Features ⫘
Automatic Investigations ⫘
Automatic Investigations has left Preview mode and is now generally available. XDR can now analyze your alerts and automatically create investigations based on criteria you define. For more information, see Automatic Investigations.
Docs ⫘
Taegis™ NGAV Agent Update ⫘
The Taegis™ NGAV Enterprise Administration Guide has been updated. For more information, see Setting up the Taegis™ NGAV Agent.
Secureworks® Taegis™ XDR 3.2.28 ⫘
Wednesday, August 30th, 2023 ⫘
Features ⫘
Refresh Alert Triage Dashboard ⫘
You can now refresh the data in all widgets on the Alert Triage Dashboard. For more information, see Refresh Dashboard.
Export Dashboards to PNG ⫘
For users opted in to Preview mode, you can now export dashboards in XDR to a PNG image. For more information, see Alert Triage Dashboard, Security Posture Dashboard, Secureworks® Taegis™ ManagedXDR Dashboard, and My Dashboards.
Fixes ⫘
Unsupported Entities in Suppression Rule Creation ⫘
When creating a Suppression Rule from an alert, XDR was including entities not currently supported for rule configuration. This has been fixed.
See All Events Option Not Working ⫘
For some alerts, using the See All Events option led to an invalid search query. This has been fixed.
Investigation Status Message Improperly Formatted ⫘
A bug has been fixed where adding alerts to investigations with titles longer than 50 characters resulted in an improperly formatted status message.
Investigation PDF Exports Missing Details ⫘
A bug has been fixed where PDF exports of investigations were missing investigation details.
Secureworks® Taegis™ XDR 3.2.27 ⫘
Thursday, August 24th, 2023 ⫘
Features ⫘
Akamai Enterprise Application Access Integration Added ⫘
XDR can now ingest and normalize data from Akamai Enterprise Application Access (EAA) via Akamai Unified Log Streamer (ULS). For more information, see the Akamai EAA Integration Guide.
Office 365 Management API Integration Added ⫘
This integration replaces Office 365 Management Activity API. For more information, see Office 365 Management API Integration Guide.
Fixes ⫘
Playbook History Table Not Filtered by Date/Time Range ⫘
The Playbook History table was not being filtered by the range set in the date/time picker. This has been fixed.
Save and Finish Button Not Working in Playbook Instance ⫘
While editing a playbook instance, the Save and Finish button was not functioning correctly if you skipped directly from the initial Details section to the final Inputs section. This has been fixed.
Incorrect Next Scheduled Date for Reports in Japanese Mode ⫘
The Next Scheduled Date was not being set correctly when scheduling a report with the UI in Japanese mode. This has been fixed.
Secureworks® Taegis™ XDR 3.2.26 ⫘
Thursday, August 17th, 2023 ⫘
Fixes ⫘
Trigger Filter Not Displaying ⫘
In some playbooks, the trigger filter was not displaying properly. This has been fixed.
Endpoint Agents Summary Table Pagination Error ⫘
The Endpoint Agents Summary table pagination was not updating after adding a tag to an endpoint and refreshing. This has been fixed.
Secureworks® Taegis™ XDR 3.2.25.1 ⫘
Tuesday, August 15th, 2023 ⫘
Features ⫘
Automatic Investigations ⫘
Automatic Investigations is now available in Preview. XDR can now analyze your alerts and automatically create investigations based on criteria you define. For more information, see Automatic Investigations.
Secureworks® Taegis™ XDR 3.2.25 ⫘
Friday, August 11th, 2023 ⫘
Features ⫘
Endpoint Agents Navigation Improved ⫘
Tabs previously available on the Endpoint Agents page in XDR are now discrete options available from the left-hand side navigation Endpoint Agents menu. For more information, see Manage Endpoint Agents.
Docs ⫘
Event Hub Scaling Added to Microsoft Defender Integration ⫘
Microsoft Defender for Endpoint Integration Guide has been updated with instructions on event hub scaling. For more information see Scaling Event Hub.
Fixes ⫘
Alerts Detail Events Table Not Reloading ⫘
For some tenants the Events tab in the Alerts panel was not repopulating after selecting it, navigating away, then returning to it. This has been corrected so that it repopulates correctly.
Secureworks® Taegis™ XDR 3.2.24 ⫘
Thursday, August 3rd, 2023 ⫘
Features ⫘
Taegis Endpoint Agent Auto Archive ⫘
For users opted in to Preview mode, you can now specify a time frame after which any Taegis Endpoint Agents assigned to a group that have not reported to XDR are archived from view on the Agent Summary table. For more information, see Group Configuration.
On-Premise Automation Connector Now Supports LDAP Authentication ⫘
The On-Premise Automation Connector now supports LDAP authentication to provide the connector access to Active Directory and LDAP directory services. If an older version of the On-Premise Connector is configured, you must delete the connector and re-add it to the data collector. For more information, see On-Premise Automation Connector. The system the collector is deployed to requires network access to the AD/LDAP services.
Fixes ⫘
Investigation PDF Exports Incorrect Formatting ⫘
Some PDF exports of investigations were not formatted correctly. This has been fixed.
Select All on Data Sources Table Not Working ⫘
The Select All function of the Data Sources table persisted after filters were adjusted. This has been fixed.
Docs ⫘
Taegis Endpoint Agent Beta Release Channel ⫘
See Taegis™ Agent Beta Release Channel for more details on the benefits and recommended uses of the Taegis™ Agent Beta release channel.
Secureworks® Taegis™ XDR 3.2.23 ⫘
Thursday, July 27th, 2023 ⫘
Features ⫘
Taegis Help Center ⫘
The Taegis Help Center is now available. Now you can access and search the Taegis Documentation and Knowledge Base from a central location. To open the Taegis Help Center from XDR, select the help icon ( ) in the upper right-hand corner, then choose Help Center from the pull down menu.
Microsoft Azure Active Directory Activity Reports Integration Added ⫘
This integration replaces Azure Active Directory — Monitoring. For more information, see Microsoft Azure Active Directory Activity Reports.
Playbook Queues Removed ⫘
Playbook Queues have been removed due to platform improvements in scalability and simplification of the execution process. Playbook instances are logged and can be tracked from the History tab of Playbooks. See Playbooks History for more information.
