Graylog Cloud Integration
Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.
Graylog Cloud is a leading centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data.
This integration enables you to include logs stored in the Graylog Cloud in your Cisco XDR investigations. Graylog Cloud will return sightings of any investigated IPv4, IPv6, SHA-1, SHA-256, MD5, domain, URL, file path, user and email observables that are found in those logs.

-
In the Cisco XDR navigation menu, choose Administration > Integrations.
-
On the Integrations page, click the Third-Party tab and navigate to the Graylog Cloud integration.
-
Click the plus sign (+) in the lower-right corner of the card. The Graylog Cloud integration page is displayed.
-
Expand the Integration Guide area and follow the instructions on how to add the Graylog Cloud integration in Cisco XDR.

You can perform the following task after you integrate Graylog Cloud with Cisco XDR:
-
Investigations - Start a new investigation into any combination of IPv4, IPv6, SHA-1, SHA-256, MD5, domain names, URLs, file paths, usernames, and email addresses and the results will include any records of them found in your Graylog Cloud. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Graylog Cloud has recent information. For details, see Investigate.