Secureworks® Taegis™ XDR 3.6.11 ⫘
Thursday, January 9th, 2025 ⫘
Features ⫘
Escalation Policies ⫘
More than three contacts can now be defined for ManagedXDR SOC Escalation Calls! Existing Points of Contact have been migrated to the new default escalation policy. Customers can view and compare these policies by navigating to Tenant Settings > Notification Configurations from the Taegis Menu.
Identity Findings History ⫘
Findings now show a History tab containing Finding activity such as the new Closed By and Closed At fields tracking when a finding was closed and by whom.
Fixes ⫘
Playbook Editing ⫘
Under certain conditions, playbook drop down selections could not be made. This has been fixed.
Alert Triage Dashboard Date Picker ⫘
Under certain conditions, the date picker would cause an error on the Alert Triage Dashboard. This has been fixed.
Docs ⫘
Agent Migrator Script Updates ⫘
The PowerShell Agent Migrator script that aids in the migration from Red Cloak Endpoint Agent to Taegis Endpoint Agent has been updated to version 2.5.
Custom Parser Documentation Refresh ⫘
The Custom Parser Documentation has been enhanced with up-to-date instructions, examples, and additional images.
Secureworks® Taegis™ XDR 3.6.10 ⫘
Wednesday, December 18th, 2024 ⫘
Features ⫘
Filter Event Searches by Alerts ⫘
Both the Advanced Search Query Language and the Advanced Search Builder now allow you to filter event searches based on the presence of alerts. Use the syntax alert.resource_id
to identify events that have triggered alerts.
Download PNG of Identity Risk Score ⫘
You can now export the Identity Risk Posture Score line graph as a .PNG file.
Advanced Kernel Telemetry Name Change ⫘
The Taegis Endpoint Agent Advanced Kernel Telemetry setting has been renamed to Deep Process Inspection in XDR.
MITRE ATT&CK Alert Heatmap Widget ⫘
For users opted into Preview mode, a new My Dashboard widget is available. The MITRE ATT&CK Alert Heatmap widget helps identify the most commonly observed MITRE ATT&CK techniques across all alerts and allows for quick filtering of alerts by technique.
Horizontal Stacked Bar Chart ⫘
For users opted into Preview mode, you can now create custom reports using the horizontal stacked bar chart, which is appropriate for observing a part to whole trend of multiple series of data.
Snowflake Integration ⫘
For users opted into Preview mode, XDR can now ingest and normalize logs from Snowflake.
IDR Increases Monitored Primary Domains ⫘
The number of primary domains to be monitored with IDR has increased from 5 to 20.
Fixes ⫘
Investigation Summary Funnel Chart ⫘
The funnel chart on the Investigation Summary Report is displaying consistently again.
Secureworks® Taegis™ XDR 3.6.9 ⫘
Thursday, December 12th, 2024 ⫘
Features ⫘
Taegis AI for Search ⫘
For users opted in to Preview mode, Taegis AI for Search is now available to use generative AI to turn your natural language question or request for information into an Advanced Search query.
Identity Risk Posture Score Page Column Preferences ⫘
Column preferences made on the Identity Risk Posture Score page now save to your user preferences and persist across sessions.
Export Users from Identity My Environment ⫘
You can now export the full or filtered list of users from the Identity My Environment page to CSV.
Automation Actions Design Improvements ⫘
The Automation Actions page has been improved with tabs for configured actions and available actions.
Playbook Execution Task Details ⫘
Each detailed view of a task within a Playbook Execution now contains Input and Output tabs that display the JSON values from that specific task.
Fixes ⫘
Python SDK Authorization ⫘
Authorization to the Python SDK now works as expected.
Missing Horizontal Scrollbar ⫘
The horizontal scrollbar now appears as designed in Advanced Search results and the Related Alerts and Events Timeline view.
Investigation Comment Mentions ⫘
Investigation comment @mentions default to the appropriate @secureworks value for customers.
Endpoint Agent Groups Table Sort ⫘
The column sort function now works correctly on the Agent Groups Summary page.
Investigations Error Message ⫘
A No Investigations Found error message persisted even when filters were updated and matching investigations were found. This has been fixed.
Cloud API Export ⫘
The Status column in CSV exports of the Cloud API page now populates with accurate data.
Endpoint Agents Downloads ⫘
Intermittent access issues to the Endpoint Agents Downloads page using Firefox has been fixed.
Custom Date Picker Time ⫘
The custom date picker throughout XDR now uses the time at which the end date selection is made rather than the time the page was last refreshed in the browser.
Secureworks® Taegis™ XDR 3.6.8 ⫘
Thursday, December 5th, 2024 ⫘
Features ⫘
Affected Entities Alert Section ⫘
Alert details now include an Affected Entities section displaying Threat & At-Risk Entities and Affected Agents.
Alert Details Header ⫘
Alerts now have a persistent Alert Details Header containing a dropdown to select alert Status and fields that display the Status Reason and any investigations the alert is added to.
Filtering and Sorting in Investigation Events Tab ⫘
Events added to an investigation can now be filtered and sorted within certain columns for detailed triage.
Fixes ⫘
Japanese Language Advanced Search Content ⫘
The descriptions of Advanced Search terms in the Japanese version of Secureworks® Taegis™ XDR have been edited to align with the detail provided in the English version.
Taegis Endpoint Agent CSV Export ⫘
CSV exports of Taegis Endpoint Agent Groups would display incorrect Agent Release Channel details.
Docs ⫘
API Device Authorization ⫘
API documentation for Device Authorization is now available.
Secureworks® Taegis™ XDR 3.6.7.1 ⫘
Wednesday, November 27th, 2024 ⫘
Docs ⫘
Oracle Cloud Infrastructure Integration Guide ⫘
The Oracle Cloud Infrastructure integration guide is now available.
Vulnerabilities Support for Tenable Ingest ⫘
Vulnerabilities has been updated to include information regarding VDR's Tenable ingest capability.
Secureworks® Taegis™ XDR 3.6.7 ⫘
Thursday, November 21st, 2024 ⫘
Features ⫘
Identity Risk Posture Score Page ⫘
A new Identity Risk Posture Score Page is now available for IDR customers to track how the Posture Score is changing over time.
Identity Details Insights Tab ⫘
IDR customers can now adjust the period used in the Open Alerts section of the Identity Details Insights tab.
Integrate Cisco Umbrella via a Cisco-Managed S3 Bucket ⫘
Cisco Umbrella can now be integrated with XDR via a Cisco-managed S3 bucket in addition to the current transport path that leverages a customer-managed S3 bucket.
Fixes ⫘
Schema Fields Not Displaying ⫘
Schema fields now correctly display in the Advanced Search Schema Browser.
Docs ⫘
Log In to XDR ⫘
Log In to XDR has been updated to support the authentication provider migration. The legacy content is still available for users who have not yet been invited to migrate their account.
Power BI for XDR ⫘
The Power BI template and instructions have been updated to assist users with advanced reporting capabilities.
API Credential Creation Scripts ⫘
The API authentication documentation has been updated with new scripts to assist users in API credential creation.
Taegis Endpoint Agent Changelog Presentation ⫘
Taegis Endpoint Agent Changelog has been improved by moving any interim pre-Production Stable release versions to a collapsed section at the end of the associated Production Stable note. Click to expand those sections to view the previous versions that were not promoted to Production Stable.
Secureworks® Taegis™ XDR 3.6.6 ⫘
Thursday, November 14th, 2024 ⫘
Features ⫘
Authentication Provider Migration ⫘
A new login screen has been introduced this week in Taegis as part of the upcoming transition to a new authentication provider that affects all tenants. To accommodate this transition, specific actions are required for every tenant depending on the tenant's authentication type. These actions must be completed after November 11th and before the end of December.
- If you have Single Sign On (SSO), a Tenant Administrator needs to make a change on behalf of the entire tenant.
- If you use a Password paired with Multi-Factor Authentication (MFA), each tenant user will need to re-verify their credentials using the new system.
Identity Findings Table Enhancements ⫘
The Identity Findings page can now be filtered by Display Name and Finding Title. Additionally, the Identity Findings table now includes more columns such as Last Seen and Last Modified.
Identity My Environment Sort ⫘
A new sort option is available for the My Environment table to quickly find identities with the oldest password age.
Add an Integration Enhancements ⫘
The Add an Integration page now displays available integrations as Optimized or Custom.
Fixes ⫘
Investigation Summary Funnel ⫘
When new data is retrieved for the Investigation Summary Funnel, the vertical funnel values did not change. This has been fixed.
Deprecated Playbooks ⫘
A warning banner now displays if a user is using a deprecated playbook version.
Investigation Code Blocks ⫘
The code blocks were not rendering properly within Investigation Summaries. This has been fixed.
Contact Phone Number Extensions ⫘
Phone numbers with extensions were not displaying correctly. This has been fixed.
Secureworks® Taegis™ XDR 3.6.5 ⫘
Friday, November 8th, 2024 ⫘
Features ⫘
Playbook Template Deprecation ⫘
You can now deprecate playbook templates and playbook template versions when there is a newer alternative available. For more information, see Deprecate a Playbook Template and Deprecate a Playbook Template Version.
Event Preview from Identity Details ⫘
When viewing the Activity Log on an Identity Details page, you can now preview the events in a side panel before opening them in a new tab. For more information, see Activity Log Tab.
Bring Your Own Threat Intelligence ⫘
The Bring Your Own Threat Intelligence (BYOTI) Detector and related integrations have left Preview mode and are now generally available. See the links below for more information:
Fixes ⫘
Automatic Investigations ⫘
The per-page count on the Automatic Investigations table now persists as expected.
Secureworks® Taegis™ XDR 3.6.4 ⫘
Thursday, October 31st, 2024 ⫘
Features ⫘
New AI Features in Preview ⫘
Secureworks® Taegis™ XDR now features generative AI capabilities in Alerts for users opted in to Preview mode. For more information, see Alert Details.
- Alert Analysis - AI Alert Analysis provides easy-to-understand summaries and context for alerts, helping analysts quickly investigate and respond.
- Detection Logic Explanation - The Detection Logic Explainer summarizes the detection logic behind Taegis Watchlist alerts.
- Command Line and Scriptblock Explanation - This feature translates complex command lines and Scriptblocks into clear, readable language, simplifying analysis.
NDR Device Maintenance Windows ⫘
For customers with an NDR Device, the ability to configure a maintenance window that fits your schedule is now generally available. For more information, see NDR Device Maintenance Tab.
Fixes ⫘
Taegis Agent File Analysis Settings ⫘
Taegis Endpoint Agent File Analysis policy settings now display correctly in the Groups table view.
Secureworks® Taegis™ XDR 3.6.3 ⫘
Thursday, October 24th, 2024 ⫘
Features ⫘
Customize Taegis Actions Name and Description ⫘
You can now customize the name and description when adding or editing Taegis Actions. For more information, see Taegis Actions.
Export Entities from Investigations ⫘
You can now generate a CSV export of all or selected entities from the Entities sub-tab of an investigation's Evidence tab. For more information, see Investigation Evidence.
Export Identity Findings ⫘
IDR customers can now generate a CSV export of findings from the Identity Findings table. For more information, see Identity Findings Table.
Update Cloud API Integration Parameters ⫘
Additional Cloud API integrations now support certain parameter updates via XDR. For more information, see Cloud API Integration Update Overview.
Fixes ⫘
Event Volume by Type Formatting ⫘
The Event Volume by Type in the Investigation Summary Report is now correctly formatted as a distinct count rather than as bytes.
Delete Cloud API Integration ⫘
The Cloud API Integrations table now displays the Delete action only for authorized user roles.
Custom Rule Circuit Breaker ⫘
The circuit breaker message now displays as intended for Custom Rules that exceed the maximum amount of created alerts.
Secureworks® Taegis™ XDR 3.6.2 ⫘
Thursday, October 17th, 2024 ⫘
Features ⫘
NDR Device Maintenance Windows ⫘
For customers with an NDR Device who have opted in to Preview mode, you can now configure a maintenance window that fits your schedule for future maintenance. For more information, see NDR Device Maintenance Tab.
Identity Enhancements ⫘
For IDR customers, we’ve made enhancements to several Identity pages, including tooltips around the My Environment page and clearer labels on Identity Details graphs. See Identity documentation for more information.
Taegis Endpoint Agent Group Policies and Tamper Protection ⫘
Group Policies and the Tamper Protection setting have left Preview mode and are now generally available. For more information on this enhancement, see the Enhancements to Taegis Endpoint Agent Groups and Settings Knowledge Base article.
Automations Enhancements ⫘
The following features and enhancements to Automations are now available:
-
Use CEL Explorer to test CEL expressions against a specific type of input so that you can see the outcome of the expression for use in your configurations. For more information, see CEL Explorer.
-
The Playbook Template Steps view was enhanced with a refreshed design that supports drilling into steps to view details and code subsets, tooltips to view conditions, and the ability to expand and collapse a code segment with an iteration or branch. For more information, see Template Steps.
-
Simplified Automation Actions are now generally available to configure response and enrichment actions with just a few clicks. For more information, see Taegis Actions.
Provider Exclusion for Microsoft Graph Security Integration ⫘
The Microsoft Graph Security integration has been enhanced with Provider Exclusion, which allows you to choose Providers you wish to exclude from log collection. For more information, see the Microsoft Graph Security Alerts Integration Guide.
Fixes ⫘
Tagging Secureworks in Comments ⫘
Investigation comments tagging @secureworks now alert the Secureworks team consistently.
Deleting Cloud APIs ⫘
Deleting Cloud API integrations has been restricted to Tenant Admins, as intended.
Docs ⫘
Elite Threat Hunting ⫘
A renewed Elite Threat Hunting Service Description (formerly ManagedXDR Elite) is now available.
Secureworks® Taegis™ XDR 3.6.1 ⫘
Thursday, October 10th, 2024 ⫘
Features ⫘
Taegis Endpoint Agent Group Policies ⫘
Group Policies, now available in Preview mode, consolidate all Taegis Endpoint Agent settings into policies that are assigned to groups. No action is required, as your configuration has been automatically transitioned to group policies that we recommend you review. At initial launch, your current configuration can only be edited in group policies due to the data migration needed for the enhancements. To review or alter your settings, ensure you are in Preview mode, and see Group Policies.
For more information on this enhancement, see the Enhancements to Taegis Endpoint Agent Groups and Settings Knowledge Base article.
View CTU Publications from Alerts ⫘
For users opted into Preview mode, alert details now display a link to Secureworks Counter Threat Unit™ (CTU) publications if the alert is associated with a CTU-published Malware Family or Threat Group. For more information, see Alert CTU Publications.
Access Entity Graph from Alerts ⫘
You can now access Entity Graph from alert details to explore the entities and relationships associated with the alert. For more information, see Explore an Alert in Detail with Entity Graph.
Symantec Endpoint Protection Integration ⫘
XDR can now ingest and normalize logs from Symantec Endpoint Protection. For more information, see the Symantec Endpoint Protection Integration Guide.
Fixes ⫘
Investigation Summary Report Formatting ⫘
The Investigation Overview funnel chart formatting has been updated to prevent issues with displaying larger values.
Docs ⫘
Cloudflare Integration Guide Updated ⫘
Additional guidance has been added to the Cloudflare Integration Guide to make configuration easier.
Secureworks® Taegis™ XDR 3.6 ⫘
Thursday, October 10th, 2024 ⫘
Features ⫘
New Navigation Experience ⫘
We are pleased to announce a new and improved navigation experience in Secureworks® Taegis™ XDR that simplifies navigation and includes a new section on Taegis Solutions for Secureworks customers. The redesigned experience relocates everything from the top menu bar to the Taegis Menu. Now you can find Quick Search, tenant information, core Taegis platform areas, notifications, help, documentation, your profile, and live chat all on the left side of the application.