Fixes ⫘
Agent Downloads ⫘
The Agent Downloads tab of Endpoint Agents is available only for users with the Tenant Admin role as designed.
Searches Not Appearing in History ⫘
Some searches were not appearing in the History tab of Advanced Search. This has been fixed.
Secureworks® Taegis™ XDR 3.2.22 ⫘
Thursday, July 20th, 2023 ⫘
Features ⫘
Sentinel One Regions ⫘
The XDR Sentinel One integration now supports the apne1 region.
Fixes ⫘
Automations Playbooks List Errors ⫘
List order by status now sorts as expected in the Automations Playbooks List.
Investigation Timeline ⫘
Some events were not appearing at the correct related time in the Investigations timeline. This has been corrected.
Secureworks® Taegis™ XDR 3.2.21 ⫘
Thursday, July 13th, 2023 ⫘
Features ⫘
XDR User Administration Summary Report Template ⫘
The XDR User Administration Summary Report has left Preview mode and is now available to all users. For more information, see XDR User Administration Summary Report.
XDR Python SDK ⫘
The XDR Python SDK is now available. The Python SDK is a library you can use with XDR’s GraphQLs APIs to greatly speed and enhance any custom integrations with XDR. For more information, see XDR Python SDK.
Delete Data Sources ⫘
You can now delete data sources to remove the device records from the Data Sources table. For more information, see Delete Data Sources.
Fixes ⫘
Investigation Titles Character Limit ⫘
Investigation titles are now limited to 256 characters.
Data Sources Not Loading ⫘
Data sources were not loading properly for certain users. This has been fixed.
Endpoint Agents Table Tag Filter ⫘
Filtering the Endpoint Agents table by Tag is now case insensitive.
Secureworks® Taegis™ XDR 3.2.20 ⫘
Thursday, July 6th, 2023 ⫘
Features ⫘
OPNsense Integration Added to XDR ⫘
XDR can now ingest and normalize data from OPNsense. For more information, see the OPNsense Integration Guide.
pfSense Integration Added to XDR ⫘
XDR can now ingest and normalize data from pfSense. For more information, see the pfSense Integration Guide.
Time Zone ⫘
You can now set the time zone in XDR to match the time and date to your time zone preference. For more information, see Time Zone in Profile Settings.
Docs ⫘
Using File Upload API ⫘
Using the File Upload API has been updated.
Provided Data Tables Updated ⫘
The Provided Data tables for third party integrations have been updated.
Fixes ⫘
Exported Investigations Not Masking Assignee or Creator for Tenant Users ⫘
Exported investigations were not masking assignee or creator data for Tenant Users. This has been fixed.
Secureworks® Taegis™ XDR 3.2.19 ⫘
Thursday, June 29th, 2023 ⫘
Features ⫘
Claroty CTD Integration Added to XDR for OT ⫘
XDR can now ingest and normalize data from Claroty CTD. For more information, see the Claroty Continuous Threat Detection (CTD) Integration Guide.
Dragos Platform Integration Added to XDR for OT ⫘
XDR can now ingest and normalize data from the Dragos Platform. For more information, see Dragos Platform Integration Guide.
Docs ⫘
Supported Connectors for Automations Update ⫘
The Supported Connectors list for Secureworks® Taegis™ XDR Automations has been updated. For more information, see Supported Connectors.
Fixes ⫘
Error Filtering Playbook Status/Name Columns ⫘
Filtering for Playbook Status/Name columns now works as expected.
Some CSV Export Files Contain Irrelevant Fields ⫘
Some export files were not correctly populating with data. The data not importing correctly, such as those from health status and some from the Cloud API has been temporarily filtered out.
Label Correction in Enterprise SSO Add New Connection ⫘
The label for Assertion Customer Service URL has been corrected to Assertion Consumer Service URL.
ManagedXDR Export All as CSV ⫘
ManagedXDR’s Export All as CSV function now exports all expected results.
Secureworks® Taegis™ XDR 3.2.18 ⫘
Thursday, June 22nd, 2023 ⫘
Features ⫘
XDR User Administration Summary Report Template ⫘
For users opted in to Preview mode, you can now create XDR User Administration Summary Reports from a predefined template. For more information, see XDR User Administration Summary Report.
Fixes ⫘
Suppression Rule Alert Title Entity ⫘
When creating a suppression rule from an alert, the Alert Title entity is now available in the pre-populated list from the alert as designed.
Docs ⫘
Office 365 and Azure Data Availability Doc Update ⫘
Additional information on data availability, collection times, and collection variables has been added to Office 365 and Azure Data Availability.
Secureworks® Taegis™ XDR 3.2.17 ⫘
Thursday, June 15th, 2023 ⫘
Fixes ⫘
Proofpoint Alerts Cannot Be Used in Suppression Rules ⫘
When creating a Suppression rule, Proofpoint alerts were not selectable options. This has been fixed.
Docs ⫘
HA Collector Docs Update ⫘
The command to verify if a node is online has been corrected. For more information, see Maintenance or Downtime in On-Premises HA Data Collector.
On Premises Data Collector Docs Update ⫘
Nifi is no longer used by the Taegis™ XDR Collector and has been removed from the requirements lists.
Secureworks® Taegis™ XDR 3.2.16 ⫘
Thursday, June 8th, 2023 ⫘
Features ⫘
Taegis Watchlist Detector ⫘
The TDR Watchlist detector has been renamed to Taegis Watchlist. For more information, see Taegis Watchlist.
Taegis Endpoint Agent Group Configuration ⫘
Taegis Endpoint Agent groups now display as discrete pages that provide a direct link to share with other tenant users or Secureworks support. For more information, see Group Configuration.
Fixes ⫘
Endpoint Response Actions ⫘
Endpoint Response Actions now display consistently in alphabetical order in the Actions menu.
Docs ⫘
Reactivating XDR Users ⫘
Documentation on reactivating XDR users has been added. For more information, see Manage Users.
Secureworks® Taegis™ XDR 3.2.15 ⫘
Thursday, June 1st, 2023 ⫘
Features ⫘
Google Workspace Integration Updated ⫘
XDR can now ingest and normalize Google Workspace Admin Activity events, Chrome Audit Activity events, and Alert Center Alerts. For more information, see Google Workspace Integration Guide.
