Default Targets
Various targets are created by default when an Automation instance is provisioned. This page lists some targets that you may see in Automation and includes some information about them.
Automation APIs
This target is used for various Automation APIs including managing workflows, targets, and account keys.
-
Type - Cisco XDR
-
Protocol - HTTPS
-
Host -
-
North America: automate.us.security.cisco.com
-
Europe: automate.eu.security.cisco.com
-
Asia Pacific, Japan, and China: automate.apjc.security.cisco.com
-
-
Path - None
-
Account Key - None (uses the built-in Cisco XDR Token)
Conure APIs
This target is used to fetch information about incidents and investigations.
-
Type - Cisco XDR
-
Protocol - HTTPS
-
Host -
-
North America: conure.us.security.cisco.com
-
Europe: conure.eu.security.cisco.com
-
Asia Pacific, Japan, and China: conure.apjc.security.cisco.com
-
-
Path - None
-
Account Key - None (uses the built-in Cisco XDR Token)
Custom Security Events Ingest APIs
This target facilitates the ingestion of custom security events as detections, visible in Detection findings and considered for inclusion in Incidents.
-
Type - Cisco XDR
-
Protocol - HTTPS
-
Host -
-
North America: findings.us.security.cisco.com
-
Europe: findings.eu.security.cisco.com
-
Asia Pacific, Japan, and China: findings.apjc.security.cisco.com
-
-
Path - /api
-
Account Key - None (uses the built-in Cisco XDR Token)
Insights APIs
This target is used to fetch information about assets.
-
Type - Cisco XDR
-
Protocol - HTTPS
-
Host -
-
North America: insights-api.us.security.cisco.com
-
Europe: insights-api.eu.security.cisco.com
-
Asia Pacific, Japan, and China: insights-api.apjc.security.cisco.com
-
-
Path - /api
-
Account Key - None (uses the built-in Cisco XDR Token)
Orbital
This target allows your workflow to gather system and security information from networked devices in your organization with custom and catalog operating system queries, and respond to any threats found with catalog and custom python scripts.
Note: For new organizations, it may take up to 24 hours for Orbital to be listed as a default target.
-
Type - Orbital
-
Protocol - HTTPS
-
Host - orbital.amp.cisco.com
-
Path - /v0
-
Account Key - None (uses the built-in Cisco XDR Token)
Platform APIs
This target is used for various Platform APIs including inspection, enrichment, and response actions.
-
Type - Cisco XDR
-
Protocol - HTTPS
-
Host -
-
North America: visibility.amp.cisco.com
-
Europe: visibility.eu.amp.cisco.com
-
Asia Pacific, Japan, and China: visibility.apjc.amp.cisco.com
-
-
Path - /iroh
-
Account Key - None (uses the built-in Cisco XDR Token)
Playbook APIs
This target is used for various Playbook APIs.
-
Type - Cisco XDR
-
Protocol - HTTPS
-
Host -
-
North America: playbook.us.security.cisco.com
-
Europe: playbook.eu.security.cisco.com
-
Asia Pacific, Japan, and China: playbook.apjc.security.cisco.com
-
-
Path - None
-
Account Key - None (uses the built-in Cisco XDR Token)
Private Intelligence APIs
This target is used to manage data in your private intelligence store such as incidents, sightings, and verdicts.
-
Type - Cisco XDR
-
Protocol - HTTPS
-
Host -
-
North America: private.intel.amp.cisco.com
-
Europe: private.intel.eu.amp.cisco.com
-
Asia Pacific, Japan, and China: private.intel.apjc.amp.cisco.com
-
-
Path - None
-
Account Key - None (uses the built-in Cisco XDR Token)
Public Intelligence APIs
This target is used to fetch information about objects from Cisco XDR's global intelligence database.
-
Type - Cisco XDR
-
Protocol - HTTPS
-
Host -
-
North America: intel.amp.cisco.com
-
Europe: intel.eu.amp.cisco.com
-
Asia Pacific, Japan, and China: intel.apjc.amp.cisco.com
-
-
Path - None
-
Account Key - None (uses the built-in Cisco XDR Token)