Cisco and Third-Party Integrations and Supported Capabilities

Cisco and third-party integrations provide various capabilities to Cisco XDR, leveraging the information available in the integrated product. The following is a list of the various capabilities:

Note: The threat intelligence and IT Service Management (ITSM) third-party integrations are included with the Cisco XDR Essentials licensing tier and all other third-party integrations require Cisco XDR Advantage or Cisco XDR Premier licensing tier. For details, see the Minimum Cisco XDR Licensing Tier Required column in the table below. You can view your organization's licensing tier on the My Account page. For more information on the licensing tiers, see Cisco XDR Licenses.

  • Detection Analytics and Correlation - Logs and security events from the integrated product are ingested into the data warehouse and are correlated and analyzed using artificial intelligence and machine learning to create actionable Cisco XDR incidents.

  • Threat Hunting and Investigation - In response to queries from Cisco XDR during investigations, the integrated product can report sightings, reputations, and other information about the queried observables to include and display in Cisco XDR's investigation results. For example, "file hash a03e[...] was seen on endpoint sdf-01 at 2023-01-23 13:45:32 and initiated a connection to <domain>" or "file hash a03e[...] is rated Malicious".

  • Dashboard Tiles - Products may provide tiles showing metrics of usage, prevention, and other system performance indicators. The tiles are displayed on the Control Center page. By default, the Overview dashboard displays incident details, such as a list of unassigned incidents and the number of incidents reported by sources. You can create additional dashboards and tiles depending on the products integrated within your organization. For more information on adding new tiles, see Configure Dashboards and Tiles and for a list of available tiles, see Default Tiles and Integration Tiles.

  • Asset Insights and Context - Inventory provides you with a unified view of the devices and/or users in your organization by consolidating inventories from the products you have integrated with Cisco XDR. These integrations can report inventory and system data to Assets to contribute to that holistic view in order to better identify vulnerabilities, prevent threats, and prioritize remediations. See Sources for more information on sources in Assets.

  • Automation and Response

    • Controls and Responses - In response to queries from Cisco XDR during investigations, in rendering Pivot menus, or via Automation, the integrated product can provide links to enact its responses or controls on or about the queried observable(s). For example, "add file hash a03e[...] to blocklist".

    • Security Operations Center (SOC) Automation - The integrated product can be leveraged in Automation using Cisco-provided atomics and/or workflows.

      Note: Products with a No in this column may also be used in Automation but these objects would need to be created by the user.

The following table provides a list of the Cisco and third-party integrations and the capabilities supported by each integration, along with the licensing requirements and links to access more information on the product integrations with Cisco XDR:

Integration

Minimum Cisco XDR Licensing Tier Required

Detection Analytics and Correlation

Threat Hunting and Investigation

Dashboard Tiles

Asset Insights and Context

Automation and Response

Controls and Responses

  Security Operations Center (SOC) Automation

Cisco Integrations
Attack Surface Management Essential No No Yes No No No
Cisco Defense Orchestrator Essential No No Yes No No Yes
Cisco Duo Essential No No No Yes Yes Yes
Cisco Meraki Essential Yes No No No No No
Cisco Secure Access Essential No Yes Yes No No No
Cisco Threat intelligence API Essential No Yes Yes No Yes No
Cisco Vulnerability Management Essential No No No No No Yes
Cyber Vision Essential No No No Yes No No
Meraki Essential No No No Yes Yes Yes
Orbital Essential No Yes No Yes Yes Yes
Secure Cloud Analytics Essential Yes Yes Yes No No Yes
Secure Email Appliance Essential No Yes Yes No No Yes

Secure Email Threat Defense

Essential Yes Yes Yes No No No
Secure Email and Web Manager Essential No Yes Yes No No No
Secure Endpoint Essential Yes Yes Yes Yes Yes Yes
Secure Firewall Essential Yes Yes Yes No Yes Yes
Secure Malware Analytics Essential No Yes Yes No No Yes
Secure Network Analytics Essential Yes Yes Yes No Yes Yes
Secure Web Appliance Essential No Yes Yes No Yes No
Secure Workload Essential No No Yes No No No

Splunk Cloud

Essential No No No No No Yes
Umbrella Essential No Yes Yes Yes Yes Yes

Webex

Essential No No No No No Yes

Third-Party Integrations

Note: Legacy third-party integrations that are not listed in this table may still work but they are not officially supported in Cisco XDR.

AbuseIPDB IPChecker

Essential No Yes No No No No

AlienVault Open Threat Exchange

Essential

No Yes No No No No

Check Point Quantum Smart-1 Cloud

Advantage No Yes No No Yes Yes

Cohesity Data Cloud

Advantage No No No No Yes Yes
CrowdStrike Advantage Yes Yes No Yes Yes Yes
Cybereason Advantage No Yes No Yes Yes Yes
Darktrace /NETWORK Advantage No Yes No No Yes Yes

Elastic Cloud

Advantage No No No No No Yes

ExtraHop Reveal(x) 360

Advantage No No No No Yes Yes

Ivanti Neurons for MDM

Advantage No No No Yes No Yes

Jamf Pro

Advantage No No No Yes No Yes

Jira Cloud

Essential

No No No No No Yes
Microsoft Entra ID Advantage No No No Yes Yes Yes
Microsoft Defender for Endpoint Advantage Yes Yes No Yes Yes Yes
Microsoft Defender for Office 365 Advantage Yes Yes No No Yes Yes
Microsoft Graph Security API Advantage No Yes No No No No

Microsoft Intune

Advantage No No No Yes No Yes

MISP

Essential No Yes No No No No

PagerDuty

Advantage No No No No No Yes

Palo Alto Networks Firewalls with Cortex Logging

Advantage No Yes No No No No

Palo Alto Networks Cortex XDR

Advantage No Yes No Yes Yes Yes

Proofpoint Threat Protection

Advantage Yes No No No No No

Radware Cloud DDoS Protection Service

Advantage No Yes No No No No

Radware Cloud WAF Service

Advantage No Yes No No Yes No

Red Sift Pulse

Essential No Yes No No No No

Rubrik Security Cloud

Advantage No No No No Yes Yes
SentinelOne Advantage No Yes No Yes Yes Yes

ServiceNow

Essential No No No Yes No Yes

Shodan

Essential No Yes No No No No

Slack

Advantage No No No No No Yes

Threatscore

Essential No Yes No No No No

Trend Vision One

Advantage No Yes No Yes Yes Yes

urlscan.io

Essential No Yes No No Yes No

VirusTotal

Essential No Yes No No No No

VMWare Workspace One UEM

Advantage No No No Yes No No

xMatters

Advantage No No No No No Yes

Zendesk

Essential No No No No No Yes