Secureworks® Taegis™ ManagedXDR for OT ⫘
Secureworks® Taegis™ ManagedXDR for OT is now available as an added service for Secureworks® Taegis™ ManagedXDR and Secureworks® Taegis™ ManagedXDR Elite subscribers. For more information, see Taegis ™ ManagedXDR for OT.
Taegis™ NGAV Agent Update ⫘
The documentation for the Taegis™ NGAV Agent has been updated. For more information, see Taegis™ NGAV Agent.
Secureworks® Taegis™ XDR 3.2.14 ⫘
Friday, May 26th, 2023 ⫘
Features ⫘
Isolate and Restore Disconnected Taegis Endpoint Agents ⫘
Taegis Endpoint Agents now have the enhanced ability to be isolated and restored when in a disconnected state. For more information, see Host Isolation.
Create Share Link for Agent Details and Suppression Rules ⫘
Agent details and suppression rules now provide a direct link to share with other tenant users or Secureworks support.
Fixes ⫘
Custom Parsers Error ⫘
An error was displaying on the Custom Parsers page and persisting to other areas of XDR when there were no configured custom parsers. This has been fixed.
Red Cloak™ Endpoint Agent Isolate and Restore ⫘
The options to isolate and restore some Red Cloak™ Endpoint Agents were not available from Endpoint Agents. This has been fixed.
Report Generation ⫘
A bug causing reports not to generate for users whose language preference was set to Japanese has been fixed.
Investigations Table ⫘
A bug causing the Investigations table to partially load with errors has been fixed.
Docs ⫘
Endpoint Agents Summary Table ⫘
Endpoint Agents has been updated with additional guidance for filtering and selecting all endpoints.
Secureworks® Taegis™ XDR 3.2.13 ⫘
Thursday, May 11th, 2023 ⫘
Features ⫘
Related Entities and Insights ⫘
XDR’s Alert Details now includes Related Entities in the Summary tab. There’s also a new Insights tab where you can quickly triage alerts that share traits—related entities—with the currently displayed alert. This allows analysts to speed root cause analysis and group related alerts into an investigation. For more information, see Alert Details.
Secureworks® Taegis™ XDR 3.2.12.1 ⫘
Tuesday, May 9th, 2023 ⫘
Features ⫘
Taegis Endpoint Agent Release Channels ⫘
Release Channels has left Preview mode and is now generally available. See Group Configuration to assign Taegis Endpoint Agent groups to the Stable, Preview, or Beta channel to auto-update endpoints in that group when agent versions promoted to the chosen channel are released.
Taegis Endpoint Agent Host Isolation Exceptions ⫘
Host Isolation Exceptions has left Preview mode and is now generally available. Use Host Isolation Exceptions to access Taegis Endpoint Agents in an isolated state from an approved CIDR range. For more information, see Taegis Endpoint Agent Host Isolation Exceptions.
Secureworks® Taegis™ XDR 3.2.12 ⫘
Friday, May 5th, 2023 ⫘
Features ⫘
Data Collector Troubleshooting Console ⫘
The Admiral console is now available to access information about a deployed Taegis™ XDR Collector locally to assist in device setup and troubleshooting of common problems such as network connectivity. For more information, see Admiral Console.
Bulk Uninstall Taegis Endpoint Agents ⫘
Multiple Taegis Endpoint Agents can now be bulk uninstalled. For more information, see Uninstall Taegis Agents.
Alerts Table Technique ID Filter ⫘
The Alerts table can now be filtered by MITRE Technique ID using the Technique ID filter. For more information, see Filter for Alerts.
Timeline View Source Event ⫘
In the Timeline of Related Alerts & Events view, the source event can now be selected from the events table to view its details. For more information, see Related Alerts and Events Timeline View.
Close Investigations with No Alerts ⫘
Investigations with no added alerts can now be closed with a closed status for tracking. For more information, see Close Investigation.
Tenant Profile Files ⫘
Tenant Profiles now include a Files tab if Secureworks has uploaded files for your tenant and made them available to you to download. For more information, see Tenant Profile.
Fixes ⫘
Investigation Comments Tags ⫘
Partner users were appearing as options to tag in comments of investigations rather than tenant users. This has been fixed.
Mark All Notifications as Read ⫘
The Mark all as Read function in XDR notifications has been fixed.
Investigations Table Column Filters ⫘
The Assignee and Creator columns of the Investigations table can now be filtered with the Contains operator as designed.
Investigation Summary Report Timeframe ⫘
The Investigation Summary report now displays the correct timeframe.
Add Connection in Playbook Configuration ⫘
When configuring a playbook template, adding a connection could not be tested or saved. This has been fixed.
Secureworks® Taegis™ XDR 3.2.11.4 ⫘
Tuesday, May 2nd, 2023 ⫘
Features ⫘
XDR Automations IP Range Change ⫘
On May 15th, 2023, the IP address range used for Automations is changing to 216.9.204.0/22.
Prior to May 15th, random AWS Elastic IP addresses (eIPs) have been used for making connections to integrated product APIs. The change is being made in order to use specified source IP ranges for connector authentication. This will likely not impact you, but it if you have configured firewall rules, allow-lists, or any other application configuration that specifies AWS eIPs, you’ll need to update the configuration. For more information, see Automations Overview.
Secureworks® Taegis™ XDR 3.2.11 ⫘
Thursday, April 13th, 2023 ⫘
Features ⫘
New Endpoint Agents Interface Released ⫘
A new Endpoint Agents interface has left Preview mode and is now available to all users. This improved experience includes streamlined navigation with enhanced filters, improved export functionality, and a new tagging experience. For more information, see Endpoint Agents.
Taegis Endpoint Agent Release Channels ⫘
For users opted in to Preview mode, Release Channels control the update process of the agent at a group level. See Group Configuration to assign Taegis Endpoint Agent groups to the Stable, Preview, or Beta channel to auto-update endpoints in that group when agent versions promoted to the chosen channel are released.
Docs ⫘
XDR Python SDK Docs ⫘
Documentation on using the XDR Python SDK have been added. For more information, see Authenticating with XDR GraphQL APIs.
Fixes ⫘
Investigation Key Findings Information ⫘
A display bug disallowed full scrolling through key findings in some investigations. This has been corrected.
