Cisco XDR is an infinitely extensible platform for safety integrations. Just like the maturing SOCs of our clients, the occasion SOC crew at Cisco Reside San Diego 2025 constructed customized integrations to satisfy our wants. You may construct your individual integrations utilizing the group sources introduced at Cisco Reside. It was an honor to work with the XDR product administration and engineering groups to publish these sources.
For some background, we began utilizing Splunk Assault Analyzer (SAA) at RSAC 2025 Convention and created a small dashboard tile to point out some information for us to take a look at. It was additionally our first time utilizing it on this setting, so we didn’t have any integrations created with Cisco XDR but. At Cisco Reside, we wished our analysts to have the ability to lookup artifacts, like URLs, Domains, or File Hashes, in SAA. We additionally wished our analysts to have the ability to submit a URL or area to SAA for automated evaluation.
Through the first two days of the convention, I constructed two new integrations; one to lookup file hashes, URLs, and domains, and the opposite to submit URLs and domains for automated evaluation.
Utilizing the facility of Node.js and internet hosting the brand new relay module in AWS protected by Multicloud Protection, we now have two pivot menu choices for our analysts.
With this, it permits our analysts to rapidly pivot into SAA or get an evaluation while not having to manually do the submission or search.
Here’s a little screenshot of the AWS deployment. We stored it quite simple for simple deployment from convention to convention.
We are going to proceed the innovation at Black Hat USA 2025.
Wish to be taught extra about what we noticed at Cisco Reside San Diego 2025? Try our predominant lavatory publish — Cisco Reside San Diego 2025 SOC — and the remainder of our Cisco Reside SOC content material.
We’d love to listen to what you assume! Ask a query and keep linked with Cisco Safety on social media.
Cisco Safety Social Media
Share:
