Cisco Secure WAF and Bot Protection Integration

At its core, Cisco Secure WAF and Bot Protection (also known as Radware WAF and Bot Protection) is based on Radware's ICSA Labs certified, market-leading web application firewall and offers full web security protection including OWASP Top-10 coverage, advanced attack protection and 0-day attack protection that automatically adapts your protections to evolving threats and protected assets. These capabilities are provided as a fully-managed offering.

In Cisco XDR, the Cisco Secure WAF and Bot Protection integration allows users the ability to investigate IP addresses and retrieve records of any attacks detected involving those IP addresses, and to take response actions by adding them to network or application lists.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Cisco tab and navigate to the Cisco Secure WAF and Bot Protection integration.

  3. Click Get Started. The Cisco Secure WAF and Bot Protection integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Cisco Secure WAF and Bot Protection integration in Cisco XDR.

You can perform the following task after you integrate Cisco Secure WAF and Bot Protection with Cisco XDR:

  • Investigate - Start a new investigation into IP addresses and see if any records of them exist in your Cisco Secure WAF and Bot Protection. To verify that this integration is working, and to see what kind of data is returned, investigate one or more observables about which you know Cisco Secure WAF and Bot Protection has recent information. For details, see Investigate.

  • Pivot Menu - Use the Pivot menu to access actions on IP addresses in Cisco Secure WAF and Bot Protection. Available actions include moving IP addresses onto or off of network and application lists.