EndaceProbe Integration

Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.

EndaceProbe provides always-on hybrid cloud packet capture, delivering hard evidence to combat cybersecurity threats and proactively resolve network and IT problems. This integration provides a clickable Pivot-to-Vision URL to enrich investigations into IP observables. This provides click-through access to a pre-populated EndaceVision Investigation, which enables rapid search and drill down into the estate-wide packet level history relevant to the event under investigation.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the EndaceProbe integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The EndaceProbe integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the EndaceProbe integration in Cisco XDR.

You can perform the following tasks after you integrate EndaceProbe with Cisco XDR:

  • Investigations - Start a new investigation into IP addresses and the results will include any records of them found in your EndaceProbe. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know EndaceProbe has recent information. For details, see Investigate.