Report Dates Don’t Match Dates From Advanced Search ⫘
Certain search and report combinations were producing mismatched dates. This has been corrected.
Secureworks® Taegis™ XDR 3.2.10.2 ⫘
Friday, April 7th, 2023 ⫘
Features ⫘
Taegis Endpoint Agent Host Isolation Exceptions ⫘
For users opted in to Preview mode, you can now configure Host Isolation Exceptions to access Taegis Endpoint Agents in an isolated state from an approved CIDR range. For more information, see Taegis Endpoint Agent Host Isolation Exceptions.
Investigation Status Reason ⫘
A new column called Status Reason on the Investigations Evidence tab now displays the reason an alert was closed. For more information, see Investigation Evidence.
Secureworks® Taegis™ XDR 3.2.10.1 ⫘
Monday, April 3rd, 2023 ⫘
Features ⫘
SentinelOne Integration Added ⫘
XDR in Preview mode can now ingest and normalize data from SentinelOne. For more information, see SentinelOne.
Secureworks® Taegis™ XDR 3.2.10 ⫘
Thursday, March 30th, 2023 ⫘
Features ⫘
Investigation ID ⫘
All investigations now have a unique identifier number (for example, INV00001
). You can filter for it in the new Investigations Overview column. For more information, see Investigation Summary.
Events on the Investigation Timeline ⫘
The investigation timeline now displays event summaries for all events. For more information, see Investigation Timeline.
Automatic Investigations Change Summary Notifications ⫘
A new email notification is now available: Automatic investigations change summary. This is a daily digest that summarizes which investigations were changed by a service provider auto-appending an alert to an investigation. For more information, see Notification Preferences.
Taegis Connections No Longer Required ⫘
Taegis platform connectors are now automatically provisioned. This means that when configuring automation playbooks, you are no longer required to configure Taegis connections manually.
Fixes ⫘
Deactivated Username Appearing in Investigation Assignee List ⫘
Disabled user names were appearing in the Investigation Assignee drop down in a Beta feature of XDR. This has been fixed.
Secureworks® Taegis™ XDR 3.2.9 ⫘
Friday, March 24th, 2023 ⫘
Features ⫘
Forcepoint Firewall Integration Added ⫘
XDR can now ingest and normalize data from Forcepoint Firewall. For more information, see Forcepoint Firewall.
McAfee ePO Integration Added ⫘
XDR can now ingest and normalize data from McAfee ePO. For more information, see McAfee ePO.
Bulk Reconnect Taegis Endpoint Agents ⫘
Multiple Taegis Endpoint Agents can now be bulk reconnected to the registration server to initiate an auto-update. For more information, see Reconnect Taegis Agents.
Single Sign-On Now Available ⫘
Single sign-on (SSO) is now generally available to all users, by integrating XDR access with a localized corporate authentication system with Enterprise SSO. For more information, see Enterprise SSO.
Fixes ⫘
Mark All As Read ⫘
The Mark all as read option in the notifications pane now works again.
Issue Closing Investigations ⫘
Users of the Japanese version of XDR were having issues closing investigations. This has been fixed.
Playbook Columns ⫘
Columns in the Configured Playbooks table now sort as expected.
Azure AD Risk Detection Integrations ⫘
Correctly configured Azure Active Directory Identity Protection - Risk Detection integrations were not being marked as active. This has been fixed.
Secureworks® Taegis™ XDR 3.2.8 ⫘
Friday, March 17th, 2023 ⫘
Features ⫘
Endpoint Assets GraphQL API Now Available ⫘
The Endpoint Assets GraphQL API is now available in XDR. For more information, see Endpoint Assets GraphQL API.
Taegis Endpoint Agent Summary Investigations ⫘
Taegis Endpoint Agent details now include a count of associated investigations in the side drawer summary view and a list of associated investigations with description, status, and assignee in the detailed view. For more information, see View Endpoint and Agent Details.
Fixes ⫘
ServiceNow Automation Connection ⫘
Selecting the Test button after properly configuring a ServiceNow connection was resulting in an error. This has been fixed.
Scheduled Reports ⫘
Some scheduled reports were experiencing a delay in being sent to subscribers after generating. This has been fixed.
Secureworks® Taegis™ XDR 3.2.7 ⫘
Thursday, March 9th, 2023 ⫘
Features ⫘
Darktrace Integration Added ⫘
XDR can now ingest and normalize data from Darktrace. For more information, see Darktrace.
Fixes ⫘
Tenant Selector ⫘
The All My Tenants tab of Tenant Selector was periodically presenting tenants out of order. This has been fixed.
Alert Sensor ID Pivot Search ⫘
The pivot search magnifying glass icon was missing for the Sensor ID field of alerts. This has been fixed.
Secureworks® Taegis™ XDR 3.2.6 ⫘
Friday, March 3rd, 2023 ⫘
Features ⫘
On-Premises Highly Available (HA) Collector ⫘
You can now can deploy an On-Premises HA Data Collector for XDR. For more information, see On-Premises HA Data Collector.
Custom Rules Event Types ⫘
The Custom Rules table now includes a column called Event Type, so you can easily identify which events are being matched against. For more information, see Custom Alert Rules.
MFA QR Code Alternative ⫘
When setting up your multi-factor authentication for XDR logins, there is now a new option for users who can’t scan QR codes. Choose the option to copy a secret string into your authenticator app instead. For more information, see Set Up Multi-Factor Authentication.
Search Endpoint Agent Tags ⫘
On the Endpoint Agent Summary table, the Tags filter now has an input box, so you can search for tags that contain the phrase you enter. For more information, see Filter Endpoints.
Tickets Related to Investigations ⫘
On an investigation, the Ticket field used to auto-populate from third-party ticketing systems only. Now, this field is manually editable, so you can add any internal ticket references you’d like to an investigation. For more information, see Investigation Summary.
Fixes ⫘
Endpoints Not Loading ⫘
The Endpoints table wasn’t loading for some tenants. This has been fixed.
Editing Custom Date Ranges ⫘
Some users were having difficulty editing custom date ranges while constructing advanced searches. This has been fixed.
Suppressed High & Critical Alerts ⫘
On the Security Posture Dashboard, the Event Pipeline widget no longer includes suppressed alerts in the High & Critical Alerts count.