Notable changes include:
- The Tenant Display provides information about your tenant, your user role, and the tenant's subscribed services.
- For multi-tenant customers, an optimized Switch Tenant experience is available.
- The navigation options remain the same, while Automations moves above Endpoint Agents, and Reports and Downloads move above Tools.
- Two pages move from Tenant Settings: Rules can now be found under Alerts, and Auto Investigations can be found under Investigations.
- Introducing the Taegis Solutions section for Secureworks customers, containing IDR, NDR, VDR, and ManagedXDR.
For more information, see our Navigation documentation.
Secureworks® Taegis™ XDR 3.5.5 ⫘
Thursday, October 3rd, 2024 ⫘
Features ⫘
IDR Alert Enrichment ⫘
For IDR customers, alerts with applicable identity information are now correlated and enriched with user information collected with the IDR module. For more information, see IDR Findings.
Fixes ⫘
Investigation Hard Refresh ⫘
The Investigation Alerts table would show alerts inconsistently upon a hard refresh. This has been fixed.
Report Builder Templates ⫘
Under certain conditions, the Report Builder would fail to load a template. This has been fixed.
Draft Investigation Assignment ⫘
An investigation could not be reassigned while the investigation was in draft status. This has been fixed.
Docs ⫘
IDR Integration Guide Updated ⫘
Values in the JSON code block for Azure permissions have been updated to make configuration easier.
Secureworks® Taegis™ XDR 3.5.4.1 ⫘
Friday, September 27th, 2024 ⫘
Features ⫘
Automations Improvements ⫘
The following improvements have been made to Automations in XDR:
- CEL Syntax Helper — A CEL Syntax Helper displays where applicable to provide common CEL expression examples for automation configurations, making it easier to configure filters for playbooks and actions.
- Playbook Configuration — Playbooks now only allow configuration of options that are supported by the playbook template, reducing misconfiguration of more complex playbooks. Unsupported options are greyed out and cannot be configured.
For more information, see Automations Overview.
Simplified Automation Actions ⫘
Users opted in to Preview mode can now configure response and enrichment actions with just a few clicks. Choose from over a dozen currently available actions, with additional actions scheduled to be released every quarter. For more information, see Taegis Actions.
Docs ⫘
Google Cloud Platform Integration Guide ⫘
The Google Cloud Platform Integration Guide has been updated with additional configuration guidance.
Secureworks® Taegis™ XDR 3.5.4 ⫘
Thursday, September 26th, 2024 ⫘
Features ⫘
Assign Investigations by Email Address ⫘
When assigning investigations, you can now search for a user by their email address, in addition to by their name. Start typing their email to narrow down the matching list. For more information, see Hand Off an Investigation.
Fixes ⫘
Playbook Execution History ⫘
We have made improvements to address issues with playbook execution caching and pagination.
Secureworks® Taegis™ XDR 3.5.3 ⫘
Thursday, September 19th, 2024 ⫘
Features ⫘
Set Identity as Landing Page in XDR ⫘
You can now select the Identity section of XDR as your landing page in User Profile & Settings. For more information, see Customize Your View.
Data Collector Performance Graphs Improved ⫘
The resolution of Data Collector Performance graphs has been increased to more clearly display graph details. For more information, see Manage Data Collectors.
Points of Contact Moved from Tenant Profile ⫘
The Points of Contact section used for security escalations has been moved from Tenant Profile to a new Notification Configurations page under Tenant Settings. For more information, see Notification Configurations.
Fixes ⫘
Netflow Event Addresses Reversed ⫘
Inbound Netflow events from endpoint agents now display the correct local and remote addresses.
Playbook Instance Configuration ⫘
When editing a playbook instance, the configuration now consistently displays in the Activity Connections section.
Trends Report Investigation Overview Values ⫘
Values in the Investigation Overview funnel graph of the Trends Report are now consistent with the values in the same graph of the Investigation Summary Report.
Docs ⫘
Getting Started with Taegis Endpoint Agent ⫘
A new Getting Started with Taegis Endpoint Agent guide is now available to help you get started with our latest endpoint security solution.
Red Cloak End of Support Customer Notice ⫘
The Red Cloak End of Support customer notice is now available with information on our endpoint protection evolution and resources for migration.
Cloud API Integration Update Overview ⫘
The Cloud API Integration Update Overview has been updated with additional Cloud API integrations that support certain parameter updates via XDR.
Secureworks® Taegis™ XDR 3.5.2 ⫘
Thursday, September 12th, 2024 ⫘
Fixes ⫘
Adding NDR Device HOME_NET Entries ⫘
The Add Row button now works correctly when populating NDR Device HOME_NET entries.
Archiving Multiple Investigations from Table ⫘
The Actions button now includes an option to archive when selecting multiple investigations.
Custom Parser Field Values Not Displaying in Search ⫘
Custom Parser field values now display when queried in Advanced Search.
Docs ⫘
IDR Configuration Documentation and FAQ Updates ⫘
The configuration instructions for Taegis™ IDR have been updated for clarity and additional FAQ details have been added. For more information, see IDR Integration Guide and IDR Overview.
Secureworks® Taegis™ XDR 3.5.1 ⫘
Thursday, September 5th, 2024 ⫘
Features ⫘
Playbook Execution Inputs, Outputs, and Target Resource ⫘
You can now view a JSON of the inputs and outputs of a specific playbook execution when drilling down into its details. On the same view, there is now a link to the Target Resource where applicable. For more information, see View Playbook Executions and Failures.
Cloud API Integration Update ⫘
The Cloud API Integration Update feature allows you to update select configuration parameters of supported and existing Cloud API Integrations. For example, this feature can be leveraged for certificate updates, private key updates, or for renaming an existing integration. For more information, see Cloud API Integration Update Overview.
Fixes ⫘
Investigation Comments ⫘
Improvements to the commenting system in Investigations ensure users are correctly notified of any @ mentions.
Column Resizing ⫘
In some tables, when new data loaded during infinite scroll, column width preferences were reverting to default. Resized columns now persist.
Items Per Page ⫘
The Items per Page preference that you select on tables (i.e., changing from 25 to 100 items per page) now persists even if you navigate away from the page.
Scriptblock Events ⫘
Some scriptblock event details were not loading. This has been fixed.
Docs ⫘
Agent Migrator Script Updates ⫘
The PowerShell Agent Migrator script that aids in the migration from Red Cloak Endpoint Agent to Taegis Endpoint Agent has been updated. For more information, see Install Taegis Endpoint Agent Using PowerShell Script.
Secureworks® Taegis™ XDR 3.5 ⫘
Tuesday, September 3rd, 2024 ⫘
Features ⫘
Taegis™ IDR is now available ⫘
Taegis™ IDR is a software add-on module that helps improve your security posture by continuously monitoring for identity risks and misconfigurations while providing dark web intelligence on compromised credentials. With IDR, you will receive a list of prioritized findings and an Identity Risk Posture rating based on your current exposures within minutes of setup.
For more information, start with our Identity Overview and check out this new feature in app by selecting Identity in the navigation menu.
Secureworks® Taegis™ XDR 3.4.16 ⫘
Thursday, August 29th, 2024 ⫘
Features ⫘
Request to Fetch File for Analysis ⫘
From within Alerts and Events, you can now request to fetch file information which will populate in the relevant Alert details. For more information, see File Details.
Fixes ⫘
Data Sources Table Filters ⫘
In some environments, the Data Sources table filters did not filter according to the user's selection. This has been fixed.
Investigations Table Column Size Preference ⫘
The Investigations table column sizes would reset after a refresh when resized. This has been fixed.
Entity Graph Node Details Empty Upon Collapsing Table Drawer ⫘
When collapsing the table drawer for a selected node, the entity details appeared empty even after reselecting the node. This has been fixed.
Hostname Link in Entity ⫘
When selecting the hostname hyperlink within a host entity, an error would be returned. This has been fixed.
Advanced Search 'Time Ago' Calculation Incorrect ⫘
The 'Time Ago' column in Advanced Search was not properly calculating time. This has been fixed.
Docs ⫘
XDR Python SDK Proxy Configuration ⫘
Documentation detailing proxy configuration for Secureworks® Taegis™ XDR Python SDK is now available.
Secureworks® Taegis™ XDR 3.4.15 ⫘
Thursday, August 22nd, 2024 ⫘
Features ⫘
Microsoft Azure Flow Logs Integration ⫘
XDR can now ingest and normalize flow logs from Microsoft Azure Network Watcher. For more information, see the Flow Logs from Microsoft Azure Network Watcher Integration Guide.
Investigation Table Filters ⫘
Two new filters have been added to the Investigations summary table: Created and Updated. Use the date/time pickers to set a specific time or a range for matching investigations. For more information, see Filter Investigations.
Entity Enrichment ⫘
The panel that displays entity enrichment data on an investigation has been improved to better display larger data sets. For more information, see Entities.
Fixes ⫘
Deprecated Fields in Advanced Search Builder ⫘
Some saved searches that pre-date the Advanced Search Builder enhancements may contain deprecated fields. The Builder now alerts you if a field needs to be replaced. For more information, see Advanced Search Builder.
Docs ⫘
Audit Logs Graph ⫘
Documentation for the new Audit Logs stacked bar chart is now available.
Secureworks® Taegis™ XDR 3.4.14 ⫘
Thursday, August 15th, 2024 ⫘
Features ⫘
Trends Report is Now Available ⫘
The Trends Report, which displays trending insights on alerts, investigations, and data usage on demand, is now generally available. See Trends Report for more information.
Palo Alto Prisma Access Integration ⫘
XDR can now ingest and normalize data from Palo Alto Prisma Access. For more information, see the Palo Alto Prisma Access Integration Guide.
Fixes ⫘
Audit Log Chart Error ⫘
If no results are found in an Audit Log search, the chart would display an error. This has been fixed.
Investigation Filter Error ⫘
Searching for specific assignees on the Investigations page would sometimes yield no results. This has been fixed.
Docs ⫘
Python SDK Query Updates ⫘
Updated sample queries are now available on the Python SDK Queries page.
Investigations v2 API Updates ⫘
Updates are available for the Investigations v2 API documentation and the Investigations v1 API has been marked as Legacy.
Secureworks® Taegis™ XDR 3.4.13 ⫘
Thursday, August 8th, 2024 ⫘
Features ⫘
Abnormal Inbound Email Security Integration Added ⫘
XDR can now ingest and normalize data from Abnormal Inbound Email Security. For more information, see the Abnormal Inbound Email Security Integration Guide.
Azure Storage Account Integration Added ⫘
XDR can now ingest and normalize data from Azure Storage Account. For more information, see the Microsoft Azure Storage Account Integration Guide.
New Transport Methods Available ⫘
Two new transport methods that can be used for custom data source integrations are now available: HTTP Ingest and S3 Ingest - Secureworks-Managed. For more information, see Custom Transport Methods.
Additional Investigation Type ⫘
A new Informational investigation type is now available to categorize investigations used only to communicate information. For more details, see Investigation Type.
Fixes ⫘
Alerts Not Updating on Endpoint Details Refresh ⫘
The Refresh action on Endpoint details pages was not updating the alerts table. This has been fixed.
Investigations Filters Not Working in Preview ⫘
A bug has been fixed where certain filters on the Investigations page were not working in Preview mode.
Red Cloak Endpoint Agent Isolation Status Incorrect ⫘
In some instances, the isolation status for Red Cloak Endpoint Agents was stuck in an incorrect state. This has been fixed.
Docs ⫘
Using the Notifications API ⫘
Documentation has been added that reviews how to update notification preferences of other users via API. For more information, see Using the Notifications API.
Troubleshoot Blocked User Account Issues ⫘
Guidance for troubleshooting blocked XDR user accounts is now available.
Professional Services Custom Automation Services ⫘
A new document reviewing the Secureworks® Professional Services team's Custom Automation Services is now available. For more information, see Custom Automation Services.
Secureworks® Taegis™ XDR 3.4.12 ⫘
Thursday, August 1st, 2024 ⫘
Features ⫘
Playbook Executions Graph Enhancements ⫘
The Playbook instance details graph is now presented in a bar chart, includes additional execution states ('started,' 'timed out,' 'canceled'), features updated color coding for 'timed out' executions, and displays whole numbers on the y-axis. For more information, see Playbook Executions.
Fixes ⫘
Investigations Filters Not Working ⫘
On the Investigations page, the Creator and Assignee filters were not working as expected. This has been fixed.
Incorrect Response Times in XDR Trends Report ⫘
In the XDR Trends report, response times were displayed incorrectly. This has been fixed.
Docs ⫘
Data Source Integration Enhancements ⫘
Integration documentation has been enhanced with better presentation of all available options to integrate your data sources into XDR:
- Within the Integrate with XDR folder in the docs side navigation, the Forward Data to XDR folder has been renamed Add Data Sources.
- Within Add Data Sources, a new Custom Integrations folder has been added with docs that review available custom transport methods that can be used for custom integrations.
- New folders have been added for docs for each main cloud provider: AWS, Azure, and Google Cloud Platform (GCP).
- A new section has been added to the Glossary with terms related to integrating data sources.
For more information on integrating data sources, see Data Sources in the Integration Overview.
Secureworks® Taegis™ XDR 3.4.11 ⫘
Thursday, July 25th, 2024 ⫘
Fixes ⫘
Custom Dashboards Export Data ⫘
The ability to export data for Custom Dashboards in CSV or JSON was missing. This has been fixed.
Alert Volume by Sensor Type Report Fix ⫘
For certain report types, no data would be shown even when data is available. This bug has been fixed.
Docs ⫘
PowerBI for XDR Updates ⫘
The guide for using PowerBI for XDR has been updated with new features. Further, important fixes are available in the latest version of the Power BI integration for XDR. For more information, see the Power BI for XDR changelog for full change details.
Secureworks® Taegis™ XDR 3.4.10 ⫘
Wednesday, July 17th, 2024 ⫘
Features ⫘
Create Multi-Event Queries with Advanced Search Builder ⫘
Advanced Search Builder now supports multi-event queries, enabling more robust data analysis and reporting from Builder. For more information, see Advanced Search Builder.
Secureworks® Taegis™ ManagedXDR Plus ⫘
ManagedXDR Plus is now available as a new service level option of ManagedXDR. For more information, see Secureworks® Taegis™ ManagedXDR Plus.
Bulk Remove Tags from Endpoints ⫘
You can now bulk remove tags from one or more endpoints at once from the Endpoint Agents Summary table. For more information, see Bulk Remove Tags from Multiple Endpoints.
Docs ⫘
Microsoft Graph Security Alerts and Entra Risk Detection Integration Guides ⫘
Two new guides have been created for the Microsoft Entra Risk Detection and Microsoft Graph Security Alerts integrations.
Enterprise SSO Updated ⫘
The Enterprise SSO doc has been updated to account for changes to the testing functionality.
Secureworks® Taegis™ XDR 3.4.9 ⫘
Thursday, July 11th, 2024 ⫘
Features ⫘
Improved Mobile App Table View ⫘
The improved Mobile App table view on the Alerts and Investigations pages has left Preview mode and is now generally available. For more information, see Optimize the XDR Mobile App View.
Taegis XDR Trends Report Template ⫘
For users opted in to Preview mode, you can now create an XDR Trends Report of aggregate data on investigations, alerts, and data usage from a predefined template. For more information, see XDR Trends Report.
Automated Enrichment via Playbooks ⫘
Enrichment Actions can now be configured to connect external tools to pull in additional information into Alerts or Investigations. Further, custom playbooks can be built and leveraged for data enrichment to perform external analysis such as using ChatGPT to explain elements of an investigation or alert using customized prompts. See this Knowledge Base article for configuration steps.
