Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Threat Response - Release Notes

1.43 Features and Updates

First Released to Threat Response on 3/4/2020

  • Relations Graph Enhancement - rearranged nodes will keep their position after a snapshot is taken and when it is opened

1.42 Features and Updates

First Released to Threat Response on 2/19/2020

  • No new user-facing features
  • Updates to Help include: Resources (now includes a link to Threat Response Data sheet), Modules

1.41 New Features and Updates

First Released to Threat Response on 2/5/2020

1.40 Web Security and Orbital Advanced Search Integration. New Features

First Released to Threat Response on 1/22/2020

  • Web Security Integration: enrich investigations with web security context and visibility into connections with unsafe or suspicious websites
  • Web Security Integration is available via Security Management Appliance (SMA) or with Web Security Appliance (WSA)
  • Orbital Advanced Search Integration: reference module for custom queries across any endpoints that uses OSquery technology
  • Request Timeframe Field Added to SMA Modules to query a smaller time window than the default 30 days.
  • Node filtering in Relations Graph–allows to filter by disposition and type to narrow the display of the investigation results
  • Fullscreen Mode and Zoom to Fit - new icons allow to view Relations Graph in fullscreen mode or zoom to fit the screen
  • Resize Pane Height - new icon in Stacked Layout to increase or decrease the Relations Graph pane height
  • Updates to Help include: About Threat Response, Umbrella Modules, Orbital Module, SMA Web Module, Web Appliance Module

1.39 Stealthwatch Enterprise Integration. New Features and Updates

First Released to Threat Response on 12/11/2019

  • Stealthwatch Enterprise Integration: use the power of Stealthwatch advanced network analytics to enrich all investigations in Threat Response
  • Stealthwatch Alarms in Incident Manager: further investigate high-fidelity alarms at multiple layers in an attack’s trajectory
  • Node Aggregation: simplified view of the Relations Graph through aggregating nodes of identical type, disposition, and relationships. More here
  • Enhancements to the Intelligence page include ability to create, edit, and delete private indicators. See the Indicators Help topic
  • Added shortcut to Find Observables to an optional toolbar when you hover over the Casebook widget. The toolbar can be enabled or disabled here
  • Create Judgement menu item was added to the Pivot menu to create a judgement for an observable and associate it with indicators
  • Updates to Help include: Stealthwatch Enterprise Module, Incidents - Stealthwatch , Node Aggregation , Indicators , Casebooks and Pivot Menus

1.38 Fixes and Updates

First Released to Threat Response on 11/27/2019

1.37 Fixes and Updates

First Released to Threat Response on 11/13/2019

  • Updated Cisco Threat Response user interface: new Intelligence page
  • Updated Help to include new topic on Intelligence page, and the addition of Resources topic

1.36 Direct integration with Email Security Appliance. Fixes and Updates

First Released to Threat Response on 10/30/2019

  • Updated user interface: new Module configuration pages
  • Added Color Theme enhancement to user interface allowing for selection of background color (Default for light, and Dusk for dark background)
  • Added direct integration with Cisco Email Security Appliance (without the use of SMA). See Email Security Appliance Module
  • Updated Help menu with a topic for What's New describing changes in the Help and Release Notes.

1.35 Fixes and Updates

First Released to Threat Response on 10/16/2019

  • Target Unification: updated relations graph by unifying target nodes from the same module based on their strong identifiers ("observables")
  • API errors and warnings encountered during investigation are displayed under Alerts in the Investigate View. Details here
  • Updates to the Help topics to improve usability: Modules, Umbrella Module, Browser Plugins, Settings, Threat Response APIs

1.34: No user-related fixes or updates

First Released to Threat Response on 10/02/2019

  • No user-related fixes or updates

1.33: Fixes and Updates

First Released to Threat Response on 08/21/19

  • CTIA API Swagger pages updated to version 3
  • Support for the ipv6 observable type added to the SMA Email module
  • Target Unification renamed to Target Observable Aggregation to reflect the changes to target and observable display. More here
  • Fixed video links in the Quick Start and Modules Help topics, added a link to Cisco Threat Response Module Matrix

1.32: No user-related fixes or updates

First Released to Threat Response on 09/04/2019

  • No user-related fixes or updates

1.31 Fixes and Updates

First Released to Threat Response on 09/18/2019

  • Target Unification: improved usability of the relations graph by simplifying the view of the target and observable icons
  • Improved performance to speed up graph rendering and clarity

1.30: Fixes and updates

First released to Threat Response on 08/07/19

  • Enhanced URL extraction with support for trailing "\" and "=" characters
  • Improved responsiveness of Edit Investigation box when complex investigations are in progress

1.29: Firepower and Security Management Applicance (SMA) Email enrichment modules, now available in EU instance