Secureworks® Taegis™ XDR 3.2.5 ⫘
Friday, February 24th, 2023 ⫘
Features ⫘
Single Sign-On Now in Preview ⫘
For users opted in to Preview mode, you can now integrate XDR access with a localized corporate authentication system with Enterprise SSO. For more information, see Enterprise SSO.
Cisco ISE Integration Added ⫘
XDR can now ingest and normalize data from Cisco ISE. For more information, see Cisco ISE.
Forcepoint Web Security Integration Added ⫘
XDR can now ingest and normalize data from Forcepoint Web Security. For more information, see Forcepoint Web Security.
VMware vCenter Integration Added ⫘
XDR can now ingest and normalize data from VMware vCenter. For more information, see VMware vCenter.
Fixes ⫘
Can’t Tag Customers in Comment Section ⫘
The comments section now displays the context menu as expected when @customer
is entered.
Secureworks® Taegis™ XDR 3.2.4 ⫘
Thursday, February 16th, 2023 ⫘
Features ⫘
Improved Performance for Custom Alerts and Searches for Generic Events ⫘
Secureworks has updated how generic events are generated in XDR to improve performance for Custom Alert and Searches involving generic data. Previously, normalized events were duplicated as generic events. This change removes the duplicate events from the generic schema. Going forward, only data that is not normalized is stored as generic events. This reduction in generic events improves performance for the features that use generic events. Note that all normalized events contain the original unaltered message in the original_data
field.
If you currently have custom rules, saved searches, or reports that use generic events, then the duplication of generic events will be turned off for your tenant on March 16th, 2023. If you do not have custom rules, saved searches, or reports that rely on generic events, then this update will not have an impact on your tenant and the duplication will be turned off on February 16th, 2023. For more information, see FAQ: Generic Events and Normalized Data.
Alert Grouping Expanded to Seven Days ⫘
Previously, alerts used a 24-hour period to group occurrences, but now alert occurrences may be grouped within a window of up to seven days. See Alert Group Key FAQ for more details.
Investigation IDs ⫘
Investigations now include an autogenerated ID added to the end of the title for easier identification and communication. For more information on investigations, see Work an Investigation.
Fixes ⫘
Close Investigations ⫘
A bug in the Close Investigation modal that made it impossible to select the reason for closing the investigation has been fixed.
Secureworks® Taegis™ XDR 3.2.3 ⫘
Thursday, February 9th, 2023 ⫘
Features ⫘
Refreshed Chat Support Experience and Navigation ⫘
In addition to a refreshed look and feel of the navigation in Secureworks® Taegis™ XDR, the Chat Support button has also been relocated to the bottom of the left-hand menu. For more information, see Chat Support.
CTU™ Threat Intelligence Report Notifications ⫘
You can now opt in to notifications about CTU Threat Intelligence Reports. For more information, see Notification Preferences.
Secureworks® Taegis™ XDR 3.2.2 ⫘
Tuesday, February 7th, 2023 ⫘
Features ⫘
Security Posture Dashboard ⫘
Introducing the new Security Posture Dashboard, which highlights your organization’s security posture, as well as the security trends in your industry and others. It’s available under Dashboards in the left-side navigation. For more information, see Security Posture Dashboard.
Secureworks® Taegis™ XDR 3.2.1 ⫘
Thursday, February 2nd, 2023 ⫘
Features ⫘
Edit User Email Addresses ⫘
Tenant Admins can now edit other users' email addresses. For more information, see Edit User Emails.
Fixes ⫘
Investigation Load Time ⫘
The increased load time of investigations containing a large number of added alerts, events, assets, or entities has been fixed.
Report Template Date Range ⫘
A bug affecting the date range for report templates created in a time zone outside the current UTC date has been fixed.
Manage Users Page ⫘
The Manage Users page now displays a message if there are no users for the tenant.
Secureworks® Taegis™ XDR 3.2 ⫘
Friday, January 27th, 2023 ⫘
Features ⫘
Advanced Search Aggregations ⫘
You can now use Aggregate in Advanced Search queries to group results and filter or calculate the results for sum, min, max, average, count, or cardinality to find what’s important in your XDR gathered data. This powerful addition allows you to summarize data and is a useful aid to the investigative process. For more information, see Aggregations.
Google Cloud Platform (GCP) Collector ⫘
XDR now can deploy a collector in the Google Cloud Platform (GCP). For more information, see Google Cloud Platform (GCP) Collector.
Google Workspace Login Audit Activity Integration Added ⫘
XDR can now ingest and normalize data from Google Workspace Login Audit Activity. For more information, see Google Workspace Login Audit Activity Integration.
Trend Micro Deep Security Integration Added ⫘
XDR can now ingest and normalize Trend Micro Deep Security event types. For more information, see Trend Micro Deep Security.
Docs ⫘
Proactive Response Updated ⫘
The documentation for Proactive Responses has been updated. For more information, see Proactive Response Actions Overview.
Secureworks® Taegis™ XDR 3.1.22 ⫘
Thursday, January 19th, 2023 ⫘
Features ⫘
ManagedXDR Proactive Response Actions Expanded ⫘
Proactive Response Actions for ManagedXDR customers have been updated and now include the ability to do the following actions:
- Host isolation
- User password reset with Azure AD
- User block with Azure AD
- User block with AWS
- Access key revocation with AWS
- Disable MFA device with AWS
- iSensor IP block
For more information, see Proactive Response Actions Overview.
Fixes ⫘
Duplicate Points of Contact ⫘
We have fixed an issue that allowed duplicate points of contact within Tenant Profile.
Investigation Comments ⫘
Mentioning users in the comments of an investigation now works as expected.
Normalized Hostname ⫘
The hostname was not being displayed in the Normalized Data JSON for Taegis NGAV alerts. This has been fixed.
Secureworks® Taegis™ XDR 3.1.21 ⫘
Friday, January 13th, 2023 ⫘
Features ⫘
Custom Parsers and Custom Automations ⫘
You can now create Custom Parsers to parse and normalize syslog data to XDR schemas from sources not natively supported. You can also now build custom automations by defining Custom Connectors and building Playbook Templates. For more information, see Custom Parsers Overview, Custom Connector Editor, and Building Your First Playbook. Additional docs are also available with more in development coming soon.
