Default Targets

Various targets are created by default when an Automation instance is provisioned. This page lists some targets that you may see in Automation and includes some information about them.

This target is used for various Automation APIs including managing workflows, targets, and account keys.

  • Type - Cisco XDR

  • Protocol - HTTPS

  • Host -

    • North America: automate.us.security.cisco.com

    • Europe: automate.eu.security.cisco.com

    • Asia Pacific, Japan, and China: automate.apjc.security.cisco.com

  • Path - None

  • Account Key - None (uses the built-in Cisco XDR Token)

This target is used to fetch information about incidents and investigations.

  • Type - Cisco XDR

  • Protocol - HTTPS

  • Host -

    • North America: conure.us.security.cisco.com

    • Europe: conure.eu.security.cisco.com

    • Asia Pacific, Japan, and China: conure.apjc.security.cisco.com

  • Path - None

  • Account Key - None (uses the built-in Cisco XDR Token)

This target is used to fetch information about assets.

  • Type - Cisco XDR

  • Protocol - HTTPS

  • Host -

    • North America: insights-api.us.security.cisco.com

    • Europe: insights-api.eu.security.cisco.com

    • Asia Pacific, Japan, and China: insights-api.apjc.security.cisco.com

  • Path - /api

  • Account Key - None (uses the built-in Cisco XDR Token)

This target is used for various Platform APIs including inspection, enrichment, and response actions.

  • Type - Cisco XDR

  • Protocol - HTTPS

  • Host -

    • North America: visibility.amp.cisco.com

    • Europe: visibility.eu.amp.cisco.com

    • Asia Pacific, Japan, and China: visibility.apjc.amp.cisco.com

  • Path - /iroh

  • Account Key - None (uses the built-in Cisco XDR Token)

This target is used for various Playbook APIs.

  • Type - Cisco XDR

  • Protocol - HTTPS

  • Host -

    • North America: playbook.us.security.cisco.com

    • Europe: playbook.eu.security.cisco.com

    • Asia Pacific, Japan, and China: playbook.apjc.security.cisco.com

  • Path - None

  • Account Key - None (uses the built-in Cisco XDR Token)

This target is used to manage data in your private intelligence store such as incidents, sightings, and verdicts.

  • Type - Cisco XDR

  • Protocol - HTTPS

  • Host -

    • North America: private.intel.amp.cisco.com

    • Europe: private.intel.eu.amp.cisco.com

    • Asia Pacific, Japan, and China: private.intel.apjc.amp.cisco.com

  • Path - None

  • Account Key - None (uses the built-in Cisco XDR Token)

This target is used to fetch information about objects from Cisco XDR's global intelligence database.

  • Type - Cisco XDR

  • Protocol - HTTPS

  • Host -

    • North America: intel.amp.cisco.com

    • Europe: intel.eu.amp.cisco.com

    • Asia Pacific, Japan, and China: intel.apjc.amp.cisco.com

  • Path - None

  • Account Key - None (uses the built-in Cisco XDR Token)