Red Sift Pulse Integration

Red Sift Pulse provides IP address, hostname and domain-based threat intelligence to Cisco XDR users to aid swift identification and remediation of phishing and impersonation attacks.

By leveraging Red Sift OnDMARC’s email security capabilities, Red Sift Pulse gives Security teams complete visibility into and control over what’s happening across their email-sending infrastructure. For example, it constantly monitors and discovers new domains and subdomains, ingests spam trap emails, and detects unauthenticated emails and malicious IP addresses.

This integration enables:

  • Enriched threat intelligence. Red Sift Pulse is a key source of email and domain-based data, feeding Cisco XDR intelligence on unauthenticated traffic, spam and malicious IP addresses, and user-reported email threats.

  • Augmented threat response. Threat intelligence provided by Red Sift Pulse enriches and bolsters findings to expedite data-driven decision-making.

  • Scalable remediation efforts. Analysts can build automated workflows based on the detection of specific incidents by Red Sift Pulse to aid more efficient remediation and quickly close the loop on investigations.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the Red Sift Pulse integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The Red Sift Pulse integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Red Sift Pulse integration in Cisco XDR.

You can perform the following tasks after you integrate Red Sift Pulse with Cisco XDR:

  • Investigations - Start a new investigation into any combination of IP addresses, hostnames, domains, and the results will include any records of them found in your Red Sift Pulse. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Red Sift Pulse has recent information. For details, see Investigate.

  • Dashboard - Add Red Sift Pulse cards to a dashboard in Control Center to view data, such as the compliance status of domains managed by Red Sift Pulse, aggregate authentication of all emails across all of your domains, and the top five unauthenticated email sources across all your domains. For details, see Configure Dashboards and Cards.

  • Pivot Menu - Use the Pivot menu to access actions in Red Sift Pulse. Available actions include marking a domain or IP address as a threat.