CyberArk Integration Added ⫘
XDR can now ingest and normalize CyberArk Privileged Threat Analytics (PTA) and Vault data. For more information, see CyberArk.
Fixes ⫘
Edit Suppression Rules ⫘
When editing a suppression rule, the Save button was not appearing if a field was updated by pasting content rather than typing it. This has been fixed.
Docs ⫘
Taegis Endpoint Agent Group Configuration ⫘
Taegis Endpoint Agent Group Configuration has been updated to reflect the renaming of available policy tiers.
Secureworks® Taegis™ XDR 3.1.20 ⫘
Friday, January 6th, 2023 ⫘
Features ⫘
Response Actions ⫘
Custom response actions created from playbooks are now offset in a subsection of the Actions drop-down lists, under the header ’Response Actions.’ This makes it clearer which actions are standard to XDR and which are custom to the tenant.
Removed Time Zones ⫘
Time zones have been removed from the list of users in a tenant, to prevent confusion. As a reminder, the default time setting in XDR is UTC. This cannot be adjusted by customers or Secureworks.
Phone Number Extensions ⫘
Profile Settings now supports adding extensions to phone numbers. For more information, see Profile Settings.
Fixes ⫘
Alert Counts in Reports ⫘
Alert counts in some report templates were not corresponding with the selected dates. This has been fixed.
Alert Suppression Rules ⫘
The drag-and-drop functionality for creating alert suppression rules has been fixed.
Secureworks® Taegis™ XDR 3.1.19 ⫘
Thursday, December 22nd, 2022 ⫘
Docs ⫘
New Docs Site Navigation ⫘
Welcome to the improved XDR docs site, which has been reorganized to improve the findability of our docs. Notable changes include:
- A new landing page for all Taegis documentation, with search bars for both XDR and VDR
- An improved navigation menu for XDR
- Tags for articles
- A new Get Started section
Secureworks® Taegis™ XDR 3.1.18 ⫘
Thursday, December 15th, 2022 ⫘
Features ⫘
Tenant Profile ⫘
Managed Security Service customers can now use Tenant Profile to review and update critical security escalation points of contact and review network details to help the triaging and escalation of security alerts. For more information, see Tenant Profile.
Docs ⫘
API Authentication Using Powershell ⫘
Instructions on authenticating onto the XDR APIs using Powershell have been added. For more information, see Authentication Using Powershell.
Updates to Business Email Compromise Detector Triggers ⫘
The list of inbox rules that trigger alerts from the Business Email Compromise Detector has been updated. For more information, see Business Email Compromise.
Secureworks® Taegis™ XDR 3.1.17 ⫘
Monday, December 12th, 2022 ⫘
Feature ⫘
New Taegis™ XDR Endpoint Agent for Windows Now Available ⫘
Taegis Endpoint Agent for Windows version 1.0.26 is now available. For more information, see Taegis™ Agent Changelog.
Secureworks® Taegis™ XDR 3.1.16.2 ⫘
Thursday, December 1st, 2022 ⫘
Docs ⫘
File Upload API ⫘
You can use the File Upload API to send properly formatted log files to Secureworks® Taegis™ XDR for ingestion and normalization without a Taegis™ XDR Collector. For more information, see Using the File Upload API.
Fixes ⫘
Netflow Diagram ⫘
Source IP and Destination IP addresses now display as expected on netflow diagrams for events.
Secureworks® Taegis™ XDR 3.1.16 ⫘
Thursday, November 17th, 2022 ⫘
Features ⫘
Hostname Quick Search ⫘
You can now perform quick searches on hostnames. For more information, see Quick Search.
VirusTotal Added to Threat Intelligence Alert Enrichment ⫘
Secureworks now leverages enrichment data from VirusTotal, displayed in an alert’s Threat Intelligence details tab. The rest of the tab has also been redesigned, including a new pop-up that displays the Geotag and the APIVoid total count when you hover over a red flag icon . For more information, see Threat Intelligence Alert Enrichment.
Docs ⫘
New FAQ for iSensor Block/Unblock ⫘
We have added steps to the Managed iSensor™ FAQ regarding how to configure a block or unblock action on an iSensor. For more information, see Managed iSensor™ FAQ.
Fixes ⫘
Pivot Search ⫘
Pivot searches using @hash contains
were resulting in an error. This has been fixed.
Pivot searches on a URI Host for an http event type were also failing. This has also been fixed.
Microsoft Defender for Endpoint Event Hub ⫘
Event Hub details for Microsoft Defender for Endpoint integrations are now displayed correctly.
Copying Text ⫘
Double-clicking or double-tapping on text within XDR copies the text to your clipboard. We have fixed an issue where extra text was also being copied inadvertently.
Secureworks® Taegis™ XDR 3.1.15 ⫘
Thursday, November 10th, 2022 ⫘
Features ⫘
Create Reports From a Template ⫘
You can now create Investigation Summary Reports, Executive Summary Reports, and Alert Summary Reports from a predefined template. For more information, see Report Templates, and Create Reports from a Template.
SCADAfence Integration Added ⫘
XDR can now ingest and normalize SCADAfence data, providing visibility into OT networks. For more information, see SCADAfence.
Fixes ⫘
Investigations Attachments Tab Not Loading ⫘
Some tenants were unable to see the Investigations Attachment tab. This has been fixed.
Docs ⫘
Taegis™ NGAV Agent ⫘
The documentation for the Taegis™ NGAV Agent has been updated to reflect how NGAV data is processed. For more information, see Taegis™ NGAV Agent.
Secureworks® Taegis™ XDR 3.1.14 ⫘
Thursday, November 3rd, 2022 ⫘
Features ⫘
Investigation Summary Report Template in Preview ⫘
For users opted in to Preview mode, you can now create Investigation Summary Reports from a predefined template. For more information, see Investigation Summary Report.
Mimecast and Proofpoint Integration Update ⫘
New XDR Mimecast and Proofpoint Integrations now require adding a unique integration name. For more information, see Mimecast and Proofpoint Targeted Attack Protection (TAP).
Fixes ⫘
Unrelated Alerts in Taegis Endpoint Details ⫘
Unrelated alerts were showing in Taegis agent endpoint details. This has been fixed.