Fixes ⫘
Entity Graph Alert Selection ⫘
Manually selecting Entities and Relationships would automatically select Alerts too even if not manually selected. This has been fixed to reflect the expected behavior.
Docs ⫘
Integrate Qualys with VDR for Ingest into XDR's Vulnerabilities Feature ⫘
VDR can ingest Qualys data that will populate Vulnerability information in XDR when applicable. More information is here and the set up guide is here.
Secureworks® Taegis™ XDR 3.4.8 ⫘
Thursday, June 27th, 2024 ⫘
Features ⫘
Entity Graph Now Available ⫘
Entity Graph is now generally available to all users. This powerful addition to our XDR platform provides enhanced visibility with a live, visual representation of entity relationships. Explore related entity activity and add relevant alerts and events to investigations to simplify investigative and decision-making processes. For more information, see Explore an Investigation in Detail with Entity Graph.
Microsoft Azure Data Sources Added ⫘
XDR can now ingest and normalize data from Azure Firewall, Azure Front Door, and Azure Application Gateway via Azure Event Hubs.
Taegis Endpoint Agent Maintenance Windows ⫘
Maintenance windows, now generally available, allow you to limit when automatic updates for the Taegis Endpoint Agents assigned to a group could occur. For more information, see Maintenance Windows.
Fixes ⫘
Custom Alerts on Endpoint Agents ⫘
The alerts table of an endpoint agent details page did not display custom alerts in the list as expected. This has been fixed.
Roles & Permissions Exports ⫘
Exported CSV and XLS files from the Roles & Permissions page were not formatted clearly. This has been fixed.
Unknown Hostnames in Reports ⫘
There was a discrepancy in the Alert Summary Report between the count of alerts generated from an unknown hostname and the count of the alerts whose hostname is NULL. This has been fixed.
Secureworks® Taegis™ XDR 3.4.7 ⫘
Thursday, June 20th, 2024 ⫘
Features ⫘
Improved Mobile App Table View ⫘
For users opted in to Preview mode using the Mobile App, a new option has been added to tables on the Alerts and Investigations pages to better present this data on mobile device screens. For more information, see Optimize the XDR Mobile App View.
Docs ⫘
Professional Services API Reporting ⫘
The Secureworks® Professional Services team have released a new offering to support unique reporting needs via the XDR API's. For more information, see API Reporting.
Fixes ⫘
UserID Alert Entity Enhancements ⫘
Thirdparty
Alerts containing aUserID
field will now populate aUserID
Alert entity instead of theuserName
entity.- Username event fields will no longer populate multiple username Alert entities, and instead populate only the corresponding Source or Target type.
@user Logical Type Improvements ⫘
The @user
logical type will now cover sourceUsername
and targetUsername
fields across relevant schemas.
Investigation Comments via API ⫘
Investigation comments pulled via API displayed random characters. This has been fixed.
User Admin Summary Report Fixes ⫘
The User Admin Summary report now displays the roles of active users, and correctly displays deactivated users as inactive.
ManagedXDR Dashboard Initial Access Vectors Value ⫘
The ManagedXDR Dashboard Initial Access Vectors widget displayed odd results and values. This has been fixed.
Secureworks® Taegis™ XDR 3.4.6 ⫘
Thursday, June 13th, 2024 ⫘
Features ⫘
Taegis Endpoint Agent Maintenance Windows ⫘
For users opted in to Preview mode, you can now create maintenance windows to limit when automatic updates for the agents assigned to a group could occur. For more information, see Maintenance Windows.
Taegis Endpoint Agent Tamper Protection ⫘
For users opted in to Preview mode and with a supported agent version, Tamper Protection adds a layer of security around the manual removal of agents from user systems. For more information, see Tamper Protection.
Docs ⫘
Amazon AWS Lambda Update Guide ⫘
A new guide provides instructions for updating the XDR Lambda function used in integrations such as Amazon AWS. For more information, see Amazon AWS Lambda Update.
Fixes ⫘
Automated Calls for High-Severity Investigations ⫘
Some high-severity investigations did not trigger automated call alerts as expected. This has been fixed.
Closed Investigation Alert Labels ⫘
After closing an investigation, some related alerts were not accurately labeled according to the documentation. This has been fixed.
Report Creator Name ⫘
The creator's name wasn’t appearing on some reports. This has been fixed.
Microsoft Graph API Connection ⫘
The “Test” button was missing from the Microsoft Graph API connection Config section. This has been fixed.
Secureworks® Taegis™ XDR 3.4.5 ⫘
Thursday, June 6th, 2024 ⫘
Features ⫘
VDR Integration with XDR ⫘
We are excited to announce the integration of Secureworks® Taegis™ VDR into XDR. This feature enables the integration of vulnerability data from VDR through the VDR scanner, or other supported tools such as Qualys, in the following areas of XDR. Select the link to view more details.
- Vulnerability Management Page
- Alert Details Vulnerabilities Tab
- Endpoint Agents Summary Table
- Endpoint Agents Detailed View
Fixes ⫘
Incorrect Data Source Link ⫘
Selecting a data source from the Health section of Data Collector details would sometimes lead to an incorrect source. This has been fixed.
Secureworks® Taegis™ XDR 3.4.4 ⫘
Thursday, May 30th, 2024 ⫘
Features ⫘
Stolen User Credentials and Impossible Travel Detectors ⫘
The Stolen User Credentials and Impossible Travel Detectors are now available in XDR and supersede the previous Stolen Credentials Detector. For more information, see Stolen User Credentials and Impossible Travel.
Fixes ⫘
Bar Chart Report Errors ⫘
Certain reports with stacked bar charts sometimes showed an "Unknown" error. This has been fixed.
Entity Graph Improvements ⫘
Several fixes and enhancements are now available for Entity Graph, which is in the Preview release ring.
- A slight delay would occur when adding items to an investigation that affected Entity Graph's display. This has been fixed.
- Overlapping labels have been optimized in the Entity Graph display.
- Entity node name truncation displays have been optimized.
- Entity node tabs would sometimes show the previously selected node's information. This has been fixed.
Taegis Endpoint Agent File Analysis Status ⫘
The File Analysis feature would show as enabled even when disabled. This has been fixed.
NDR Devices List View ⫘
NDR Devices would show in card view but not in list view. This has been fixed.
Secureworks® Taegis™ XDR 3.4.3 ⫘
Thursday, May 23rd, 2024 ⫘
Features ⫘
Affected Agents Date Range ⫘
On the Alert Details page, the Affected Agents section now only shows agents that have seen activity within 90 days of the alert’s creation. For more information, see Alert Details Summary Tab.
Vulnerability Management ⫘
For XDR tenants that also subscribe to Secureworks® Taegis™ VDR, a new Vulnerability Management page presents vulnerabilities observed by VDR on endpoints in XDR. For more information, see Vulnerability Management.
Docs ⫘
Virtual NDR Integration Guide ⫘
A new guide for installing and registering virtual NDR Devices is now available. For more information, see the Virtual NDR Integration Guide.
Secureworks® Taegis™ XDR 3.4.2 ⫘
Thursday, May 16th, 2024 ⫘
Fixes ⫘
Domain Filtering on Alerts ⫘
The Alerts page was not displaying alerts filtered by domain. This has been fixed.
Suppression Rules Missing Criteria ⫘
When creating Suppression Rules, specific criteria was missing. This has been fixed.
Suppressing Taegis Watchlist Alert Errors in Japanese UI ⫘
Using Taegis Watchlist detector as Suppression Rule criteria in the Japanese UI would present an error. This has been fixed.
Data Export from My Dashboards with no Data ⫘
Exporting data from a My Dashboards custom dashboard with no widget will now issue a warning.
Docs ⫘
Revamped Getting Started Section ⫘
Getting Started documentation has been revamped with improvements. Get Started with XDR has been renamed to Getting Started and updated with new details. New Navigation and Taegis Help Resources pages now feature in the Getting Started section.
Secureworks® Taegis™ XDR 3.4.1 ⫘
Thursday, May 9th, 2024 ⫘
Features ⫘
Automation Actions Friendly Names ⫘
Automation and APIs play a crucial role in the Taegis platform by streamlining processes and eliminating repetitive tasks. When records are modified within the Taegis platform by configured Automation playbooks rather than a logged-in user, the change details are now captured as friendly identity names in the Created By and Updated By fields to represent Automation actions. These changes will be rolled out incrementally across the platform over the next two months. For more information, see Friendly History Field Names.
Include Disabled Playbooks Toggle ⫘
The Playbooks table now excludes disabled playbooks from view by default. To return them to view, select the Include Disabled toggle above the table. For more information, see Configured Playbooks.
Fixes ⫘
Missing Actions on Alert Details Events Tab ⫘
The options to add events to a new or existing investigation were missing from the actions menu in the Events tab of Alert Details. This has been fixed.
Docs ⫘
Common Expression Language Macros ⫘
The documentation for Common Expression Language (CEL) macros used in Automations has been updated with additional macros.
Secureworks® Taegis™ XDR 3.4 ⫘
Wednesday, May 8th, 2024 ⫘
Features ⫘
iSensor Is Now Taegis NDR ⫘
Taegis™ NDR is a network detection and response solution that represents an evolution of iSensor and seamlessly integrates with XDR to provide a comprehensive approach to threat prevention and response. With this change:
- You will start to see the name Taegis™ NDR in place of iSensor starting on May 8.
- While we have new features and will continue to add more, there are no changes to your current contract or pricing.
- Your current network-based protection will not be disrupted and there are no steps that you need to take.
Be sure to keep an eye out for more exciting news as we add even more capabilities to Taegis™ NDR. For more information, see Taegis™ NDR Overview.
Edit NDR Device Variables ⫘
You can now edit the HOME_NET, EXTERNAL_NET, and HTTP_PORTS variables on your NDR Devices. For more information, see Manage NDR Devices Customization Tab.
Secureworks® Taegis™ XDR 3.3.14 ⫘
Thursday, May 2nd, 2024 ⫘
Features ⫘
XDR Integration with VDR ⫘
For tenants that subscribe to both XDR and VDR, the new Vulnerabilities tab now appears in Alert Details when vulnerabilities are observed by VDR on the corresponding endpoint. For more information, see Vulnerabilities Tab.
Microsoft Azure Event Hubs Integration Added ⫘
XDR can now ingest and normalize data from Microsoft Azure Event Hubs. For more information, see the Microsoft Azure Event Hubs Integration Guide.
Office 365 Management API Government Community Cloud (GCC) Integration Added ⫘
XDR can now ingest and normalize data from Office 365 Management API Government Community Cloud (GCC). For more information, see the Office 365 Management API Government Community Cloud (GCC) Integration Guide.
Connection Audit Logs ⫘
Configured connections now include a History tab containing an audit log of updates made to and actions taken on the connection. For more information, see View Connection Audit Logs.
Clone a Connector ⫘
You can now clone an existing automations connector. For more information, see Clone a Connector.
View Archived Investigations ⫘
When you choose to view archived investigations in the summary table, new status cards now show a count of archived investigations, closed investigations, and dismissed investigations. For more information, see Archived Investigations.
Alerts by Detector ⫘
On the Alerts Triage Dashboard, the Alerts by Detector widget is now organized by count. For more information, see Alerts by Detector.
Docs ⫘
Power BI for XDR Guide ⫘
A new document that reviews how to use Microsoft Power BI to summarize and visualize data from XDR is now available. For more information, see Power BI for XDR.
Fixes ⫘
Older Saved Searches ⫘
The share links for some older saved searches were not working. This has been fixed.
Secureworks® Taegis™ XDR 3.3.13 ⫘
Thursday, April 25th, 2024 ⫘
Features ⫘
Updated Advanced Search Builder Experience ⫘
Advanced Search Builder has been enhanced with an intuitive data selection process, easy to build and understand boolean logic groups, and an effortless criteria-building experience. The Builder also now displays your query in Builder format as well as Query Language format as a visual aid to gain more experience with the Query Language. For more information, see Advanced Search Builder.
Cisco Duo Integration Added ⫘
XDR can now ingest and normalize data from Cisco Duo. For more information, see the Cisco Duo Integration Guide.
Imperva Cloud WAF Integration Added ⫘
XDR can now ingest and normalize data from Imperva Cloud WAF. For more information, see the Imperva Cloud WAF Integration Guide.
Fixes ⫘
Link to VirusTotal Missing ⫘
A link to open indicator information in VirusTotal was missing from the Threat Intelligence tab of Alert details. This has been fixed.
Additional Data Copied when Double Clicking Fields ⫘
When double clicking certain fields to copy the text, additional data was being copied. This has been fixed.
Docs ⫘
CrowdStrike Integration Guide Updated ⫘
Additional guidance for configuring a Falcon Data Replicator (FDR) feed to enable integration with XDR has been added to the CrowdStrike Integration Guide.
Secureworks® Taegis™ XDR 3.3.12 ⫘
Thursday, April 18th, 2024 ⫘
Fixes ⫘
Archived Investigations Retrieval Error ⫘
There was an error displaying archived investigations with certain filters. This has been fixed.
Playbook Execution Error Message ⫘
The error message for playbook execution failures did not display correctly under certain conditions. This has been fixed.
Report Date Correction ⫘
In some reports, the report generated date was incorrect. This has been fixed.
Alert JSON Status Fix ⫘
The alert status displayed incorrectly in an alert’s JSON view. This has been fixed.
Reporting Language ⫘
On certain reports, the selected language was not presented as requested. This has been fixed.
Secureworks® Taegis™ XDR 3.3.11 ⫘
Thursday, April 11th, 2024 ⫘
Features ⫘
Third-Party Tickets on Investigations ⫘
The Investigations summary table has a new column, Ticket, displaying the ticket number from a third-party vendor, such as ServiceNow. For more information, see Filter Investigations.
Fixes ⫘
Failure to Open iSensor Details ⫘
XDR was experiencing issues opening iSensor details from the Data Sources table. This has been fixed.
Response Actions ⫘
The drop-down list of Response Actions on Endpoint Agents is now sorted alphabetically.
Pivot Searches ⫘
Some pivot searches used the wrong schema for destination_url, which broke advanced search results. This has been fixed.
Secureworks® Taegis™ XDR 3.3.10 ⫘
Thursday, April 4th, 2024 ⫘
Features ⫘
Report Language Selection ⫘
When defining a report, you can select from a choice of English and Japanese at the last step. For more information, see Create Reports from a Template.
Playbook History Tab Renamed to Executions ⫘
The History tab on a playbook details page has been renamed the Executions tab. For more information, see Playbook Executions.
Playbook Audit Logs ⫘
Playbook instances now include a History tab containing an audit log of playbook updates and executions. For more information, see View Configured Playbook Audit Logs.
Suppression Rule Status Selection ⫘
When creating Suppression Rules, you can now define other statuses in addition to Suppressed. For more information, see Alert Suppression Rules.
Akamai Guardicore and API Protector Integration Added ⫘
XDR can now ingest and normalize data from Akamai Guardicore Segmentation. For more information, see the Akamai Guardicore Integration Guide.
Fixes ⫘
Playbook Version Ordering ⫘
When viewing playbook template versions, they were frequently unordered. This has been fixed.
Playbook Template Documentation Tab ⫘
Playbook templates now have a dedicated Documentation tab making playbook documentation easier to locate.
File Details Page not Displaying Details ⫘
When running a pivot search on a filehash, nothing was displayed in the File Details page. This has been fixed.
Secureworks® Taegis™ XDR 3.3.9 ⫘
Thursday, March 28th, 2024 ⫘
Features ⫘
View Alert Details ⫘
When viewing a table of alerts, such as in search results or from a dashboard, you can now open an alert detail in the same browser tab by selecting the alert’s title. The option to open it in a new tab is still available via the icon . For more information, see Alert Details.
