Secure Endpoint Integration

Cisco Secure Endpoint is a holistic, cloud-based endpoint protection suite that safeguards against cyber threats and provides visibility and control over endpoint file, behavior, and network activity via connectors that are installed on an endpoint (for example, Mac, Windows, Linux).

Integration with Secure Endpoint allows you to investigate and identify multiple files with context from other integrated security products. It provides detailed information on affected endpoints and devices, including IP addresses, OS, Secure Endpoint GUID, and network traffic destinations. Additionally, it allows you to reactively or proactively block harmful files and immediately isolate infected devices.

The telemetry sources for Cisco Secure Endpoint integrated with Cisco XDR are shown below:

Integration with Secure Endpoint allows you to incorporate Cisco Secure Endpoint detections into XDR's overall incident detection and correlation capabilities. It gives incident responders and security analysts the ability to hunt, detect, and respond to file hashes and other endpoint observables alongside their other security tools.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Cisco tab and navigate to the Secure Endpoint integration.

  3. Click Enable. The Secure Endpoint Dashboard is displayed in a new tab.

  4. In the Secure Endpoint, activate Cisco XDR to integrate your Secure Endpoint organization with your Cisco XDR account. For details on how to activate Cisco XDR in Secure Endpoint, see Integrate with Cisco XDR in the Secure Endpoint help. Once enabled, some of your Secure Endpoint data is shared with Cisco XDR.

    The Secure Endpoint integration is listed in the My Integrations area on the Cisco XDR Integrations page.

You can perform the following tasks after you integration Secure Endpoint with Cisco XDR:

  • Incidents - When you enable Cisco XDR integration, Cisco XDR automatically ingests the events that are sent by Secure Endpoint and uses them for incident correlation. For details, see Cisco XDR or Client Cloud Management Integration in the Secure Endpoint help.

  • Secure Client Deployments - Once the Secure Endpoint integration is configured, you can create deployments that use the Secure Endpoint connector. For details, see Create Deployment.

  • Dashboard Tiles - Add Secure Endpoint tiles to a dashboard in Control Center to view data, such as top endpoint compromises. For details, see Configure Dashboards and Tiles. For a list of available Secure Endpoint tiles, see Integration Tiles.

  • Pivot Menu - Use the Pivot menu to access response and research actions from the integrations enabled for your Cisco XDR organization, such as blocking a domain in an XDR-connected DNS security product or blocking an IP in an XDR-connected firewall.

  • Device Details - The Device Details page displays information from Secure Endpoint about a device. For more information, see Device Details.

  • Automation Workflows - The Secure Endpoint target is automatically created for out-of-box workflows. For details, see Targets Created From Integrations.