O365 Integration Authorization Not Working ⫘
The Authorize button for O365 Cloud API integrations is now working as expected.
Docs ⫘
Updates to Users API Documentation ⫘
Instructions on how to search users using the Users GraphQL API have been added. For more information, see Using the Users API.
Updates to Tenants API Documentation ⫘
Instructions on managing tenant environments with the Tenants GraphQL API have been added. For more information, see Using the Tenants API.
Taegis Endpoint Agent Known Issues ⫘
Documentation of known issues affecting the Taegis Endpoint Agent is now available.
Taegis Endpoint Agent Troubleshooting ⫘
Windows Agent Troubleshooting has been updated with information on using the included support kit tool, and Linux Agent Troubleshooting has been updated with information on using two available support scripts.
Secureworks® Taegis™ XDR 3.1.13 ⫘
Wednesday, October 26th, 2022 ⫘
Features ⫘
Playbook Queues in Preview ⫘
For users opted in to Preview mode, you can view queues for High-Priority playbooks and Normal playbooks. For more information, see Playbook Queues.
Secureworks® Taegis™ XDR 3.1.12.1 ⫘
Tuesday, October 25th, 2022 ⫘
Docs ⫘
Alerts API ⫘
Alerts API documentation has been updated to note that the current Taegis™ XDR GraphQL gateway does not support skip directives.
Mimecast ⫘
Mimecast documentation has been updated to note that MFA must be disabled for the service account used for the Mimecast integration.
Secureworks® Taegis™ XDR 3.1.12 ⫘
Thursday, October 20th, 2022 ⫘
Features ⫘
New Taegis™ XDR Endpoint Agent for macOS Now Available ⫘
Taegis Endpoint Agent for macOS version 1.0.43 is now available. For more information, see Taegis™ Agent Changelog.
Fixes ⫘
Some Reports Run at the Wrong Time ⫘
Some reports were running 12 hours off. This has been corrected.
Can’t See Time Zone on Report Configuration ⫘
Browser scrolling was preventing display of the time zone selector in the report scheduling panel of the report creator. This has been fixed.
Select All Not Allowed in Agent Details ⫘
The option to add all alerts to an existing investigation is once again available from the Agent Details view.
Alerts Panel Username List ⫘
The Alerts Panel username list was not always refreshing correctly. This has been corrected.
Secureworks® Taegis™ XDR 3.1.11.1 ⫘
Monday, October 17th, 2022 ⫘
Features ⫘
New Taegis™ XDR Endpoint Agent for Windows Now Available ⫘
Taegis Endpoint Agent for Windows version 1.0.24 is now available. For more information, see Taegis™ Agent Changelog.
Secureworks® Taegis™ XDR 3.1.11 ⫘
Thursday, October 13th, 2022 ⫘
Features ⫘
Native Crowdstrike Integration Now Available ⫘
XDR now makes use of Crowdstrike’s Falcon Data Replicator to provide built-in integration. This native integration provides deeper support for EDR tenant deployments both in the U.S. and EU regions. It also greatly improves the telemetry data ingested into XDR, minimizes telemetry ingestion times, and simplifies onboarding to XDR. For more information, see Crowdstrike.
New Taegis™ XDR Endpoint Agent for Windows Now Available ⫘
Taegis Endpoint Agent for Windows version 1.0.22 is now available. For more information, see Taegis™ Agent Changelog.
Copy Process Trees as Text ⫘
You can now copy a process tree as text to paste in other locations as needed. For more information, see View an Alert’s Process Tree.
Edit Investigations ⫘
When editing an investigation, you are now prompted to confirm discarding changes without saving when navigating away in the app, refreshing the page, or closing the tab. For more information, see Investigation Key Findings.
Filter Playbook History Tables ⫘
You can now filter Playbook History tables using multiple execution state filters at a time. For more information, see Playbook History.
Fixes ⫘
Investigation Scrollbar Disappearing ⫘
When editing an investigation, opening the comments resulted in the Key Findings section scrollbar disappearing. This has been fixed.
Secureworks® Taegis™ XDR 3.1.10 ⫘
Thursday, October 6th, 2022 ⫘
Features ⫘
Cloud Recon to Change Detector ⫘
The Cloud Recon to Change Detector, now available in XDR, identifies unusual exfiltration of AWS RDS data by a user by correlating anomalous behaviors for multiple event names, across different categories of event name, to alert malicious activity with higher confidence. For more information, see Cloud Recon to Change Detector.
Alert Summary Report Template in Preview ⫘
For users opted in to Preview mode, you can now create Alert Summary Reports from a predefined template. For more information, see Alert Summary Report.
Investigation Comment Improvements ⫘
When mentioning someone in a comment (@username
), previously mentioned users now float to the top of the user list. For ManagedXDR subscribers, @Secureworks
does too. For more information, see Investigation Comments.
Fixes ⫘
API Key Authentication ⫘
When creating a new connection, the UI was not accepting entries in the ’Query Param’ field when using the API Key authentication type. This has been fixed.
Secureworks® Taegis™ XDR 3.1.9 ⫘
Thursday, September 22nd, 2022 ⫘
Feature ⫘
Create Share Link for Automations ⫘
You can now generate a direct share link for the following aspects of Automations to provide to other tenant users or to Secureworks support: playbook instances, playbook executions, playbook templates, connections, and connectors.
Fixes ⫘
Download Agents Button ⫘
The Download Agents button was missing from Manage Endpoints in XDR for some authorized users. This has been fixed.
Red Cloak Endpoint Bios Serial ⫘
From Red Cloak Agent Details in XDR, double clicking the Bios Serial entry resulted in an incorrect value being copied. This has been fixed.
Alert Severities Not Rounded ⫘
Alert Severities in alert panels and alert details are now rounded down to two digits.
Create Suppression Rules ⫘
When creating a suppression rule from an alert, rearranging the entities on the left resulted in the entities no longer being able to be added to the rule. This has been fixed.
Duplicate Alerts Added to New Investigations ⫘
New investigations created with duplicate alerts resulted in these duplicates remaining in a loading state in the Evidence > Alerts tab of the investigation. This has been fixed.
Docs ⫘
Detector Overview ⫘
A new column has been added to Detector Overview that indicates whether or not the detector can be searched using underlying events.