Copy Link to Playbook Template Version ⫘
You can now copy a share link for a specific version of a playbook template. For more information, see Share a Playbook Template Version.
Automatic Mentions in Investigation Comments ⫘
When replying to a comment that used an @ mention on an investigation, the new comment automatically starts with an appropriate @ mention to ensure the party receives a notification. This automatic mention can be removed if unwanted. For more information, see Add Comments to an Investigation.
Enhanced Investigation Workflow ⫘
The enhanced experience when adding evidence to existing investigations and creating new investigations throughout XDR is now available to all users. For more information, see Start and Add to Investigations.
Export Dashboard and Widget Data ⫘
All users can now export dashboard and widget data to CSV and JSON files. For more information, see the Export Options section on Alert Triage, Security Posture, ManagedXDR, and My Dashboards.
Fixes ⫘
Data Collector Performance Tab ⫘
Users of our Japanese UI were experiencing issues with the date/time picker on the Data Collector Performance tab. This has been fixed.
Secureworks® Taegis™ XDR 3.3.8 ⫘
Friday, March 22nd, 2024 ⫘
Fixes ⫘
Pivot Search Fetch Error ⫘
Event and alert pivot searches by sensor ID were returning errors. This has been fixed.
Tag Removal Emails ⫘
A bug generating tag removal emails has been fixed.
Docs ⫘
Professional Services Overview ⫘
The Secureworks® Professional Services team is here to help you realize the full potential from your XDR investment if a higher level of support is desired. Our highly skilled consultants can help you deploy faster, optimize quicker, and accelerate your time to value. For more information, see Professional Services Overview.
Secureworks® Taegis™ XDR 3.3.7.1 ⫘
Tuesday, March 19th, 2024 ⫘
Features ⫘
Universal Login for XDR ⫘
Enhancements to the login experience for XDR are now available to all users. For more information, see Log In to XDR.
Secureworks® Taegis™ XDR 3.3.7 ⫘
Thursday, March 14th, 2024 ⫘
Features ⫘
Enhanced Investigation Workflow ⫘
For users opted in to Preview mode, XDR now provides a consistent experience when adding evidence to existing investigations and creating new investigations throughout XDR. For more information, see Start and Add to Investigations.
Fixes ⫘
Alert Triage Dashboard Links ⫘
Some links on the Alert Triage Dashboard opened the Alerts table without the expected filters applied. This has been fixed.
Hash Pivot Search Results ⫘
The Agents tab has been removed from hash pivot search results, as viewing all hosts a particular hash is found on is not currently supported.
Docs ⫘
Google Cloud Platform Integration Guide Updated ⫘
The Google Cloud Platform Integration Guide has been updated with additional guidance for configuring log inclusion filters for Cloud Audit, VPC Flow, Google Kubernetes Engine (GKE) Dataplane V2, and Security Command Center Findings logs.
Overriding and Extending Global Parsers Documentation ⫘
Documentation has been added that reviews how to override and extend global parsers when working with Custom Parsers. For more information, see Overriding and Extending Global Parsers.
Secureworks® Taegis™ XDR 3.3.6 ⫘
Thursday, March 7th, 2024 ⫘
Features ⫘
Penetration Test Detector ⫘
The Penetration Test Detector, now available in XDR, identifies when a potential penetration test is ongoing. For more information, see Penetration Test Detector.
Akamai App and API Protector Integration Added ⫘
XDR can now ingest and normalize data from Akamai App & API Protector (formerly known as Kona Site Defender or Web Application Protector). For more information, see the Akamai App and API Protector Integration Guide.
Email Notification Language Preference ⫘
You can now set your language preference for email notifications to English or Japanese -日本語. For more information, see User Profile & Settings.
Entity Graph Relationships and Details Tabs ⫘
Entity Graph has been updated with a Relationships tab that displays a table of the relationships associated with the investigation, and a Details tab that displays entity, relationship, and alert details as you select these while exploring a graph. For more information, see Entity Graph.
Fixes ⫘
PDF Export Formatting ⫘
Inline and block code in investigation summaries were not rendering correctly in PDF exports. In addition, reports that use a horizontal stacked bar chart rendered unreadable in the PDF output. Both issues have been fixed.
Alerts Table Usability ⫘
A bug has been fixed where adding a large number of filters to the Alerts table resulted in the table becoming obscured from view and inaccessible.
Auto Investigation Descriptions Truncated ⫘
Longer descriptions for Auto Investigation templates were truncated in the card view and could not be fully viewed without opening the template. This has been fixed.
Endpoint Agent Details History ⫘
The “See History“ link on an Endpoint Agent details page works as expected now.
Alerts with 0.01 Severity ⫘
Alerts with 0.01 severity (Informational) were not displaying their severity levels properly. This has been fixed.
Alerts with Process Events ⫘
XDR performance has improved for alerts with 300+ related process events.
Alerts with Affected Agents ⫘
Some alerts did not show affected agents. This has been fixed.
Secureworks® Taegis™ XDR 3.3.5.2 ⫘
Thursday, February 29th, 2024 ⫘
Features ⫘
Cato Networks Integration Added ⫘
XDR can now ingest and normalize data from Cato Networks. For more information, see the Cato Networks Integration Guide.
Secureworks® Taegis™ XDR 3.3.5.1 ⫘
Thursday, February 22nd, 2024 ⫘
Features ⫘
Windows Taegis Endpoint Agent Advanced Kernel Telemetry Setting ⫘
The Advanced Kernel Telemetry setting for Windows Taegis Endpoint Agents is now disabled by default both at a tenant level and in new groups to prevent compatibility issues on Windows endpoints with other security products. You can now configure this setting at a tenant level in Agent Settings and at a group level in Group Configuration.
Cloudflare Integration Added ⫘
XDR can now ingest and normalize data from Cloudflare. For more information, see the Cloudflare Integration Guide.
Secureworks® Taegis™ XDR 3.3.5 ⫘
Thursday, February 15th, 2024 ⫘
Features ⫘
Automations Connections Redesign ⫘
Automations > Connections in XDR has been renamed to Automations > Connectors. The page has also been redesigned to streamline configured connections in a Connections tab and connector templates in a Connector Library tab. For more information, see Configured Connections and Connector Library.
Export Dashboard and Widget Data ⫘
For users opted in to Preview mode, you can now export dashboard and widget data to CSV and JSON files. For more information, see the Export Data section on Alert Triage, Security Posture, ManagedXDR, and My Dashboards.
Fixes ⫘
Date Picker Custom Range Not Scrolling ⫘
The Custom Range tab of date pickers throughout XDR were not scrolling correctly. This has been fixed.
Pasting into Suppression Rule Fields Overwriting Content ⫘
Pasting text into certain fields when configuring a suppression rule was overwriting all content already present in the field. This has been fixed.
Docs ⫘
Log In to Secureworks® Taegis™ XDR Updated ⫘
The login instructions have been updated to reflect changes for users opted in to Preview mode, which will soon become the default login experience.
Secureworks® Taegis™ XDR 3.3.4.1 ⫘
Tuesday, February 13th, 2024 ⫘
Features ⫘
Google Cloud Platform Integration Added ⫘
XDR can now ingest and normalize data from Google Cloud Platform (GCP). For more information, see the Google Cloud Platform Integration Guide.
Nozomi Guardian Integration Added ⫘
XDR can now ingest and normalize data from Nozomi Guardian for tenants with Taegis™ XDR for OT. For more information, see the Nozomi Guardian Integration Guide.
Secureworks® Taegis™ XDR 3.3.4 ⫘
Thursday, February 8th, 2024 ⫘
Features ⫘
XDR Mobile App ⫘
A new mobile experience for XDR users is now available. For a feature overview video and installation information, see XDR Mobile App.
iSensor Change Management Report Template ⫘
Customers with iSensors can now create iSensor Change Management Reports that display detailed information about signature and ruleset updates made for each iSensor. For more information, see iSensor Change Management Report.
Investigations Table Filters Menu Preference ⫘
The investigations table now stores the open and close state of the filters menu as a user preference when you navigate from the page. For more information, see Filter Investigations.
Secureworks® Taegis™ XDR 3.3.3 ⫘
Thursday, February 1st, 2024 ⫘
Features ⫘
Custom Alerts and Filter Options Renamed ⫘
On the Alert Triage Dashboard and Alerts page, My Alerts are now named Custom Alerts and Alert Options is now called Include Options. Additionally, the labels within Include Options have been updated and a tooltip is now included. Note that previous preferences for Include Options will not persist. Toggle the options to re-save your preferences. For more information, see Alert Triage Dashboard and Filter for Alerts.
Threat Score Added to Alerts Table of Entity Graph ⫘
For users opted in to Preview mode, the Alerts table within Entity Graph has been updated with a column for Threat Score. For more information, see Entity Graph Alerts Tab and Threat Score.
Automations Connections Redesign ⫘
In a coming release, Automations > Connections in XDR will be renamed to Automations > Connectors. The page will also be redesigned to streamline configured connections in a Configured tab and connector templates in a Templates tab of one page. This will replace the current separate Connector Library location of templates. This change is currently scheduled for February 15th. For more information, see Configured Connections and Connector Library.
Docs ⫘
Windows Taegis Endpoint Agent Known Compatibility Issues ⫘
Taegis Endpoint Agent Known Issues has been updated with information on the interoperability of the Windows agent with other security products.
Secureworks® Taegis™ XDR 3.3.2 ⫘
Thursday, January 25th, 2024 ⫘
Features ⫘
Data Collector Performance and Maintenance Tabs ⫘
Data Collector details now include two new tabs. The Performance tab presents insightful data about the collector throughput and overall performance. The Maintenance tab presents information on upcoming and completed service maintenance and the ability to configure a maintenance window that fits your schedule for future maintenance. For more information, see Manage Data Collectors.
Archive and Restore Multiple Investigations ⫘
The ability to archive and restore multiple investigations at once has been added to the Investigations table. For more information, see Archive Investigations and Restore Archived Investigations.
View Tags on Investigations Table ⫘
A Tags column is now available to add to the Investigations table to quickly view the tags that have been added to each investigation. For more information, see Filter Investigations.
Create Advanced Suppression Rules from Query Language ⫘
For users opted in to Preview mode, advanced suppression rules can now be created to match on an alert's underlying event data using Query Language, leveraging elements such as process.commandline
, process
, parent_image_path
, and other event schemas. For more information, see Alert Suppression Rules.
Fixes ⫘
Endpoint Agent Details Alerts Not Loading ⫘
Alerts were not loading in the Endpoint Agent detailed view. This has been fixed.
Archived Investigations Incorrectly Displaying in Table ⫘
Older archived investigations were displaying in the Investigations table with the Only Show Archived filter toggled off. This has been fixed.
Share Links for Alert Suppression and Custom Alert Rules Not Working ⫘
Share links for alert suppression and custom alert rules were redirecting to the landing page rather than the rule. This has been fixed.
Docs ⫘
New User Walkthrough Added to Taegis Endpoint Agent Introduction ⫘
The Taegis Endpoint Agent Introduction has been redesigned to include a new user walkthrough to guide your experience with the agent and assist with installation, troubleshooting, and use of the Taegis Endpoint Agent.
Windows Taegis Endpoint Agent Migrator PowerShell Script Updated ⫘
The PowerShell script for Windows agent installations has been updated at Install Windows Taegis Endpoint Agent Using PowerShell Script.
Secureworks® Taegis™ XDR 3.3.1 ⫘
Thursday, January 18th, 2024 ⫘
Features ⫘
Windows Taegis Endpoint Agent Migrator PowerShell Script ⫘
A PowerShell script that automates the validation of prerequisites for the Windows Taegis Endpoint Agent is now available. The script can be used for migrations from Red Cloak™ Endpoint Agent to Taegis Endpoint Agent, or for brand new installations. For more information, see Install Windows Taegis Endpoint Agent Using PowerShell Script.
Windows Taegis Endpoint Agent Advanced Kernel Telemetry Setting ⫘
For users opted in to Preview mode, Advanced Kernel Telemetry for Windows Taegis Endpoint Agents can now be disabled at the tenant level if you are experiencing compatibility issues with third-party security products. For more information, see Agent Settings.
Secureworks® Taegis™ XDR 3.3 ⫘
Thursday, January 11th, 2024 ⫘
Features ⫘
Enhanced Investigations Table ⫘
The Investigations table in XDR has been redesigned with streamlined navigation, enhanced filters, and quick access actions. For more information, see Work an Investigation.
Entities Added to Investigation Evidence Tab ⫘
The investigation details Evidence tab now includes an Entities sub-tab with a table of involved entities that provides the ability to view entity details and take response actions. For more information, see Investigation Evidence.
CSV Exports Renamed Data Exports ⫘
The CSV Exports page in XDR has been renamed to Data Exports. For more information, see Data Exports.
Fixes ⫘
Entities Persisted in Alert Preview Side Panels ⫘
Some entities displayed in alert preview side panels were persisting to subsequent alert previews opened from the table in the background without closing the initial alert first. This has been fixed.
Investigation PDF Export Formatting Issue ⫘
A bug has been fixed where investigation PDF exports were truncating certain sections and tables.
Incorrect iSensor Registration Status ⫘
A bug causing iSensor registration statuses to incorrectly display as expired has been fixed.
Incorrect Endpoint Response Actions ⫘
Response actions were appearing in the actions menu of endpoint summary views for incorrect endpoint types. This has been fixed.
Secureworks® Taegis™ XDR 3.2.42 ⫘
Thursday, December 14th, 2023 ⫘
Features ⫘
User Profile & Settings Redesigned and Enhanced ⫘
User Profile & Settings in XDR has been updated with a two-column layout, collapsable sections, and the addition of options to set a landing page in XDR and to reset all your preferences. For more information, see User Profile & Settings.
Renew Taegis Endpoint Agent Registration Keys ⫘
Taegis Endpoint Agent registration keys are designed to provide secure and controlled access to the Taegis Endpoint Agent. The registration key expiration is used to enhance the security of our agent and protect it from unauthorized use. In addition to viewing the registration key and expiration from Group Configuration in XDR, you can now manually renew a key. For more information, see Registration Keys.
Endpoint Agents Cloud Provider Indicators ⫘
For users opted in to Preview mode, the Endpoint Agents Summary table now includes an icon next to hostnames of endpoints that are identified as cloud assets to indicate the cloud provider. For more information, see Identify Cloud Instances.
Taegis Endpoint Agent Auto Archive Setting ⫘
Auto Archive for Taegis Endpoint Agents can now be configured at the tenant level in addition to group level. For more information, see Agent Settings.
Related Investigations Added to Alert Details ⫘
The Insights tab of alert details now includes a section of open and closed investigations related to entities associated with the displayed alert. For more information, see Related Investigations.
Secureworks® Taegis™ XDR 3.2.41 ⫘
Thursday, December 7th, 2023 ⫘
Features ⫘
Alert Threat Score ⫘
Threat Score has left Preview mode and is now generally available. For more information, see Threat Score.
Export Data from Report Templates to CSV and JSON ⫘
You can now generate a CSV and/or JSON file that contains the non-aggregated data with the PDF for report templates. For more information, see Create Reports from a Template.
Fixes ⫘
Hostnames Persisted in Alert Preview Side Panels ⫘
Hostnames displayed in alert preview side panels were persisting to subsequent alert previews opened from the table in the background without closing the initial alert first. This has been fixed.
Data Collector Health Graph Timestamps ⫘
Data Collector Health graph timestamps were not reflecting the time zone preference set in User Profile & Settings. This has been fixed.
Secureworks® Taegis™ XDR 3.2.40 ⫘
Friday, December 1st, 2023 ⫘
Features ⫘
Alert Threat Score ⫘
For users opted in to Preview mode, Threat Score is a new contextually aware priority value assigned to alerts by the patent-pending Taegis™ Prioritization Engine. The score ranges from 0 - 10 with a higher score representing a higher risk to your organization. For more information, see Threat Score.
