NetScout Omnis Cyber Intelligence Integration

Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.

NETSCOUT Omnis Cyber Intelligence (OCI) is an Advanced Network Detection and Response platform enabling packet-level security visibility across diverse networks. The integration with Cisco XDR allows OCI users to promote OCI alerts into Cisco XDR’s Incident queue and provides a lookup link into the OCI Host Investigation module to drill down into more details about the selected observable.

OCI detections, once in the Cisco XDR Incident system, can then be triaged, investigated, and responded to using the Cisco XDR toolsets for these tasks and all the capabilities of the customer’s other Cisco XDR integrations. While investigating any IP for any reason, the user can easily pivot into their OCI platform to conduct contextual guided or unguided investigations or hunting utilizing locally stored metadata and packets on Omnis CyberStream sensors.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the NetScout Omnis Cyber Intelligence integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The NetScout Omnis Cyber Intelligence integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the NetScout Omnis Cyber Intelligence integration in Cisco XDR.

You can perform the following tasks after you integrate NetScout Omnis Cyber Intelligence with Cisco XDR:

  • Incidents - Select one or more alerts from within the NETSCOUT Omnis Cyber Intelligence interface and promote them to Cisco XDR as incidents. You can then view, investigate, and respond to incidents in Cisco XDR. For more information, see Incidents.

  • Pivot Menu - Use the Pivot menu to access actions in NETSCOUT Omnis Cyber Intelligence. Available actions include a lookup link to view more details about the selected observable.