Secureworks® Taegis™ XDR 3.1.8 ⫘
Tuesday, September 20th, 2022 ⫘
Feature ⫘
Investigation Audit Logs Table ⫘
Investigation Audit Logs tables found in the Evidence → History tabs of investigation details can now be filtered by date range. For more information, see Investigation Evidence.
Fixes ⫘
Mimecast Integration ⫘
When adding a Mimecast integration, the Secret Key field could not be revealed by using the Show Secret Key icon. This has been fixed.
View Pivot Search in Advanced Search ⫘
Pivot searches using the URI Query field from HTTP events could not be opened using the View in Advanced Search option from the pivot search. This has been fixed.
Secureworks® Taegis™ XDR 3.1.7 ⫘
Thursday, September 8th, 2022 ⫘
Features ⫘
Investigation Attachments ⫘
Investigations now support file attachments up to 2GB. For more information, see Investigation Evidence.
SA Certificates for On-Prem Connections ⫘
Automation connections now support self-signed certificates for on-premise configurations. For more information, see Configure an Automation Connector for Use On-Premise.
Escaped Regex in Alert Suppression Rules ⫘
When dragging-and-dropping entities to create alert suppression rules, regular expressions are now escaped automatically. For more information, see Create a Suppression Rule from an Alert.
Application Certificate Expirations ⫘
Applications installed on data collectors (such as eStreamer, Splunk, and TLS Enabled Syslog) now display the certificate expiration date. Hover over the word ’Installed’ to view it. For more information, see Manage Data Collector Applications.
Fixes ⫘
Affected Agents ⫘
Impacted Taegis Agents now appear in the Affected Agents section of alert details.
Default Rate Limit ⫘
The default rate limit on playbook templates was causing errors. This has been fixed.
Cloud APIs Table ⫘
Columns in the table of Cloud APIs now sort as expected.
Detector Documentation Links ⫘
Several documentation links from detector details were broken. These have been fixed.
Secureworks® Taegis™ XDR 3.1.6 ⫘
Thursday, September 1st, 2022 ⫘
Feature ⫘
Alert Group Key ⫘
Detectors may now use the alert group key to create one alert per key within a specified time window. These group keys are intended to deduplicate alerts which are primarily identical, except for timestamp and other non-consequential fields. For more information, see Alert Group Key.
Secureworks® Taegis™ XDR 3.1.5 ⫘
Wednesday, August 31st, 2022 ⫘
Feature ⫘
Netskope SSE Integration Added ⫘
XDR can now ingest and normalize Netskope Security Service Edge (SSE) data, enabling XDR to provide a more holistic view of threats and business risks. For more information, see Netskope SSE.
Docs ⫘
Okta Integration Update ⫘
The Okta Integration has been updated to clarify the privileges and scope required for integration with XDR. For more information, see Set up Okta Integration.
NXLog Template Updated ⫘
The NXLog template has been updated to version 1.4 and is now defaulted for 64 bit. Older 32 bit Nxlog versions can use this template with some modifications, which are noted in the template. This update also adds several troubleshooting sections. For more information, see NXLog Template Downloads.
Secureworks® Taegis™ XDR 3.1.4 ⫘
Thursday, August 25th, 2022 ⫘
Fixes ⫘
Automation Playbooks Lost ⫘
A bug was fixed that forced users working on automation playbooks to lose their progress due to the XDR update button obscuring the save button.
Investigation Names ⫘
The capitalization of some investigation names was being overridden in some areas of the UI. This has been fixed.
Secureworks® Taegis™ XDR 3.1.3 ⫘
Thursday, August 18th, 2022 ⫘
Fixes ⫘
Reassign Investigation ⫘
Tenant Analysts did not have the option to reassign an investigation to the entire tenant. This has been fixed.
Select Events from Search Results ⫘
Selected events from the results of a multi-schema search were being deselected when additional events were loaded upon scrolling through the results. This has been fixed.
Docs ⫘
Google Common Expression Language Documentation ⫘
Reference documentation has been added for CEL macros. XDR supports some Google Common Expression Language (CEL) macros for use in its Automations platform, including with playbooks. This enables data manipulation and evaluation within connectors and templates. Many of the CEL macros are built-in, but some have been custom built to address common problems. For more information, see Common Expression Language Macros. Some of the macros are specifically for working with alerts data.
Secureworks® Taegis™ XDR 3.1.2 ⫘
Thursday, August 11th, 2022 ⫘
Features ⫘
Alerts API Transition Complete ⫘
The Alerts API transition that began in May has officially been completed. As of today, the legacy APIs related to alert search, retrieval, and resolving have been removed from Taegis XDR. Use of these legacy APIs is no longer supported. For supported APIs, see Getting Started with the Alerts GraphQL API.
Threat Intelligence Flags ⫘
We’ve added red flags to IP address fields on Alert Details to indicate where Threat Intelligence alert enrichment is available. For more information about viewing the alert enrichment, see Threat Intelligence Alert Enrichment.
Fixes ⫘
Cisco IOS IP Addresses ⫘
Source IPs for Cisco IOS events were not matching the normalized source addresses. This has been fixed.
Alert Suppression Rules ⫘
Alert suppression rules were not disabling properly for some users. This has been fixed.
Secureworks® Taegis™ XDR 3.1.1 ⫘
Friday, August 5th, 2022 ⫘
Fixes ⫘
Wrong CSV of Scheduled Report Downloads ⫘
On some tenants the wrong csv file of a scheduled report would download. This has been corrected.
Advanced Search Event Preview Showing Nonexistent Field ⫘
Fields not relevant to the specified search no longer appear in the advanced search event preview.
Timeline View For Related Events Scrolling ⫘
The Timeline View has been updated so that newly loaded data doesn’t force scroll back to the top.
Secureworks® Taegis™ XDR 3.1 ⫘
Tuesday, August 2nd, 2022 ⫘
Features ⫘
New Taegis™ XDR Endpoint Agent Now Available ⫘
The new Taegis Endpoint Agent is now available. Existing customers will be upgraded on a rolling basis to account for service upgrade considerations that need to be addressed for successful migration. Look for a message in XDR in the Endpoints section with further details on how to sign up to upgrade to the new agent. For more information, see Taegis Endpoint Agent Introduction.