Manage iSensors ⫘
You can now view your organization’s current integrated iSensors, monitor their health, and manage their rules and registration on the iSensor page. For more information, see Manage iSensors.
Custom Reports Search Query ⫘
Custom reports created from an advanced search now include the search query in an appendix of the report PDF to more easily identify the data being reported. For more information on Custom Reports, see Configure Custom Reports.
Fixes ⫘
Incorrect Data in XDR User Admin Summary Report ⫘
Some XDR User Admin Summary Reports included active users in the Inactive Users section and did not show users that were deactivated in the Registration Status Changes section. These issues have been fixed.
Criteria for Suppression Rule Not Populating ⫘
A bug has been fixed where the Suppression Rule criteria list was intermittently not populating when creating a rule directly from an alert.
MITRE Mapping Not Presented ⫘
Some alerts with MITRE information present in the JSON of the alert did not present that MITRE info in the XDR UI or reports. This has been fixed.
Secureworks® Taegis™ XDR 3.2.39 ⫘
Thursday, November 16th, 2023 ⫘
Features ⫘
Manage iSensors ⫘
For users opted in to Preview mode, you can now view your organization’s current integrated iSensors, monitor their health, and manage their rules and registration on the iSensor page. For more information, see Manage iSensors.
Excessive Playbook Executions Notification ⫘
You can now enable notifications for excessive playbook executions from your User Profile & Settings. For more information, see Notification Preferences.
Fixes ⫘
Scheduled Reports Not Executing ⫘
In certain situations, scheduled reports did not run on the correct date. This has been fixed.
Docs ⫘
Lambda Migration ⫘
Documentation has been added with instructions for updating the Secureworks® Taegis™ XDR Lambda function used in Amazon integrations. For more information, see Lambda Migration.
Provided Data from Integrations ⫘
The tables of provided data from integrations on Capabilities at a Glance have been updated. For more information, see Provided Data from Integrations.
Secureworks® Taegis™ XDR 3.2.38 ⫘
Thursday, November 9th, 2023 ⫘
Features ⫘
Entity Graph Now Available ⫘
For users opted in to Preview mode, you can now access Entity Graph, a powerful addition to our XDR platform that provides enhanced visibility. The Entity Graph offers a live, visual representation of entity relationships, simplifying security investigations and decision-making processes. For more information, see Explore an Investigation in Detail with Entity Graph.
Investigation Enhancements ⫘
For users opted in to Preview mode, a new Entities sub-tab is now available under the Evidence tab allowing you to view details and respond to individual entities that are part of an investigation. The audit history has been moved to a new top-level History tab along with the Timeline view. For more information, see Investigation Evidence and Investigation Timeline.
Fixes ⫘
Unsortable Columns in Investigations Table ⫘
Columns in the Investigations table that do not support sorting can no longer be clicked as if they do.
Docs ⫘
Security Posture Dashboard Event Pipeline Widget ⫘
Documentation regarding the date range used for the data populating the Event Pipeline widget has been updated. For more information, see Event Pipeline.
Secureworks® Taegis™ XDR 3.2.37 ⫘
Thursday, November 2nd, 2023 ⫘
Features ⫘
Legacy Response Actions to be Removed ⫘
Legacy response actions have been replaced by playbook-driven actions. After configuring these actions via playbooks, the legacy response actions such as Disable User, Isolate Host and Disrupt Process for Red Cloak, and Block IP for iSensor, are no longer available. These legacy actions will be removed beginning November 6, 2023. While most customers have already adopted the playbook-based response actions, we wanted to provide notification for customers that have not yet adopted the new response actions. Please ensure you have configured response action playbooks for your environment prior to November 6 to assure no interruptions. For more information about response actions, see the Automations Documentation.
Fixes ⫘
Issues with Events Export to CSV from Alerts ⫘
The CSV export of events from an alert did not include all columns and contained improperly formatted data. This has been fixed.
Advanced Search for Fields Containing Hostname ⫘
When running an advanced search query with an event field containing the word hostname, an incorrect Looking up hostname(s) message displayed. This has been fixed.
Enterprise SSO Draft Connections Not Editable ⫘
SSO connections in Draft status can now be selected from the Enterprise SSO page to complete configuration.
Secureworks® Taegis™ XDR 3.2.36 ⫘
Thursday, October 26th, 2023 ⫘
Features ⫘
Custom Roles ⫘
Custom Roles is now generally available and allows you to create and manage custom user roles using the categories and permissions detailed in User Roles to tailor access for your tenant users to your needs. For more information, see Custom Roles.
Registration Key Expiration Added to Group Configuration Table and Details ⫘
The Taegis Endpoint Agent Group Configuration table and details now display registration key expiration dates. For more information, see Group Configuration.
Reset Multi-Factor Authentication in App ⫘
For users opted in to Preview mode, you can now reset your multi-factor authenticator from your User Profile and Settings in XDR. For more information, see Security Settings.
Fixes ⫘
Add Custom Role Action Removed for Tenant Analysts ⫘
Tenant Analysts can no longer add a custom role, as designed.
Pivot Searches Not Loading Events ⫘
Fixed an issue where a pivot search on certain field types would not present the Events tab in the results.
Secureworks® Taegis™ XDR 3.2.35 ⫘
Thursday, October 19th, 2023 ⫘
Features ⫘
Configured Response Actions Added to Subscriptions ⫘
The Subscriptions page in XDR now displays a table with configured response actions for the tenant. For more information, see Subscriptions.
TAXII 2.1 Integration ⫘
For users opted in to Preview mode, the TAXII 2.1 integration is now available to ingest threat indicators into XDR to generate alerts via the Bring Your Own Threat Intel Detector. For more information, see TAXII 2.1 Integration Guide.
Export Data from Report Templates to CSV and JSON ⫘
For users opted in to Preview mode, you can now generate a CSV and/or JSON file that contains the non-aggregated data with the PDF for report templates. For more information, see Create Reports from a Template.
Fixes ⫘
Hostname Field Error When Adding Collector ⫘
The Hostname field used when configuring DHCP for a data collector was accepting unsupported characters and displaying an unrelated error message. This has been fixed.
Incorrect Data from Report Templates ⫘
Report templates used for time periods greater than 90 days incorrectly presented zero data in charts for the final month. This has been fixed.
Docs ⫘
Common Expression Language Macros ⫘
The documentation for Common Expression Language (CEL) macros used in Automations has been reorganized and improved with additional macros, examples, and explanations.
Secureworks® Taegis™ XDR 3.2.34 ⫘
Thursday, October 12th, 2023 ⫘
Features ⫘
Custom Roles ⫘
For users opted in to Preview mode, you can now create and manage custom user roles using the categories and permissions detailed in User Roles to tailor access for your tenant users to your needs. For more information, see Custom Roles.
Anomali Integration ⫘
For users opted in to Preview mode, the Anomali integration is now available to ingest threat indicators into XDR to generate alerts via the Bring Your Own Threat Intel Detector. For more information, see Anomali Integration Guide.
Fixes ⫘
Auto Investigation Template Description Not Editable ⫘
The description field for Automatic Investigation templates was not present when editing a configured template. This has been fixed.
Pivot Search for DNS Events Used Incorrect Query ⫘
A bug has been fixed where some pivot searches for DNS events from a data source were using an incorrect query.
Docs ⫘
Okta Integration Guide Updated ⫘
The Okta Integration Guide has been updated with additional procedural guidance and updated list of events received from Okta.
Secureworks® Taegis™ XDR 3.2.33 ⫘
Thursday, October 5th, 2023 ⫘
Features ⫘
Endpoint Agent Details Redesigned ⫘
The Endpoint Agent detailed view has been redesigned to eliminate tabs and provide access to details, alerts, and history from a single view. For more information, see Manage Endpoint Agents.
Fixes ⫘
ServiceNow Bidirectional Outbound Playbook Comments ⫘
Comments added to investigations were not syncing to ServiceNow work notes. This has been fixed.
Hostname Links in Event Details Broken ⫘
A bug has been fixed where hostname links in event details pages were broken.
Automatic Investigations Template View Not Persisting ⫘
Selecting the option to view auto investigation templates in list view was not persisting. This has been fixed.
Docs ⫘
Amazon CloudWatch Logs ⫘
Documentation has been added that reviews how to ingest data from sources produced by CloudWatch Logs. For more information, see Amazon CloudWatch Logs Integration Guide.
Bring Your Own Threat Intelligence API ⫘
Documentation has been added for the Bring Your Own Threat Intelligence (BYOTI) API. For more information, see Using the BYOTI API and BYOTI GraphQL API.
Secureworks® Taegis™ XDR 3.2.32 ⫘
Thursday, September 28th, 2023 ⫘
Features ⫘
Bring Your Own Threat Intelligence ⫘
The new Bring Your Own Threat Intelligence (BYOTI) Detector is now available in XDR and enables you to integrate Threat Intel indicator lists and generate alerts when those indicators are found in normalized telemetry. This detector requires a supported Threat Intel integration, which currently includes AlienVault OTX.
Taegis Endpoint Agent Group File Collection ⫘
You can now enable or disable implicit file collection for Taegis Endpoint Agents at a group level. For more information, see Group Configuration.
Manage Users Enhanced ⫘
Manage Users in XDR has been enhanced with improved filter options, visual indicators for users added as points of contact in escalation lists, and other improvements. For more information, see Manage Users.
Share Auto Investigation Templates ⫘
You can now share direct links to automatic investigation templates. For more information, see Share Automatic Investigation Templates.
Actions Added to Alerts Tab of Endpoint Agent Details ⫘
An actions menu has been added to the Alerts tab of the Endpoint Agent detailed view. For more information, see Manage Endpoint Agents.
Fixes ⫘
Investigations Issue ⫘
Fixed a bug affecting the ability to load and close investigations.
Reports Aggregated by Resource Field Failing ⫘
Fixed an issue where reports aggregated by the resource field were failing with errors.
Docs ⫘
NXLog Template Updated ⫘
The Windows Event Log NXLog template has been updated. See NXLog Template Downloads.
Automatic Investigations ⫘
Documentation for Automatic Investigations has been updated with additional guidance. See Automatic Investigations.
Secureworks® Taegis™ XDR 3.2.31 ⫘
Friday, September 22nd, 2023 ⫘
Features ⫘
Okta Integration Enhanced ⫘
The Okta integration has been enhanced with improvements to the configuration process. For more information, see Okta Integration Guide.
Pass the Ticket Detector Removed ⫘
The Pass the Ticket Detector is being decommissioned. For the full list of detectors, see Detectors Overview.
Investigation Tags Now Available ⫘
You can now add tags to investigations. For more information, see Work an Investigation.
Fixes ⫘
Date/Time Picker Display Issue ⫘
Fixed an issue where the date/time picker did not display correctly due to browser zoom settings.
Playbook Execution Line Chart Colors ⫘
Playbook execution line charts now display the correct colors for executions and failures.
Opening Comments in Investigation Truncates Title ⫘
Fixed an issue where the investigation title was truncated when investigation comments were expanded.
Secureworks® Taegis™ XDR 3.2.30.1 ⫘
Friday, September 15th, 2023 ⫘
Features ⫘
Export Dashboards and Widgets to PNG ⫘
You can now export both dashboards and individual dashboard widgets to a PNG image. For more information, see Alert Triage Dashboard, Security Posture Dashboard, Secureworks® Taegis™ ManagedXDR Dashboard, and My Dashboards.
Secureworks® Taegis™ XDR 3.2.30 ⫘
Thursday, September 14th, 2023 ⫘
Features ⫘
File Analysis Detector ⫘
The File Analysis Detector, now available in XDR, identifies malicious files on endpoints with the Taegis Endpoint Agent. For more information, see File Analysis Detector.
Collector API Query Deprecation and New Datasource API ⫘
On October 14, 2023, the existing getDataSourceMetrics query used to fetch datasource metrics will be deprecated in favor of the new Datasource GraphQL API exposing getDataSourceLastSeenAsset, which provides the same functionality as well as new capabilities such as deleting data sources. For more information, see Datasource GraphQL API.
Taegis™ Agent Settings ⫘
For tenants using the Taegis Endpoint Agent, a new Agent Settings page is now available. For more information, see Agent Settings.
Fixes ⫘
Alerts Not Loading ⫘
A bug affecting alert loading has been fixed.
Automation Connection Buttons Unresponsive ⫘
The Edit button on configured connections and Add Connection button on connectors were unresponsive in the Japanese UI. This has been fixed.
Reports Formatting Issue ⫘
A bug where the table of contents in Japanese reports was improperly formatted has been fixed.
Copied IP Addresses Included Extra Characters ⫘
A bug where double-clicking to copy an IP address in XDR included extra characters has been fixed.
Docs ⫘
Taegis™ Magic Jupyter Integration Overview ⫘
Overview documentation for Taegis™ Magic Jupyter Integration, a Jupyter Notebook and Command Line Interface for interacting with the Secureworks® Taegis™ security platform, is now available. See Taegis™ Magic Jupyter Integration.
Threat Hunting with Jupyter Notebooks ⫘
Documentation describing the tools and workflows that enable threat hunting procedures using Jupyter Notebooks is now available. See Hunting with Jupyter Notebooks.
Secureworks® Taegis™ XDR 3.2.29 ⫘
Thursday, September 7th, 2023 ⫘
Fixes ⫘
Auto Investigation Optimizations ⫘
The view has been optimized to allow for better filtering when viewing Automatic Investigations. In addition, the window close button has been fixed as the window would not close in some instances.
Error Message Optimizations ⫘
For some event and pivot search screens, errors would display incorrectly. This has been fixed.
Report Time Errors ⫘
Reports were showing different times between the English version and Japanese versions of the same report. This has been fixed.
Secureworks® Taegis™ XDR 3.2.28.1 ⫘
Friday, September 1st, 2023 ⫘
Features ⫘
Automatic Investigations ⫘
Automatic Investigations has left Preview mode and is now generally available. XDR can now analyze your alerts and automatically create investigations based on criteria you define. For more information, see Automatic Investigations.
Docs ⫘
Taegis™ NGAV Agent Update ⫘
The Taegis™ NGAV Enterprise Administration Guide has been updated. For more information, see Setting up the Taegis™ NGAV Agent.
Secureworks® Taegis™ XDR 3.2.28 ⫘
Wednesday, August 30th, 2023 ⫘
Features ⫘
Refresh Alert Triage Dashboard ⫘
You can now refresh the data in all widgets on the Alert Triage Dashboard. For more information, see Refresh Dashboard.
Export Dashboards to PNG ⫘
For users opted in to Preview mode, you can now export dashboards in XDR to a PNG image. For more information, see Alert Triage Dashboard, Security Posture Dashboard, Secureworks® Taegis™ ManagedXDR Dashboard, and My Dashboards.
Fixes ⫘
Unsupported Entities in Suppression Rule Creation ⫘
When creating a Suppression Rule from an alert, XDR was including entities not currently supported for rule configuration. This has been fixed.
See All Events Option Not Working ⫘
For some alerts, using the See All Events option led to an invalid search query. This has been fixed.
Investigation Status Message Improperly Formatted ⫘
A bug has been fixed where adding alerts to investigations with titles longer than 50 characters resulted in an improperly formatted status message.
Investigation PDF Exports Missing Details ⫘
A bug has been fixed where PDF exports of investigations were missing investigation details.
Secureworks® Taegis™ XDR 3.2.27 ⫘
Thursday, August 24th, 2023 ⫘
Features ⫘
Akamai Enterprise Application Access Integration Added ⫘
XDR can now ingest and normalize data from Akamai Enterprise Application Access (EAA) via Akamai Unified Log Streamer (ULS). For more information, see the Akamai EAA Integration Guide.
