AppOmni SaaS Security Integration

Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.

AppOmni enriches Cisco XDR investigations with SaaS identity, access, and threat context. Search AppOmni directly from Cisco XDR to understand who a user is, what SaaS applications they can access, and their level of access, including elevated or administrative privileges.

Investigate users:

  • SaaS applications the user can access and their access level

  • Recent AppOmni Threat Detection signals associated with the user

  • IP addresses the user was using when detections occurred

  • Pivot from a user to IPs and from IPs back to related users

Investigate IP addresses:

  • Users associated with the IP during suspicious activity

  • Related AppOmni Threat Detection alerts tying the IP to user behavior

  • Pivot to associated users to scope access across SaaS applications

This integration helps SOC teams scope impact faster and prioritize response by combining Cisco XDR workflows with AppOmni SaaS security telemetry.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the AppOmni SaaS Security integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The AppOmni SaaS Security integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the AppOmni SaaS Security integration in Cisco XDR.

You can perform the following task after you integrate AppOmni SaaS Security with Cisco XDR:

    • Investigations - Start a new investigation into IP addresses and the results will include any records of them found in your AppOmni SaaS Security. To verify that this integration is working, and to see what kind of data is returned, investigate one or more observables about which you know AppOmni SaaS Security has recent information. For details, see Investigate.