Endace Integration

Endace provides always-on hybrid cloud packet capture, delivering hard evidence to combat cybersecurity threats and proactively resolve network and IT problems. This integration provides a clickable Pivot-to-Vision URL to enrich investigations into IP observables. This provides click-through access to a pre-populated EndaceVision Investigation, which enables rapid search and drill down into the estate-wide packet level history relevant to the event under investigation.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the Endace integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The Endace integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Endace integration in Cisco XDR.

You can perform the following tasks after you integrate Endace with Cisco XDR:

  • Investigations - Start a new investigation into IP addresses and the results will include any records of them found in your Endace. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Endace has recent information. For details, see Investigate.