Office 365 Management API Integration Added ⫘
This integration replaces Office 365 Management Activity API. For more information, see Office 365 Management API Integration Guide.
Fixes ⫘
Playbook History Table Not Filtered by Date/Time Range ⫘
The Playbook History table was not being filtered by the range set in the date/time picker. This has been fixed.
Save and Finish Button Not Working in Playbook Instance ⫘
While editing a playbook instance, the Save and Finish button was not functioning correctly if you skipped directly from the initial Details section to the final Inputs section. This has been fixed.
Incorrect Next Scheduled Date for Reports in Japanese Mode ⫘
The Next Scheduled Date was not being set correctly when scheduling a report with the UI in Japanese mode. This has been fixed.
Secureworks® Taegis™ XDR 3.2.26 ⫘
Thursday, August 17th, 2023 ⫘
Fixes ⫘
Trigger Filter Not Displaying ⫘
In some playbooks, the trigger filter was not displaying properly. This has been fixed.
Endpoint Agents Summary Table Pagination Error ⫘
The Endpoint Agents Summary table pagination was not updating after adding a tag to an endpoint and refreshing. This has been fixed.
Secureworks® Taegis™ XDR 3.2.25.1 ⫘
Tuesday, August 15th, 2023 ⫘
Features ⫘
Automatic Investigations ⫘
Automatic Investigations is now available in Preview. XDR can now analyze your alerts and automatically create investigations based on criteria you define. For more information, see Automatic Investigations.
Secureworks® Taegis™ XDR 3.2.25 ⫘
Friday, August 11th, 2023 ⫘
Features ⫘
Endpoint Agents Navigation Improved ⫘
Tabs previously available on the Endpoint Agents page in XDR are now discrete options available from the left-hand side navigation Endpoint Agents menu. For more information, see Manage Endpoint Agents.
Docs ⫘
Event Hub Scaling Added to Microsoft Defender Integration ⫘
Microsoft Defender for Endpoint Integration Guide has been updated with instructions on event hub scaling. For more information see Scaling Event Hub.
Fixes ⫘
Alerts Detail Events Table Not Reloading ⫘
For some tenants the Events tab in the Alerts panel was not repopulating after selecting it, navigating away, then returning to it. This has been corrected so that it repopulates correctly.
Secureworks® Taegis™ XDR 3.2.24 ⫘
Thursday, August 3rd, 2023 ⫘
Features ⫘
Taegis Endpoint Agent Auto Archive ⫘
For users opted in to Preview mode, you can now specify a time frame after which any Taegis Endpoint Agents assigned to a group that have not reported to XDR are archived from view on the Agent Summary table. For more information, see Group Configuration.
On-Premise Automation Connector Now Supports LDAP Authentication ⫘
The On-Premise Automation Connector now supports LDAP authentication to provide the connector access to Active Directory and LDAP directory services. If an older version of the On-Premise Connector is configured, you must delete the connector and re-add it to the data collector. For more information, see On-Premise Automation Connector. The system the collector is deployed to requires network access to the AD/LDAP services.
Fixes ⫘
Investigation PDF Exports Incorrect Formatting ⫘
Some PDF exports of investigations were not formatted correctly. This has been fixed.
Select All on Data Sources Table Not Working ⫘
The Select All function of the Data Sources table persisted after filters were adjusted. This has been fixed.
Docs ⫘
Taegis Endpoint Agent Beta Release Channel ⫘
See Taegis™ Agent Beta Release Channel for more details on the benefits and recommended uses of the Taegis™ Agent Beta release channel.
Secureworks® Taegis™ XDR 3.2.23 ⫘
Thursday, July 27th, 2023 ⫘
Features ⫘
Taegis Help Center ⫘
The Taegis Help Center is now available. Now you can access and search the Taegis Documentation and Knowledge Base from a central location. To open the Taegis Help Center from XDR, select the help icon ( ) in the upper right-hand corner, then choose Help Center from the pull down menu.
Microsoft Azure Active Directory Activity Reports Integration Added ⫘
This integration replaces Azure Active Directory — Monitoring. For more information, see Microsoft Azure Active Directory Activity Reports.
Playbook Queues Removed ⫘
Playbook Queues have been removed due to platform improvements in scalability and simplification of the execution process. Playbook instances are logged and can be tracked from the History tab of Playbooks. See Playbooks History for more information.
Fixes ⫘
Agent Downloads ⫘
The Agent Downloads tab of Endpoint Agents is available only for users with the Tenant Admin role as designed.
Searches Not Appearing in History ⫘
Some searches were not appearing in the History tab of Advanced Search. This has been fixed.
Secureworks® Taegis™ XDR 3.2.22 ⫘
Thursday, July 20th, 2023 ⫘
Features ⫘
Sentinel One Regions ⫘
The XDR Sentinel One integration now supports the apne1 region.
Fixes ⫘
Automations Playbooks List Errors ⫘
List order by status now sorts as expected in the Automations Playbooks List.
Investigation Timeline ⫘
Some events were not appearing at the correct related time in the Investigations timeline. This has been corrected.
Secureworks® Taegis™ XDR 3.2.21 ⫘
Thursday, July 13th, 2023 ⫘
Features ⫘
XDR User Administration Summary Report Template ⫘
The XDR User Administration Summary Report has left Preview mode and is now available to all users. For more information, see XDR User Administration Summary Report.
XDR Python SDK ⫘
The XDR Python SDK is now available. The Python SDK is a library you can use with XDR’s GraphQLs APIs to greatly speed and enhance any custom integrations with XDR. For more information, see XDR Python SDK.
Delete Data Sources ⫘
You can now delete data sources to remove the device records from the Data Sources table. For more information, see Delete Data Sources.
Fixes ⫘
Investigation Titles Character Limit ⫘
Investigation titles are now limited to 256 characters.
Data Sources Not Loading ⫘
Data sources were not loading properly for certain users. This has been fixed.
Endpoint Agents Table Tag Filter ⫘
Filtering the Endpoint Agents table by Tag is now case insensitive.
Secureworks® Taegis™ XDR 3.2.20 ⫘
Thursday, July 6th, 2023 ⫘
Features ⫘
OPNsense Integration Added to XDR ⫘
XDR can now ingest and normalize data from OPNsense. For more information, see the OPNsense Integration Guide.
pfSense Integration Added to XDR ⫘
XDR can now ingest and normalize data from pfSense. For more information, see the pfSense Integration Guide.
Time Zone ⫘
You can now set the time zone in XDR to match the time and date to your time zone preference. For more information, see Time Zone in Profile Settings.
Docs ⫘
Using File Upload API ⫘
Using the File Upload API has been updated.
Provided Data Tables Updated ⫘
The Provided Data tables for third party integrations have been updated.
Fixes ⫘
Exported Investigations Not Masking Assignee or Creator for Tenant Users ⫘
Exported investigations were not masking assignee or creator data for Tenant Users. This has been fixed.
Secureworks® Taegis™ XDR 3.2.19 ⫘
Thursday, June 29th, 2023 ⫘
Features ⫘
Claroty CTD Integration Added to XDR for OT ⫘
XDR can now ingest and normalize data from Claroty CTD. For more information, see the Claroty Continuous Threat Detection (CTD) Integration Guide.
Dragos Platform Integration Added to XDR for OT ⫘
XDR can now ingest and normalize data from the Dragos Platform. For more information, see Dragos Platform Integration Guide.
Docs ⫘
Supported Connectors for Automations Update ⫘
The Supported Connectors list for Secureworks® Taegis™ XDR Automations has been updated. For more information, see Supported Connectors.
Fixes ⫘
Error Filtering Playbook Status/Name Columns ⫘
Filtering for Playbook Status/Name columns now works as expected.
Some CSV Export Files Contain Irrelevant Fields ⫘
Some export files were not correctly populating with data. The data not importing correctly, such as those from health status and some from the Cloud API has been temporarily filtered out.
Label Correction in Enterprise SSO Add New Connection ⫘
The label for Assertion Customer Service URL has been corrected to Assertion Consumer Service URL.
ManagedXDR Export All as CSV ⫘
ManagedXDR’s Export All as CSV function now exports all expected results.
Secureworks® Taegis™ XDR 3.2.18 ⫘
Thursday, June 22nd, 2023 ⫘
Features ⫘
XDR User Administration Summary Report Template ⫘
For users opted in to Preview mode, you can now create XDR User Administration Summary Reports from a predefined template. For more information, see XDR User Administration Summary Report.
Fixes ⫘
Suppression Rule Alert Title Entity ⫘
When creating a suppression rule from an alert, the Alert Title entity is now available in the pre-populated list from the alert as designed.
Docs ⫘
Office 365 and Azure Data Availability Doc Update ⫘
Additional information on data availability, collection times, and collection variables has been added to Office 365 and Azure Data Availability.
Secureworks® Taegis™ XDR 3.2.17 ⫘
Thursday, June 15th, 2023 ⫘
Fixes ⫘
Proofpoint Alerts Cannot Be Used in Suppression Rules ⫘
When creating a Suppression rule, Proofpoint alerts were not selectable options. This has been fixed.
Docs ⫘
HA Collector Docs Update ⫘
The command to verify if a node is online has been corrected. For more information, see Maintenance or Downtime in On-Premises HA Data Collector.
On Premises Data Collector Docs Update ⫘
Nifi is no longer used by the Taegis™ XDR Collector and has been removed from the requirements lists.
Secureworks® Taegis™ XDR 3.2.16 ⫘
Thursday, June 8th, 2023 ⫘
Features ⫘
Taegis Watchlist Detector ⫘
The TDR Watchlist detector has been renamed to Taegis Watchlist. For more information, see Taegis Watchlist.
Taegis Endpoint Agent Group Configuration ⫘
Taegis Endpoint Agent groups now display as discrete pages that provide a direct link to share with other tenant users or Secureworks support. For more information, see Group Configuration.
Fixes ⫘
Endpoint Response Actions ⫘
Endpoint Response Actions now display consistently in alphabetical order in the Actions menu.
Docs ⫘
Reactivating XDR Users ⫘
Documentation on reactivating XDR users has been added. For more information, see Manage Users.
Secureworks® Taegis™ XDR 3.2.15 ⫘
Thursday, June 1st, 2023 ⫘
Features ⫘
Google Workspace Integration Updated ⫘
XDR can now ingest and normalize Google Workspace Admin Activity events, Chrome Audit Activity events, and Alert Center Alerts. For more information, see Google Workspace Integration Guide.
Secureworks® Taegis™ ManagedXDR for OT ⫘
Secureworks® Taegis™ ManagedXDR for OT is now available as an added service for Secureworks® Taegis™ ManagedXDR and Secureworks® Taegis™ Elite Threat Hunting subscribers. For more information, see Taegis ™ ManagedXDR for OT.
Taegis™ NGAV Agent Update ⫘
The documentation for the Taegis™ NGAV Agent has been updated. For more information, see Taegis™ NGAV Agent.
Secureworks® Taegis™ XDR 3.2.14 ⫘
Friday, May 26th, 2023 ⫘
Features ⫘
Isolate and Restore Disconnected Taegis Endpoint Agents ⫘
Taegis Endpoint Agents now have the enhanced ability to be isolated and restored when in a disconnected state. For more information, see Host Isolation.
Create Share Link for Agent Details and Suppression Rules ⫘
Agent details and suppression rules now provide a direct link to share with other tenant users or Secureworks support.
Fixes ⫘
Custom Parsers Error ⫘
An error was displaying on the Custom Parsers page and persisting to other areas of XDR when there were no configured custom parsers. This has been fixed.
Red Cloak™ Endpoint Agent Isolate and Restore ⫘
The options to isolate and restore some Red Cloak™ Endpoint Agents were not available from Endpoint Agents. This has been fixed.
Report Generation ⫘
A bug causing reports not to generate for users whose language preference was set to Japanese has been fixed.
Investigations Table ⫘
A bug causing the Investigations table to partially load with errors has been fixed.
Docs ⫘
Endpoint Agents Summary Table ⫘
Endpoint Agents has been updated with additional guidance for filtering and selecting all endpoints.
Secureworks® Taegis™ XDR 3.2.13 ⫘
Thursday, May 11th, 2023 ⫘
Features ⫘
Related Entities and Insights ⫘
XDR’s Alert Details now includes Related Entities in the Summary tab. There’s also a new Insights tab where you can quickly triage alerts that share traits—related entities—with the currently displayed alert. This allows analysts to speed root cause analysis and group related alerts into an investigation. For more information, see Alert Details.
Secureworks® Taegis™ XDR 3.2.12.1 ⫘
Tuesday, May 9th, 2023 ⫘
Features ⫘
Taegis Endpoint Agent Release Channels ⫘
Release Channels has left Preview mode and is now generally available. See Group Configuration to assign Taegis Endpoint Agent groups to the Stable, Preview, or Beta channel to auto-update endpoints in that group when agent versions promoted to the chosen channel are released.
Taegis Endpoint Agent Host Isolation Exceptions ⫘
Host Isolation Exceptions has left Preview mode and is now generally available. Use Host Isolation Exceptions to access Taegis Endpoint Agents in an isolated state from an approved CIDR range. For more information, see Taegis Endpoint Agent Host Isolation Exceptions.
Secureworks® Taegis™ XDR 3.2.12 ⫘
Friday, May 5th, 2023 ⫘
Features ⫘
Data Collector Troubleshooting Console ⫘
The Admiral console is now available to access information about a deployed Taegis™ XDR Collector locally to assist in device setup and troubleshooting of common problems such as network connectivity. For more information, see Admiral Console.
Bulk Uninstall Taegis Endpoint Agents ⫘
Multiple Taegis Endpoint Agents can now be bulk uninstalled. For more information, see Uninstall Taegis Agents.
Alerts Table Technique ID Filter ⫘
The Alerts table can now be filtered by MITRE Technique ID using the Technique ID filter. For more information, see Filter for Alerts.
Timeline View Source Event ⫘
In the Timeline of Related Alerts & Events view, the source event can now be selected from the events table to view its details. For more information, see Related Alerts and Events Timeline View.
Close Investigations with No Alerts ⫘
Investigations with no added alerts can now be closed with a closed status for tracking. For more information, see Close Investigation.
Tenant Profile Files ⫘
Tenant Profiles now include a Files tab if Secureworks has uploaded files for your tenant and made them available to you to download. For more information, see Tenant Profile.
Fixes ⫘
Investigation Comments Tags ⫘
Partner users were appearing as options to tag in comments of investigations rather than tenant users. This has been fixed.
Mark All Notifications as Read ⫘
The Mark all as Read function in XDR notifications has been fixed.
Investigations Table Column Filters ⫘
The Assignee and Creator columns of the Investigations table can now be filtered with the Contains operator as designed.
Investigation Summary Report Timeframe ⫘
The Investigation Summary report now displays the correct timeframe.
Add Connection in Playbook Configuration ⫘
When configuring a playbook template, adding a connection could not be tested or saved. This has been fixed.
Secureworks® Taegis™ XDR 3.2.11.4 ⫘
Tuesday, May 2nd, 2023 ⫘
Features ⫘
XDR Automations IP Range Change ⫘
On May 15th, 2023, the IP address range used for Automations is changing to 216.9.204.0/22.
Prior to May 15th, random AWS Elastic IP addresses (eIPs) have been used for making connections to integrated product APIs. The change is being made in order to use specified source IP ranges for connector authentication. This will likely not impact you, but it if you have configured firewall rules, allow-lists, or any other application configuration that specifies AWS eIPs, you’ll need to update the configuration. For more information, see Automations Overview.
