• Secure Workload agents now detect and report the flows initiated by workloads requesting connection to the HTTPS proxy. The Investigate > Traffic page is enhanced to showcase both the direct flow from the workload to the proxy and the effective tunneled flow from the workload to the remote FQDN/Address. These two flows are now linked as Related, providing comprehensive visibility into network activities.

  For more information, see Visibility in Proxied Flows.

• Simplified workflow for the mapping of Scope to Access Control Policies for Secure Firewall Management Center (FMC) and Firepower Threat Defense (FTD) enforcement. The enhanced API integration marks the decoupling of Segmentation and Virtual Patching workflows.

  For more information, see the Cisco Secure Workload and Secure Firewall Management Center Integration Guide.

• You can now combine multiple search attributes using both AND and OR operators for a more refined search experience on the Investigate -> Alerts page. Other enhancements include:

  • Introduction of Alert Name field: A new field, Alert Name, is introduced to facilitate a structured approach to alert management, allowing you to assign unique names to alerts.

  • Introduction of drop-down for Alert Type: A new drop-down, Alert Type, is introduced in the Alerts – Configs page to facilitate quick filtering.

  • Icon Update: The configuration of alerts can now be initiated by selecting the new + icon on the Alerts – Configs page.

  For more information, see Configure Alerts.

• You can now prevent older versions of software agents from registering with the cluster or being installed using the installer script. This is controlled with a configuration under the platform cluster configuration. This enhancement ensures that only new versions of software agents can be installed and prevents the installation of agents with deprecated versions.

  For more information, see Disable Download and Registration of Unsupported Agents.

• You can manage and track the inventory of workloads, devices, and resources within the network, as well as the associated labels and subnets.

  For more information, see Rules for Creating Inventory Filters.

• As a network administrator, you can configure to display the names of the consumer or provider that is associated with the network flows. Secure Workload agents now capture user information for network flows that lasts longer than a minimal duration, providing a comprehensive view of the network activity.

  For more information, see Create an Agent Configuration Profile.

• It is now possible to insert multiple connectors of the same type in the Ingest Appliances. For example, you can add three NetFlow Connectors to a single Appliance.

• Enhancements to the Secure Connector functionality to elevate Monitoring, Alerts, and debugging capabilities:

  Note	We strongly recommend upgrading the Secure Connector if the version is older than 3.8.

• Optimized VM allocation logic on M6 hardware for deterministic allocation and maximize resource utilization.

  Note

  Upgrades do not initiate VM rebalancing or movement. An M6 cluster initially deployed with Cisco Secure Workload release 3.8.x will not benefit from the optimized VM allocation strategy introduced in this release. To utilize the new VM allocation strategy and achieve maximum resource utilization, you must perform a complete redeployment of the cluster with Cisco Secure Workload version 3.9.1.1.

• In the dual-stack connectivity mode, Secure Workload clusters now support the Data Backup and Restore feature.

• To perform a failover, you can now get the health status of the secondary cluster and the status of the prerestore checks. This helps you to resolve any issues before restoring the data to the secondary cluster.

  For more information, see Restore Data.

• The enhanced UI of the Data Backup and Restore feature on the secondary node offers detailed information about the health of the standby cluster, indicating whether a restore can be initiated and enabling you to track the restore process progress in detail.

• When a node is deployed as standby in the Platform > Data Restore page, after the presentation of the storage configuration, conduct a storage test. Upon clicking Next, the page displays the storage configuration page once more. To proceed to the Prechecks page with the tested storage configuration, either refresh the page or click Platform > Data Restore again.

• Power-off and power-on actions on the server hosting the namenode-1 VM can impact the health of the Orchestrator Inventory Manager service. In such cases, restart the service to recover.

• Secure Workload agent on Windows workloads is now defined by a single service named CswAgent, replacing the previous TetSensor and Tetenforcer services. The update streamlines agent service control, eliminates redundant engine processes, and ensures consistency with the Unix Single Agent Service introduced in Secure Workload Release 3.8.1.1.

• The firewall rules for Secure Workload agent programs, ensuring their communication with the CSW cluster (golden rules), now employ a new semantic structure. On Windows workloads, they actively match on application names, while on Linux and Solaris, they actively match on usernames. The rules for AIX remain unchanged.

• The default value for the Memory Quota Limit for Process Visibility and Forensics in Agent Config Profile is increased to 512 MB.

• The Stats graph in Workload Profile > Stats now accurately displays the current memory usage for Host Visibility and Forensics' Memory Overhead, resolving the issue of showing peak memory usage.

• To execute a software upgrade, it is essential to stage all required RPMs on the cluster. Installation of the new software is possible only after all necessary RPMs are staged. For more information, see the Cisco Secure Workload Upgrade Guide.

• The node running the Hadoop Namenode VM no longer requires manual switchover in the event of failures. The introduction of Namenode HA configuration changes the system's behavior, enabling automatic failover to the standby Namenode without any need for manual intervention.

For information about supported operating systems, external systems, and connectors for Secure Workload agents, see the Compatibility Matrix.

The following tables provide the scalability limits for Cisco Secure Workload (39RU), Cisco Secure Workload M (8RU), and Cisco Secure Workload Virtual (VMWare ESXi).

Note	The supported scale is based on the parameter that reaches the limit first.

The resolved and open issues for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about issues and vulnerabilities in this product and other Cisco hardware and software products.

Note	You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, register for an account.

For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.

If you cannot resolve an issue using the online resources listed above, contact Cisco TAC:

• Email Cisco TAC: tac@cisco.com

• Call Cisco TAC (North America): 1.408.526.7209 or 1.800.553.2447

• Call Cisco TAC (worldwide): Cisco Worldwide Support Contacts