Secure Web Appliance Integration

The Cisco Secure Web Appliance (formerly Web Security Appliance) protects your organization by automatically detecting and blocking web-based threats before users can click on them. Powered by our Talos threat research organization, the Web Security Shield license includes in-depth URL filtering and reputation analysis, multiple antivirus engines, Layer 4 traffic monitoring, Advanced Malware Protection, and Cognitive Threat Analytics.

Once integration is configured, the Secure Web Appliance integration provides details associated with sightings of observables that can be enriched via the Web Tracking API (AsyncOS 15.x). You can:

  • View and send the web data from multiple appliances in your organization.

  • Identify, investigate and remediate threats observed in the web reports and tracking.

  • Block compromised URL or web traffic.

  • Resolve the identified threats rapidly and provide recommended actions to take against the identified threats.

  • Document the threats to save the investigation and enable collaboration of information among other devices.

  • Block malicious domains, track suspicious observances, initiate an approval workflow or create an IT ticket to update web policy.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Cisco tab and navigate to the Secure Web Appliance integration.

  3. Click Get Started. The Secure Web Appliance integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Secure Web Appliance integration in Cisco XDR.

You can perform the following tasks after you integrate Secure Web Appliance with Cisco XDR:

  • Dashboard Tiles - Add Secure Web Appliance tiles to a dashboard in Control Center to view data, such as top domains. For details, see Configure Dashboards and Tiles. For a list of available Secure Web Appliance tiles, see Integration Tiles.

  • Investigations - Start a new investigation by searching on suspicious indicators of compromise to extract observables for enrichment. For details, see Investigate.

  • Pivot Menu - Use the Pivot menu to access actions in Secure Web Appliance.