Secureworks® Taegis™ XDR 3.2.11 ⫘
Thursday, April 13th, 2023 ⫘
Features ⫘
New Endpoint Agents Interface Released ⫘
A new Endpoint Agents interface has left Preview mode and is now available to all users. This improved experience includes streamlined navigation with enhanced filters, improved export functionality, and a new tagging experience. For more information, see Endpoint Agents.
Taegis Endpoint Agent Release Channels ⫘
For users opted in to Preview mode, Release Channels control the update process of the agent at a group level. See Group Configuration to assign Taegis Endpoint Agent groups to the Stable, Preview, or Beta channel to auto-update endpoints in that group when agent versions promoted to the chosen channel are released.
Docs ⫘
XDR Python SDK Docs ⫘
Documentation on using the XDR Python SDK have been added. For more information, see Authenticating with XDR GraphQL APIs.
Fixes ⫘
Investigation Key Findings Information ⫘
A display bug disallowed full scrolling through key findings in some investigations. This has been corrected.
Report Dates Don’t Match Dates From Advanced Search ⫘
Certain search and report combinations were producing mismatched dates. This has been corrected.
Secureworks® Taegis™ XDR 3.2.10.2 ⫘
Friday, April 7th, 2023 ⫘
Features ⫘
Taegis Endpoint Agent Host Isolation Exceptions ⫘
For users opted in to Preview mode, you can now configure Host Isolation Exceptions to access Taegis Endpoint Agents in an isolated state from an approved CIDR range. For more information, see Taegis Endpoint Agent Host Isolation Exceptions.
Investigation Status Reason ⫘
A new column called Status Reason on the Investigations Evidence tab now displays the reason an alert was closed. For more information, see Investigation Evidence.
Secureworks® Taegis™ XDR 3.2.10.1 ⫘
Monday, April 3rd, 2023 ⫘
Features ⫘
SentinelOne Integration Added ⫘
XDR in Preview mode can now ingest and normalize data from SentinelOne. For more information, see SentinelOne.
Secureworks® Taegis™ XDR 3.2.10 ⫘
Thursday, March 30th, 2023 ⫘
Features ⫘
Investigation ID ⫘
All investigations now have a unique identifier number (for example, INV00001
). You can filter for it in the new Investigations Overview column. For more information, see Investigation Summary.
Events on the Investigation Timeline ⫘
The investigation timeline now displays event summaries for all events. For more information, see Investigation Timeline.
Automatic Investigations Change Summary Notifications ⫘
A new email notification is now available: Automatic investigations change summary. This is a daily digest that summarizes which investigations were changed by a service provider auto-appending an alert to an investigation. For more information, see Notification Preferences.
Taegis Connections No Longer Required ⫘
Taegis platform connectors are now automatically provisioned. This means that when configuring automation playbooks, you are no longer required to configure Taegis connections manually.
Fixes ⫘
Deactivated Username Appearing in Investigation Assignee List ⫘
Disabled user names were appearing in the Investigation Assignee drop down in a Beta feature of XDR. This has been fixed.
Secureworks® Taegis™ XDR 3.2.9 ⫘
Friday, March 24th, 2023 ⫘
Features ⫘
Forcepoint Firewall Integration Added ⫘
XDR can now ingest and normalize data from Forcepoint Firewall. For more information, see Forcepoint Firewall.
McAfee ePO Integration Added ⫘
XDR can now ingest and normalize data from McAfee ePO. For more information, see McAfee ePO.
Bulk Reconnect Taegis Endpoint Agents ⫘
Multiple Taegis Endpoint Agents can now be bulk reconnected to the registration server to initiate an auto-update. For more information, see Reconnect Taegis Agents.
Single Sign-On Now Available ⫘
Single sign-on (SSO) is now generally available to all users, by integrating XDR access with a localized corporate authentication system with Enterprise SSO. For more information, see Enterprise SSO.
Fixes ⫘
Mark All As Read ⫘
The Mark all as read option in the notifications pane now works again.
Issue Closing Investigations ⫘
Users of the Japanese version of XDR were having issues closing investigations. This has been fixed.
Playbook Columns ⫘
Columns in the Configured Playbooks table now sort as expected.
Azure AD Risk Detection Integrations ⫘
Correctly configured Azure Active Directory Identity Protection - Risk Detection integrations were not being marked as active. This has been fixed.
Secureworks® Taegis™ XDR 3.2.8 ⫘
Friday, March 17th, 2023 ⫘
Features ⫘
Endpoint Assets GraphQL API Now Available ⫘
The Endpoint Assets GraphQL API is now available in XDR. For more information, see Endpoint Assets GraphQL API.
Taegis Endpoint Agent Summary Investigations ⫘
Taegis Endpoint Agent details now include a count of associated investigations in the side drawer summary view and a list of associated investigations with description, status, and assignee in the detailed view. For more information, see View Endpoint and Agent Details.
Fixes ⫘
ServiceNow Automation Connection ⫘
Selecting the Test button after properly configuring a ServiceNow connection was resulting in an error. This has been fixed.
Scheduled Reports ⫘
Some scheduled reports were experiencing a delay in being sent to subscribers after generating. This has been fixed.
Secureworks® Taegis™ XDR 3.2.7 ⫘
Thursday, March 9th, 2023 ⫘
Features ⫘
Darktrace Integration Added ⫘
XDR can now ingest and normalize data from Darktrace. For more information, see Darktrace.
Fixes ⫘
Tenant Selector ⫘
The All My Tenants tab of Tenant Selector was periodically presenting tenants out of order. This has been fixed.
Alert Sensor ID Pivot Search ⫘
The pivot search magnifying glass icon was missing for the Sensor ID field of alerts. This has been fixed.
Secureworks® Taegis™ XDR 3.2.6 ⫘
Friday, March 3rd, 2023 ⫘
Features ⫘
On-Premises Highly Available (HA) Collector ⫘
You can now can deploy an On-Premises HA Data Collector for XDR. For more information, see On-Premises HA Data Collector.
Custom Rules Event Types ⫘
The Custom Rules table now includes a column called Event Type, so you can easily identify which events are being matched against. For more information, see Custom Alert Rules.
MFA QR Code Alternative ⫘
When setting up your multi-factor authentication for XDR logins, there is now a new option for users who can’t scan QR codes. Choose the option to copy a secret string into your authenticator app instead. For more information, see Set Up Multi-Factor Authentication.
Search Endpoint Agent Tags ⫘
On the Endpoint Agent Summary table, the Tags filter now has an input box, so you can search for tags that contain the phrase you enter. For more information, see Filter Endpoints.
Tickets Related to Investigations ⫘
On an investigation, the Ticket field used to auto-populate from third-party ticketing systems only. Now, this field is manually editable, so you can add any internal ticket references you’d like to an investigation. For more information, see Investigation Summary.
Fixes ⫘
Endpoints Not Loading ⫘
The Endpoints table wasn’t loading for some tenants. This has been fixed.
Editing Custom Date Ranges ⫘
Some users were having difficulty editing custom date ranges while constructing advanced searches. This has been fixed.
Suppressed High & Critical Alerts ⫘
On the Security Posture Dashboard, the Event Pipeline widget no longer includes suppressed alerts in the High & Critical Alerts count.
Secureworks® Taegis™ XDR 3.2.5 ⫘
Friday, February 24th, 2023 ⫘
Features ⫘
Single Sign-On Now in Preview ⫘
For users opted in to Preview mode, you can now integrate XDR access with a localized corporate authentication system with Enterprise SSO. For more information, see Enterprise SSO.
Cisco ISE Integration Added ⫘
XDR can now ingest and normalize data from Cisco ISE. For more information, see Cisco ISE.
Forcepoint Web Security Integration Added ⫘
XDR can now ingest and normalize data from Forcepoint Web Security. For more information, see Forcepoint Web Security.
VMware vCenter Integration Added ⫘
XDR can now ingest and normalize data from VMware vCenter. For more information, see VMware vCenter.
Fixes ⫘
Can’t Tag Customers in Comment Section ⫘
The comments section now displays the context menu as expected when @customer
is entered.
Secureworks® Taegis™ XDR 3.2.4 ⫘
Thursday, February 16th, 2023 ⫘
Features ⫘
Improved Performance for Custom Alerts and Searches for Generic Events ⫘
Secureworks has updated how generic events are generated in XDR to improve performance for Custom Alert and Searches involving generic data. Previously, normalized events were duplicated as generic events. This change removes the duplicate events from the generic schema. Going forward, only data that is not normalized is stored as generic events. This reduction in generic events improves performance for the features that use generic events. Note that all normalized events contain the original unaltered message in the original_data
field.
If you currently have custom rules, saved searches, or reports that use generic events, then the duplication of generic events will be turned off for your tenant on March 16th, 2023. If you do not have custom rules, saved searches, or reports that rely on generic events, then this update will not have an impact on your tenant and the duplication will be turned off on February 16th, 2023. For more information, see FAQ: Generic Events and Normalized Data.
Alert Grouping Expanded to Seven Days ⫘
Previously, alerts used a 24-hour period to group occurrences, but now alert occurrences may be grouped within a window of up to seven days. See Alert Group Key FAQ for more details.
Investigation IDs ⫘
Investigations now include an autogenerated ID added to the end of the title for easier identification and communication. For more information on investigations, see Work an Investigation.
Fixes ⫘
Close Investigations ⫘
A bug in the Close Investigation modal that made it impossible to select the reason for closing the investigation has been fixed.
Secureworks® Taegis™ XDR 3.2.3 ⫘
Thursday, February 9th, 2023 ⫘
Features ⫘
Refreshed Chat Support Experience and Navigation ⫘
In addition to a refreshed look and feel of the navigation in Secureworks® Taegis™ XDR, the Chat Support button has also been relocated to the bottom of the left-hand menu. For more information, see Chat Support.
CTU™ Threat Intelligence Report Notifications ⫘
You can now opt in to notifications about CTU Threat Intelligence Reports. For more information, see Notification Preferences.
Secureworks® Taegis™ XDR 3.2.2 ⫘
Tuesday, February 7th, 2023 ⫘
Features ⫘
Security Posture Dashboard ⫘
Introducing the new Security Posture Dashboard, which highlights your organization’s security posture, as well as the security trends in your industry and others. It’s available under Dashboards in the left-side navigation. For more information, see Security Posture Dashboard.
Secureworks® Taegis™ XDR 3.2.1 ⫘
Thursday, February 2nd, 2023 ⫘
Features ⫘
Edit User Email Addresses ⫘
Tenant Admins can now edit other users' email addresses. For more information, see Edit User Emails.
Fixes ⫘
Investigation Load Time ⫘
The increased load time of investigations containing a large number of added alerts, events, assets, or entities has been fixed.
Report Template Date Range ⫘
A bug affecting the date range for report templates created in a time zone outside the current UTC date has been fixed.
Manage Users Page ⫘
The Manage Users page now displays a message if there are no users for the tenant.
Secureworks® Taegis™ XDR 3.2 ⫘
Friday, January 27th, 2023 ⫘
Features ⫘
Advanced Search Aggregations ⫘
You can now use Aggregate in Advanced Search queries to group results and filter or calculate the results for sum, min, max, average, count, or cardinality to find what’s important in your XDR gathered data. This powerful addition allows you to summarize data and is a useful aid to the investigative process. For more information, see Aggregations.
Google Cloud Platform (GCP) Collector ⫘
XDR now can deploy a collector in the Google Cloud Platform (GCP). For more information, see Google Cloud Platform (GCP) Collector.
Google Workspace Login Audit Activity Integration Added ⫘
XDR can now ingest and normalize data from Google Workspace Login Audit Activity. For more information, see Google Workspace Login Audit Activity Integration.
Trend Micro Deep Security Integration Added ⫘
XDR can now ingest and normalize Trend Micro Deep Security event types. For more information, see Trend Micro Deep Security.
Docs ⫘
Proactive Response Updated ⫘
The documentation for Proactive Responses has been updated. For more information, see Proactive Response Actions Overview.
Secureworks® Taegis™ XDR 3.1.22 ⫘
Thursday, January 19th, 2023 ⫘
Features ⫘
ManagedXDR Proactive Response Actions Expanded ⫘
Proactive Response Actions for ManagedXDR customers have been updated and now include the ability to do the following actions:
- Host isolation
- User password reset with Azure AD
- User block with Azure AD
- User block with AWS
- Access key revocation with AWS
- Disable MFA device with AWS
- iSensor IP block
For more information, see Proactive Response Actions Overview.
Fixes ⫘
Duplicate Points of Contact ⫘
We have fixed an issue that allowed duplicate points of contact within Tenant Profile.
Investigation Comments ⫘
Mentioning users in the comments of an investigation now works as expected.
Normalized Hostname ⫘
The hostname was not being displayed in the Normalized Data JSON for Taegis NGAV alerts. This has been fixed.
Secureworks® Taegis™ XDR 3.1.21 ⫘
Friday, January 13th, 2023 ⫘
Features ⫘
Custom Parsers and Custom Automations ⫘
You can now create Custom Parsers to parse and normalize syslog data to XDR schemas from sources not natively supported. You can also now build custom automations by defining Custom Connectors and building Playbook Templates. For more information, see Custom Parsers Overview, Custom Connector Editor, and Building Your First Playbook. Additional docs are also available with more in development coming soon.
CyberArk Integration Added ⫘
XDR can now ingest and normalize CyberArk Privileged Threat Analytics (PTA) and Vault data. For more information, see CyberArk.
Fixes ⫘
Edit Suppression Rules ⫘
When editing a suppression rule, the Save button was not appearing if a field was updated by pasting content rather than typing it. This has been fixed.
Docs ⫘
Taegis Endpoint Agent Group Configuration ⫘
Taegis Endpoint Agent Group Configuration has been updated to reflect the renaming of available policy tiers.
Secureworks® Taegis™ XDR 3.1.20 ⫘
Friday, January 6th, 2023 ⫘
Features ⫘
Response Actions ⫘
Custom response actions created from playbooks are now offset in a subsection of the Actions drop-down lists, under the header ’Response Actions.’ This makes it clearer which actions are standard to XDR and which are custom to the tenant.
Removed Time Zones ⫘
Time zones have been removed from the list of users in a tenant, to prevent confusion. As a reminder, the default time setting in XDR is UTC. This cannot be adjusted by customers or Secureworks.
Phone Number Extensions ⫘
Profile Settings now supports adding extensions to phone numbers. For more information, see Profile Settings.
Fixes ⫘
Alert Counts in Reports ⫘
Alert counts in some report templates were not corresponding with the selected dates. This has been fixed.
Alert Suppression Rules ⫘
The drag-and-drop functionality for creating alert suppression rules has been fixed.
Secureworks® Taegis™ XDR 3.1.19 ⫘
Thursday, December 22nd, 2022 ⫘
Docs ⫘
New Docs Site Navigation ⫘
Welcome to the improved XDR docs site, which has been reorganized to improve the findability of our docs. Notable changes include:
- A new landing page for all Taegis documentation, with search bars for both XDR and VDR
- An improved navigation menu for XDR
- Tags for articles
- A new Get Started section
Secureworks® Taegis™ XDR 3.1.18 ⫘
Thursday, December 15th, 2022 ⫘
Features ⫘
Tenant Profile ⫘
Managed Security Service customers can now use Tenant Profile to review and update critical security escalation points of contact and review network details to help the triaging and escalation of security alerts. For more information, see Tenant Profile.
Docs ⫘
API Authentication Using Powershell ⫘
Instructions on authenticating onto the XDR APIs using Powershell have been added. For more information, see Authentication Using Powershell.
Updates to Business Email Compromise Detector Triggers ⫘
The list of inbox rules that trigger alerts from the Business Email Compromise Detector has been updated. For more information, see Business Email Compromise.
