Default Targets

This target is used for various Automation APIs including managing workflows, targets, and account keys.

• Type - Cisco XDR

• Protocol - HTTPS

• Host -

  • North America: automate.us.security.cisco.com

  • Europe: automate.eu.security.cisco.com

  • Asia Pacific, Japan, and China: automate.apjc.security.cisco.com

• Path - None

• Account Key - None (uses the built-in Cisco XDR Token)

This target is used to fetch information about incidents and investigations.

• Type - Cisco XDR

• Protocol - HTTPS

• Host -

  • North America: conure.us.security.cisco.com

  • Europe: conure.eu.security.cisco.com

  • Asia Pacific, Japan, and China: conure.apjc.security.cisco.com

• Path - None

• Account Key - None (uses the built-in Cisco XDR Token)

This target is used to fetch information about assets.

• Type - Cisco XDR

• Protocol - HTTPS

• Host -

  • North America: insights-api.us.security.cisco.com

  • Europe: insights-api.eu.security.cisco.com

  • Asia Pacific, Japan, and China: insights-api.apjc.security.cisco.com

• Path - /api

• Account Key - None (uses the built-in Cisco XDR Token)

This target is used for various Platform APIs including inspection, enrichment, and response actions.

• Type - Cisco XDR

• Protocol - HTTPS

• Host - visibility.amp.cisco.com

• Path - /iroh

• Account Key - None (uses the built-in Cisco XDR Token)

This target is used to manage data in your private intelligence store such as incidents, sightings, and verdicts.

• Type - Cisco XDR

• Protocol - HTTPS

• Host - private.intel.amp.cisco.com

• Path - None

• Account Key - None (uses the built-in Cisco XDR Token)

This target is used to fetch information about objects from Cisco XDR's global intelligence database.

• Type - Cisco XDR

• Protocol - HTTPS

• Host - intel.amp.cisco.com

• Path - None

• Account Key - None (uses the built-in Cisco XDR Token)