Ribbon Extension

The Cisco XDR ribbon extension provides the same functionality as ribbon but it is extended to your browser for availability on every web page you visit. Use the ribbon extension to access the casebook, incidents, and Orbital apps, launch integrated applications, settings, search observables for enrichment, and view notifications.

Observables on Page

With the combination of the apps and tools in the ribbon and your browser, you can:

  • Select text on a page, right-click and choose Cisco XDR in the context menu to immediately extract observables from the text.
  • Take response actions on observables via your configured integrated products using the Pivot menu.

Ribbon Extension Icons and Elements

The Cisco XDR Ribbon extension icon indicates the following:

  • Unread Notifications - The (Cisco XDR Ribbon) icon notifies you when an incident is assigned to you by other users. The icon number indicates the number of unread notifications.
  • Add Observables to Case - The (Cisco XDR Ribbon) icon displays a blue badge when you add an observable to an active or new case using the Cisco XDR option in the context menu. The blue badge is only displayed if there are no unread notifications count displayed.

The following icons and elements are displayed on the ribbon extension menu:

  • Home - Click the (Home) icon to open the ribbon apps, notifications, tips, ribbon extension settings, and launch integrated applications.

  • Casebook App - Use the (Casebook App) icon to gather and save information about your threat analysis as you explore sightings across multiple products. The casebook app is a powerful and convenient tool for saving, sharing, and enriching your threat analysis. Use it to track notes and other information as you follow leads during your threat investigations.

  • Incidents App - Use the (Incidents App) icon to triage, investigate and track high-confidence security incidents from integrated products. You can view the status and summary of the incident, change the status, link the incident to snapshots, cases, and indicators, and pivot into Cisco XDR to perform investigations.

  • Orbital App - Use the (Orbital App) icon to run live SQL queries against your endpoints.

  • Settings - Use the (Settings) icon to manage the ribbon extension, casebook, and notification settings. With the exception of the Theme setting, all changes made in the Cisco XDR ribbon extension settings are also saved in the Cisco XDR ribbon settings.

  • Find Observables on Page - Click the (Find Observables on Page) icon to search the current web page for malicious file hashes, suspicious domains, and other cyber observables.

  • Notifications - The (Notifications) icon displays the number of unread notifications. Click the icon to display the notifications that are assigned to you by other users in the Notifications popup. Click View all to open the Notifications page and manage the notifications.

  • Enrichment Search Box - In the ribbon extension menu, enter search criteria in the Enrichment search box press Enter to begin extracting observables. You can then click Add Observables to Case or Investigate.