Secureworks® Taegis™ XDR 3.1.17 ⫘
Monday, December 12th, 2022 ⫘
Feature ⫘
New Taegis™ XDR Endpoint Agent for Windows Now Available ⫘
Taegis Endpoint Agent for Windows version 1.0.26 is now available. For more information, see Taegis™ Agent Changelog.
Secureworks® Taegis™ XDR 3.1.16.2 ⫘
Thursday, December 1st, 2022 ⫘
Docs ⫘
File Upload API ⫘
You can use the File Upload API to send properly formatted log files to Secureworks® Taegis™ XDR for ingestion and normalization without a Taegis™ XDR Collector. For more information, see Using the File Upload API.
Fixes ⫘
Netflow Diagram ⫘
Source IP and Destination IP addresses now display as expected on netflow diagrams for events.
Secureworks® Taegis™ XDR 3.1.16 ⫘
Thursday, November 17th, 2022 ⫘
Features ⫘
Hostname Quick Search ⫘
You can now perform quick searches on hostnames. For more information, see Quick Search.
VirusTotal Added to Threat Intelligence Alert Enrichment ⫘
Secureworks now leverages enrichment data from VirusTotal, displayed in an alert’s Threat Intelligence details tab. The rest of the tab has also been redesigned, including a new pop-up that displays the Geotag and the APIVoid total count when you hover over a red flag icon . For more information, see Threat Intelligence Alert Enrichment.
Docs ⫘
New FAQ for iSensor Block/Unblock ⫘
We have added steps to the Managed iSensor™ FAQ regarding how to configure a block or unblock action on an iSensor. For more information, see Managed iSensor™ FAQ.
Fixes ⫘
Pivot Search ⫘
Pivot searches using @hash contains
were resulting in an error. This has been fixed.
Pivot searches on a URI Host for an http event type were also failing. This has also been fixed.
Microsoft Defender for Endpoint Event Hub ⫘
Event Hub details for Microsoft Defender for Endpoint integrations are now displayed correctly.
Copying Text ⫘
Double-clicking or double-tapping on text within XDR copies the text to your clipboard. We have fixed an issue where extra text was also being copied inadvertently.
Secureworks® Taegis™ XDR 3.1.15 ⫘
Thursday, November 10th, 2022 ⫘
Features ⫘
Create Reports From a Template ⫘
You can now create Investigation Summary Reports, Executive Summary Reports, and Alert Summary Reports from a predefined template. For more information, see Report Templates, and Create Reports from a Template.
SCADAfence Integration Added ⫘
XDR can now ingest and normalize SCADAfence data, providing visibility into OT networks. For more information, see SCADAfence.
Fixes ⫘
Investigations Attachments Tab Not Loading ⫘
Some tenants were unable to see the Investigations Attachment tab. This has been fixed.
Docs ⫘
Taegis™ NGAV Agent ⫘
The documentation for the Taegis™ NGAV Agent has been updated to reflect how NGAV data is processed. For more information, see Taegis™ NGAV Agent.
Secureworks® Taegis™ XDR 3.1.14 ⫘
Thursday, November 3rd, 2022 ⫘
Features ⫘
Investigation Summary Report Template in Preview ⫘
For users opted in to Preview mode, you can now create Investigation Summary Reports from a predefined template. For more information, see Investigation Summary Report.
Mimecast and Proofpoint Integration Update ⫘
New XDR Mimecast and Proofpoint Integrations now require adding a unique integration name. For more information, see Mimecast and Proofpoint Targeted Attack Protection (TAP).
Fixes ⫘
Unrelated Alerts in Taegis Endpoint Details ⫘
Unrelated alerts were showing in Taegis agent endpoint details. This has been fixed.
O365 Integration Authorization Not Working ⫘
The Authorize button for O365 Cloud API integrations is now working as expected.
Docs ⫘
Updates to Users API Documentation ⫘
Instructions on how to search users using the Users GraphQL API have been added. For more information, see Using the Users API.
Updates to Tenants API Documentation ⫘
Instructions on managing tenant environments with the Tenants GraphQL API have been added. For more information, see Using the Tenants API.
Taegis Endpoint Agent Known Issues ⫘
Documentation of known issues affecting the Taegis Endpoint Agent is now available.
Taegis Endpoint Agent Troubleshooting ⫘
Windows Agent Troubleshooting has been updated with information on using the included support kit tool, and Linux Agent Troubleshooting has been updated with information on using two available support scripts.
Secureworks® Taegis™ XDR 3.1.13 ⫘
Wednesday, October 26th, 2022 ⫘
Features ⫘
Playbook Queues in Preview ⫘
For users opted in to Preview mode, you can view queues for High-Priority playbooks and Normal playbooks. For more information, see Playbook Queues.
Secureworks® Taegis™ XDR 3.1.12.1 ⫘
Tuesday, October 25th, 2022 ⫘
Docs ⫘
Alerts API ⫘
Alerts API documentation has been updated to note that the current Taegis™ XDR GraphQL gateway does not support skip directives.
Mimecast ⫘
Mimecast documentation has been updated to note that MFA must be disabled for the service account used for the Mimecast integration.
Secureworks® Taegis™ XDR 3.1.12 ⫘
Thursday, October 20th, 2022 ⫘
Features ⫘
New Taegis™ XDR Endpoint Agent for macOS Now Available ⫘
Taegis Endpoint Agent for macOS version 1.0.43 is now available. For more information, see Taegis™ Agent Changelog.
Fixes ⫘
Some Reports Run at the Wrong Time ⫘
Some reports were running 12 hours off. This has been corrected.
Can’t See Time Zone on Report Configuration ⫘
Browser scrolling was preventing display of the time zone selector in the report scheduling panel of the report creator. This has been fixed.
Select All Not Allowed in Agent Details ⫘
The option to add all alerts to an existing investigation is once again available from the Agent Details view.
Alerts Panel Username List ⫘
The Alerts Panel username list was not always refreshing correctly. This has been corrected.
Secureworks® Taegis™ XDR 3.1.11.1 ⫘
Monday, October 17th, 2022 ⫘
Features ⫘
New Taegis™ XDR Endpoint Agent for Windows Now Available ⫘
Taegis Endpoint Agent for Windows version 1.0.24 is now available. For more information, see Taegis™ Agent Changelog.
Secureworks® Taegis™ XDR 3.1.11 ⫘
Thursday, October 13th, 2022 ⫘
Features ⫘
Native Crowdstrike Integration Now Available ⫘
XDR now makes use of Crowdstrike’s Falcon Data Replicator to provide built-in integration. This native integration provides deeper support for EDR tenant deployments both in the U.S. and EU regions. It also greatly improves the telemetry data ingested into XDR, minimizes telemetry ingestion times, and simplifies onboarding to XDR. For more information, see Crowdstrike.
New Taegis™ XDR Endpoint Agent for Windows Now Available ⫘
Taegis Endpoint Agent for Windows version 1.0.22 is now available. For more information, see Taegis™ Agent Changelog.
Copy Process Trees as Text ⫘
You can now copy a process tree as text to paste in other locations as needed. For more information, see View an Alert’s Process Tree.
Edit Investigations ⫘
When editing an investigation, you are now prompted to confirm discarding changes without saving when navigating away in the app, refreshing the page, or closing the tab. For more information, see Investigation Key Findings.
Filter Playbook History Tables ⫘
You can now filter Playbook History tables using multiple execution state filters at a time. For more information, see Playbook History.
Fixes ⫘
Investigation Scrollbar Disappearing ⫘
When editing an investigation, opening the comments resulted in the Key Findings section scrollbar disappearing. This has been fixed.
Secureworks® Taegis™ XDR 3.1.10 ⫘
Thursday, October 6th, 2022 ⫘
Features ⫘
Cloud Recon to Change Detector ⫘
The Cloud Recon to Change Detector, now available in XDR, identifies unusual exfiltration of AWS RDS data by a user by correlating anomalous behaviors for multiple event names, across different categories of event name, to alert malicious activity with higher confidence. For more information, see Cloud Recon to Change Detector.
Alert Summary Report Template in Preview ⫘
For users opted in to Preview mode, you can now create Alert Summary Reports from a predefined template. For more information, see Alert Summary Report.
Investigation Comment Improvements ⫘
When mentioning someone in a comment (@username
), previously mentioned users now float to the top of the user list. For ManagedXDR subscribers, @Secureworks
does too. For more information, see Investigation Comments.
Fixes ⫘
API Key Authentication ⫘
When creating a new connection, the UI was not accepting entries in the ’Query Param’ field when using the API Key authentication type. This has been fixed.
Secureworks® Taegis™ XDR 3.1.9 ⫘
Thursday, September 22nd, 2022 ⫘
Feature ⫘
Create Share Link for Automations ⫘
You can now generate a direct share link for the following aspects of Automations to provide to other tenant users or to Secureworks support: playbook instances, playbook executions, playbook templates, connections, and connectors.
Fixes ⫘
Download Agents Button ⫘
The Download Agents button was missing from Manage Endpoints in XDR for some authorized users. This has been fixed.
Red Cloak Endpoint Bios Serial ⫘
From Red Cloak Agent Details in XDR, double clicking the Bios Serial entry resulted in an incorrect value being copied. This has been fixed.
Alert Severities Not Rounded ⫘
Alert Severities in alert panels and alert details are now rounded down to two digits.
Create Suppression Rules ⫘
When creating a suppression rule from an alert, rearranging the entities on the left resulted in the entities no longer being able to be added to the rule. This has been fixed.
Duplicate Alerts Added to New Investigations ⫘
New investigations created with duplicate alerts resulted in these duplicates remaining in a loading state in the Evidence > Alerts tab of the investigation. This has been fixed.
Docs ⫘
Detector Overview ⫘
A new column has been added to Detector Overview that indicates whether or not the detector can be searched using underlying events.
Secureworks® Taegis™ XDR 3.1.8 ⫘
Tuesday, September 20th, 2022 ⫘
Feature ⫘
Investigation Audit Logs Table ⫘
Investigation Audit Logs tables found in the Evidence → History tabs of investigation details can now be filtered by date range. For more information, see Investigation Evidence.
Fixes ⫘
Mimecast Integration ⫘
When adding a Mimecast integration, the Secret Key field could not be revealed by using the Show Secret Key icon. This has been fixed.
View Pivot Search in Advanced Search ⫘
Pivot searches using the URI Query field from HTTP events could not be opened using the View in Advanced Search option from the pivot search. This has been fixed.
Secureworks® Taegis™ XDR 3.1.7 ⫘
Thursday, September 8th, 2022 ⫘
Features ⫘
Investigation Attachments ⫘
Investigations now support file attachments up to 2GB. For more information, see Investigation Evidence.
SA Certificates for On-Prem Connections ⫘
Automation connections now support self-signed certificates for on-premise configurations. For more information, see Configure an Automation Connector for Use On-Premise.
Escaped Regex in Alert Suppression Rules ⫘
When dragging-and-dropping entities to create alert suppression rules, regular expressions are now escaped automatically. For more information, see Create a Suppression Rule from an Alert.
Application Certificate Expirations ⫘
Applications installed on data collectors (such as eStreamer, Splunk, and TLS Enabled Syslog) now display the certificate expiration date. Hover over the word ’Installed’ to view it. For more information, see Manage Data Collector Applications.
Fixes ⫘
Affected Agents ⫘
Impacted Taegis Agents now appear in the Affected Agents section of alert details.
Default Rate Limit ⫘
The default rate limit on playbook templates was causing errors. This has been fixed.
Cloud APIs Table ⫘
Columns in the table of Cloud APIs now sort as expected.
Detector Documentation Links ⫘
Several documentation links from detector details were broken. These have been fixed.
Secureworks® Taegis™ XDR 3.1.6 ⫘
Thursday, September 1st, 2022 ⫘
Feature ⫘
Alert Group Key ⫘
Detectors may now use the alert group key to create one alert per key within a specified time window. These group keys are intended to deduplicate alerts which are primarily identical, except for timestamp and other non-consequential fields. For more information, see Alert Group Key.
Secureworks® Taegis™ XDR 3.1.5 ⫘
Wednesday, August 31st, 2022 ⫘
Feature ⫘
Netskope SSE Integration Added ⫘
XDR can now ingest and normalize Netskope Security Service Edge (SSE) data, enabling XDR to provide a more holistic view of threats and business risks. For more information, see Netskope SSE.
Docs ⫘
Okta Integration Update ⫘
The Okta Integration has been updated to clarify the privileges and scope required for integration with XDR. For more information, see Set up Okta Integration.
NXLog Template Updated ⫘
The NXLog template has been updated to version 1.4 and is now defaulted for 64 bit. Older 32 bit Nxlog versions can use this template with some modifications, which are noted in the template. This update also adds several troubleshooting sections. For more information, see NXLog Template Downloads.
Secureworks® Taegis™ XDR 3.1.4 ⫘
Thursday, August 25th, 2022 ⫘
Fixes ⫘
Automation Playbooks Lost ⫘
A bug was fixed that forced users working on automation playbooks to lose their progress due to the XDR update button obscuring the save button.
Investigation Names ⫘
The capitalization of some investigation names was being overridden in some areas of the UI. This has been fixed.
Secureworks® Taegis™ XDR 3.1.3 ⫘
Thursday, August 18th, 2022 ⫘
Fixes ⫘
Reassign Investigation ⫘
Tenant Analysts did not have the option to reassign an investigation to the entire tenant. This has been fixed.
Select Events from Search Results ⫘
Selected events from the results of a multi-schema search were being deselected when additional events were loaded upon scrolling through the results. This has been fixed.
Docs ⫘
Google Common Expression Language Documentation ⫘
Reference documentation has been added for CEL macros. XDR supports some Google Common Expression Language (CEL) macros for use in its Automations platform, including with playbooks. This enables data manipulation and evaluation within connectors and templates. Many of the CEL macros are built-in, but some have been custom built to address common problems. For more information, see Common Expression Language Macros. Some of the macros are specifically for working with alerts data.
Secureworks® Taegis™ XDR 3.1.2 ⫘
Thursday, August 11th, 2022 ⫘
Features ⫘
Alerts API Transition Complete ⫘
The Alerts API transition that began in May has officially been completed. As of today, the legacy APIs related to alert search, retrieval, and resolving have been removed from Taegis XDR. Use of these legacy APIs is no longer supported. For supported APIs, see Getting Started with the Alerts GraphQL API.
Threat Intelligence Flags ⫘
We’ve added red flags to IP address fields on Alert Details to indicate where Threat Intelligence alert enrichment is available. For more information about viewing the alert enrichment, see Threat Intelligence Alert Enrichment.
Fixes ⫘
Cisco IOS IP Addresses ⫘
Source IPs for Cisco IOS events were not matching the normalized source addresses. This has been fixed.
Alert Suppression Rules ⫘
Alert suppression rules were not disabling properly for some users. This has been fixed.
Secureworks® Taegis™ XDR 3.1.1 ⫘
Friday, August 5th, 2022 ⫘
Fixes ⫘
Wrong CSV of Scheduled Report Downloads ⫘
On some tenants the wrong csv file of a scheduled report would download. This has been corrected.
Advanced Search Event Preview Showing Nonexistent Field ⫘
Fields not relevant to the specified search no longer appear in the advanced search event preview.
Timeline View For Related Events Scrolling ⫘
The Timeline View has been updated so that newly loaded data doesn’t force scroll back to the top.
Secureworks® Taegis™ XDR 3.1 ⫘
Tuesday, August 2nd, 2022 ⫘
Features ⫘
New Taegis™ XDR Endpoint Agent Now Available ⫘
The new Taegis Endpoint Agent is now available. Existing customers will be upgraded on a rolling basis to account for service upgrade considerations that need to be addressed for successful migration. Look for a message in XDR in the Endpoints section with further details on how to sign up to upgrade to the new agent. For more information, see Taegis Endpoint Agent Introduction.