Cisco and Third-Party Integrations and Supported Capabilities
Cisco and third-party integrations provide various capabilities to Cisco XDR, leveraging the information available in the integrated product. The following is a list of the various capabilities:
Note: The threat intelligence and IT Service Management (ITSM) third-party integrations are included with the Cisco XDR Essentials licensing tier and all other third-party integrations require Cisco XDR Advantage or Cisco XDR Premier licensing tier. For details, see the Minimum Cisco XDR Licensing Tier Required column in the table below. You can view your organization's licensing tier on the My Account page. For more information on the licensing tiers, see Cisco XDR Licenses.
-
Detection Analytics and Correlation - Logs and security events from the integrated product are ingested into the data warehouse and are correlated and analyzed using artificial intelligence and machine learning to create actionable Cisco XDR incidents.
-
Threat Hunting and Investigation - In response to queries from Cisco XDR during investigations, the integrated product can report sightings, reputations, and other information about the queried observables to include and display in Cisco XDR's investigation results. For example, "file hash a03e[...] was seen on endpoint sdf-01 at 2023-01-23 13:45:32 and initiated a connection to <domain>" or "file hash a03e[...] is rated Malicious".
-
Dashboard Tiles - Products may provide tiles showing metrics of usage, prevention, and other system performance indicators. The tiles are displayed on the Control Center page. By default, the Overview dashboard displays incident details, such as a list of unassigned incidents and the number of incidents reported by sources. You can create additional dashboards and tiles depending on the products integrated within your organization. For more information on adding new tiles, see Configure Dashboards and Tiles and for a list of available tiles, see Default Tiles and Integration Tiles.
-
Asset Insights and Context - Inventory provides you with a unified view of the devices and/or users in your organization by consolidating inventories from the products you have integrated with Cisco XDR. These integrations can report inventory and system data to Assets to contribute to that holistic view in order to better identify vulnerabilities, prevent threats, and prioritize remediations. See Sources for more information on sources in Assets.
-
Automation and Response
-
Controls and Responses - In response to queries from Cisco XDR during investigations, in rendering Pivot menus, or via Automation, the integrated product can provide links to enact its responses or controls on or about the queried observable(s). For example, "add file hash a03e[...] to blocklist".
-
Security Operations Center (SOC) Automation - The integrated product can be leveraged in Automation using Cisco-provided atomics and/or workflows.
Note: Products with a No in this column may also be used in Automation but these objects would need to be created by the user.
-
The following table provides a list of the Cisco and third-party integrations and the capabilities supported by each integration, along with the licensing requirements and links to access more information on the product integrations with Cisco XDR:
|
Integration |
Minimum Cisco XDR Licensing Tier Required |
Detection Analytics and Correlation |
Threat Hunting and Investigation |
Dashboard Tiles |
Asset Insights and Context |
Automation and Response |
|
|---|---|---|---|---|---|---|---|
|
Controls and Responses |
Security Operations Center (SOC) Automation |
||||||
| Cisco Integrations | |||||||
| Attack Surface Management | Essential | No | No | Yes | No | No | No |
| Cisco Defense Orchestrator | Essential | No | No | Yes | No | No | Yes |
| Cisco Duo | Essential | No | No | No | Yes | Yes | Yes |
| Cisco Meraki | Essential | Yes | No | No | No | No | No |
| Cisco Secure Access | Essential | No | Yes | Yes | No | No | No |
| Cisco Threat intelligence API | Essential | No | Yes | Yes | No | Yes | No |
| Cisco Vulnerability Management | Essential | No | No | No | No | No | Yes |
| Cyber Vision | Essential | No | No | No | Yes | No | No |
