Ribbon

In an expanded view, the ribbon is located in the lower portion of the page, and it persists as you move between the Cisco XDR pages in your environment. Click the - icon to collapse the ribbon.

When the ribbon is expanded, you can drag the container up and down or a double arrow up and down anywhere on the entire top side of the panel to resize the height of the panel.

In a collapsed view, by default, the Open the Ribbon floating button is located in the bottom left corner of the page, and it persists as you move between the Cisco XDR pages in your environment. Hover over the Open the Ribbon floating button to display the ribbon icons.

You can customize the location and the behavior of the Open the Ribbon floating button in the ribbon settings. Click the Open the Ribbon floating button to expand the ribbon.

Use the ribbon Home page to open the ribbon apps, notifications, tips, and ribbon settings, and launch integrated applications.

As you move to other pages in the ribbon, click the (Home) icon to return to the ribbon Home page.

Tips

Click Tips in the ribbon Home page to open the Welcome to Ribbon page that lists all the quick and interactive tours for each of the main ribbon features.

Click Ribbon Basics and a tour guides you through an overview of the Cisco XDR ribbon. On any of the tour pages, click Learn more about XDR Ribbon in the upper right corner to open the Ribbon Help topic in Cisco XDR Help to learn more about the features and apps.

Settings

Click Settings in the ribbon Home page to open the Cisco XDR ribbon, casebook, and notification settings. Alternatively, you can click the (Settings) icon in the ribbon menu. For information on the ribbon settings, see Configure Ribbon Settings.

Customize Applications Preview

A list of integrated applications are displayed on the Home page, in the Applications popup when you hover over the Open the Ribbon floating button and click the (View Applications List) icon, or when you hover over the Home icon in an expanded ribbon menu.

To customize the list of applications in the Applications popup, click the (Customize Preview) icon next to Applications on the Home page and check the check boxes next to the applications you want displayed in the Applications popup.

Click the or (Casebook App) icon in the ribbon menu or the Home icon in the Open the Ribbon floating button menu to open the casebook app and save information about your threat analysis. You can also hover over the icon to view details about the current case.

Click the or (Incidents App) icon in the ribbon menu or the Home icon in the Open the Ribbon floating button menu to open the incidents app and view incidents from the integrated products. You can also hover over the icon to view details about the incidents assigned to the current case and click Manage Incident to open the incident to view the incident details.

Click the or (Orbital App) icon in the ribbon menu or the Home icon in the Open the Ribbon floating button menu to open the Orbital app and perform additional queries.

Click the or (Find Observables on Page) icon in the ribbon menu or in the Open the Ribbon floating button menu to search the current web page for malicious file hashes, suspicious domains and other cyber observables. You can then click Add Observables to Case or Investigate.

Click the or (Notifications) icon in the ribbon menu or in the Open the ribbon floating button menu to display your notifications on the Notifications page or in the Notifications popup. The badge next to the icon displays the number of unread notifications.

See Notifications for more information on the Notifications page and for details on the Notifications popup, see Navigate Cisco XDR.

In the ribbon menu, enter search criteria in the Enrichment search box and press Enter to begin extracting observables. You can then click Add Observables to Case or Investigate.