Threatscore Integration

Threatscore by Cyberprotect is a threat response module that integrates with Cisco XDR. This integration provides the ability to investigate IP addresses, domains, hashes, and file names and retrieve verdicts and judgments within the Cisco XDR platform.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the Threatscore integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The Threatscore integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Threatscore integration in Cisco XDR.

You can perform the following tasks after you integrate Threatscore with Cisco XDR:

  • Investigations - Start a new investigation into any combination of IP addresses, IPv6 addresses, domains, and the results will include any records of them found in your Threatscore. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Threatscore has recent information. For details, see Investigate.