| Meraki | Essential | No | No | No | Yes | Yes | Yes |
| Orbital | Essential | No | Yes | No | Yes | Yes | Yes |
| Secure Cloud Analytics | Essential | Yes | Yes | Yes | No | No | Yes |
| Secure Email Appliance | Essential | No | Yes | Yes | No | No | Yes |
|
Secure Email Threat Defense |
Essential | Yes | Yes | Yes | No | No | No |
| Secure Email and Web Manager | Essential | No | Yes | Yes | No | No | No |
| Secure Endpoint | Essential | Yes | Yes | Yes | Yes | Yes | Yes |
| Secure Firewall | Essential | Yes | Yes | Yes | No | Yes | Yes |
| Secure Malware Analytics | Essential | No | Yes | Yes | No | No | Yes |
| Secure Network Analytics | Essential | Yes | Yes | Yes | No | Yes | Yes |
| Secure Web Appliance | Essential | No | Yes | Yes | No | Yes | No |
| Secure Workload | Essential | No | No | Yes | No | No | No |
| Essential | No | No | No | No | No | Yes | |
| Umbrella | Essential | No | Yes | Yes | Yes | Yes | Yes |
| Essential | No | No | No | No | No | Yes | |
|
Third-Party Integrations Note: Legacy third-party integrations that are not listed in this table may still work but they are not officially supported in Cisco XDR. |
|||||||
|
AbuseIPDB IPChecker |
Essential | No | Yes | No | No | No | No |
|
AlienVault Open Threat Exchange |
Essential |
No | Yes | No | No | No | No |
|
Check Point Quantum Smart-1 Cloud |
Advantage | No | Yes | No | No | Yes | Yes |
|
Cohesity Data Cloud |
Advantage | No | No | No | No | Yes | Yes |
| CrowdStrike | Advantage | Yes | Yes | No | Yes | Yes | Yes |
| Cybereason | Advantage | No | Yes | No | Yes | Yes | Yes |
| Darktrace /NETWORK | Advantage | No | Yes | No | No | Yes | Yes |
|
Elastic Cloud |
Advantage | No | No | No | No | No | Yes |
|
ExtraHop Reveal(x) 360 |
Advantage | No | No | No | No | Yes | Yes |
|
Ivanti Neurons for MDM |
Advantage | No | No | No | Yes | No | Yes |
|
Jamf Pro |
Advantage | No | No | No | Yes | No | Yes |
|
Jira Cloud |
Essential |
No | No | No | No | No | Yes |
| Microsoft Entra ID | Advantage | No | No | No | Yes | Yes | Yes |
Microsoft Defender for Endpoint  |
Advantage | Yes | Yes | No | Yes | Yes | Yes |
| Microsoft Defender for Office 365 |
Advantage | Yes | Yes | No | No | Yes | Yes |
| Microsoft Graph Security API | Advantage | No | Yes | No | No | No | No |
|
Microsoft Intune |
Advantage | No | No | No | Yes | No | Yes |
|
MISP |
Essential | No | Yes | No | No | No | No |
|
PagerDuty |
Advantage | No | No | No | No | No | Yes |
|
Palo Alto Networks Firewalls with Strata Logging Service |
Advantage | No | Yes | No | No | No | No |
|
Palo Alto Networks Cortex XDR |
Advantage | No | Yes | No | Yes | Yes | Yes |
|
Proofpoint Threat Protection |
Advantage | Yes | No | No | No | No | No |
|
Pulsedive |
Essential | No | Yes | No | No | No | No |
|
Radware Cloud DDoS Protection Service |
Advantage | No | Yes | No | No | No | No |
|
Radware Cloud WAF Service |
Advantage | No | Yes | No | No | Yes | No |
|
Red Sift Pulse |
Essential | No | Yes | No | No | No | No |
|
Rubrik Security Cloud |
Advantage | No | No | No | No | Yes | Yes |
| SentinelOne | Advantage | No | Yes | No | Yes | Yes | Yes |
|
ServiceNow |
Essential | No | No | No | Yes | No | Yes |
|
Shodan |
Essential | No | Yes | No | No | No | No |
|
Slack |
Advantage | No | No | No | No | No | Yes |
|
Threatscore |
Essential | No | Yes | No | No | No | No |
|
Trend Vision One |
Advantage | No | Yes | No | Yes | Yes | Yes |
|
urlscan.io |
Essential | No | Yes | No | No | Yes | No |
|
VirusTotal |
Essential | No | Yes | No | No | No | No |
|
VMWare Workspace One UEM |
Advantage | No | No | No | Yes | No | No |
|
xMatters |
Advantage | No | No | No | No | No | Yes |
|
Zendesk |
Essential | No | No | No | No | No | Yes |
Secure Cloud Analytics
The following is a list of integrations you can configure in Cisco Secure Cloud Analytics (now a part of Cisco XDR) to collect telemetry for detection analytics and correlation in Cisco XDR:
-
Amazon Web Services
-
Cisco Attack Surface Management
-
Cisco Identity Services Engine
-
Cisco Meraki
-
Cisco Umbrella
-
Google Cloud Platform
-
Kubernetes
-
Microsoft Azure
For information on how to configure integrations in Secure Cloud Analytics, see Secure Cloud Analytics Documentation.