First released to Threat Response on 7/24/19

  • SMA Email module provides a more robust approach to email security (see SMA Help)
  • Firepower module correlates intrusion events from Firepower devices with enrichment from other Cisco Security products
  • Incident Manager collects prioritized incident data by triaging and investigating curated, high-urgency intrusion events

1.28: No user-related fixes or updates

First released to Threat Response on 7/10/19

1.27: Firepower integration available in North America

First released to Threat Response on 6/26/19

  • Firepower module correlates intrusion events from Firepower devices with enrichment from other Cisco Security products
  • Incident Manager collects prioritized incident data by triaging and investigating curated, high-urgency intrusion events
  • New online help topics for the Incident Manager and Firepower module: Incidents, Firepower Incidents, Firepower Module

1.26: New Host Isolation feature in AMP for Endpoints Investigate module

First released to Threat Response on 06/12/19

  • Isolation feature allows blocking network activity to prevent threats from propagating (see Endpoint Isolation)
  • New Help topics with links to Universal Cloud Agreement, Privacy Data Sheet, and Support contact info: Terms, Privacy, Support
  • Improved support: added dropdown links to the Help navigation menu

1.25: Configurable timeframe for DNS requests and other fixes and updates

First released to Threat Response on 5/29/19

1.24: Fixes and updates

First released to Threat Response on 5/15/19

1.23: Early field trials for NGFW; Integration and Sightings updates

First released to Threat Response on 5/1/19

  • Incident manager and Firewall support are in the second stage of early field trials
  • Additional context around Sightings: two new fields added to Sightings schema: data and sensor_coordinates. See CTIM
  • Improved pagination in all tables
  • New columns in Sightings table in the Observable panel on Investigate page: Severity, Details, Resolution, Sensor
  • New columns in Sightings table on Intelligence page: Details, Resolution, Sensor

1.22: Instant access to Threat Response, now live in North America

First released to Threat Response on 4/17/19

  • Instant Access provides simpler access by allowing users to self-provision Cisco Security accounts
  • Support for non-admin users added to allow non-admins to log in to Threat Response via their Cisco Security or Threat Grid accounts
  • Admin users can manage any OAuth2 clients created by users in their organization
  • New Sorting functionality for Sightings in Observable panel on Investigate page based on the observed time
  • New Sorting functionality for Snapshots based on creator and date

1.21: Fixes and updates

First released to Threat Response on 4/3/19

  • User Flag feature added to AMP for Endpoints module to allow Threat Response to interact with AMP in the name of the user

1.20: General availability of SMA Email enrichment module in North America

First released to Threat Response on 3/20/19

  • SMA Email enrichment module made available for users in North America (more here)
  • Umbrella Reporting API module now returns up to 30 days of sightings instead of 15 (more at Umbrella Reporting)
  • New View Snapshot option in Actions dropdown on the Snapshots page

1.19: Improved first-time user experience through updates on the Investigate landing page

First released to Threat Response on 3/6/19

  • New, easily accessible tiles on Investigation page to improve navigation: Getting Started, My First Investigation, Need Help
  • New interface helps users configure modules, get access to library of information, and sign up for free product trials

1.18: Fixes and updates

First released to Threat Response on 2/20/19

  • New Download Snapshot option added to Actions menu on Snapshots page
  • New Snapshot feature at the top of Investigate page allows taking or uploading a snapshot

1.17: Fixes and updates

First released to Threat Response on 2/6/19

1.16: Fixes and updates

First released to Threat Response on 1/23/19

1.15: Fixes and updates

First released to Threat Response on 12/13/18

  • Beta period for the SMA integration with Cisco Threat Respose started
  • Talos reputation score added to the Judgement reason

1.14: Fixes and updates

First released to Threat Response on 11/28/18

1.13: Fixes and updates

First released to Threat Response on 11/14/18

  • Layout menu improved

1.12: Fixes and updates

First released to Threat Response on 11/1/18

  • API Client for Threat Response in beta version (see Documentation)
  • New Settings page added for managing modules and API clients
  • Improved error handling and reporting for the Umbrella module. Alerts include Umbrella API that generated an error
  • Umbrella module allows generating targets in Sightings from the Reporting API

1.11: Fixes and updates

First released to Threat Response on 10/17/18

  • No user-related fixes or updates

1.10: Fixes and updates

First released to Threat Response on 10/4/18

  • Detailed instructions and screenshots added to Umbrella module configuration tips

1.09: Fixes and updates

First released to Threat Response on 9/20/18

  • New Umbrella Reporting API functionality returns the most recent DNS requests and the top identities for destination endpoint
  • Umbrella API Token made optional
  • Magnifying Glass icon added to investigated observables to differentiate from others in Relations graph

1.08: Fixes and updates

First released to Threat Response on 9/5/18

  • The number of nodes in the Relations graph is displayed in the upper-left corner
  • Severity and Resolution fields added to Sightings in the Observables panel.