Integrations make Cisco XDR a robust resolution within the Safety Operations Heart of the Black Hat NOC, to satisfy our core mission of malware evaluation because the Official Safety Cloud supplier.
Beneath are the Cisco XDR integrations for Black Hat USA, empowering analysts to research Indicators of Compromise (IOC) in a short time, with one search.
Thanks to alphaMountain.ai and Pulsedive full donating full licenses to Cisco, to be used within the Black Hat USA 2025 NOC.
The XDR Management Heart dashboard displayed the standing of the integrations over the week.
Beneath you’ll be able to see the lively integrations in XDR.
Collaboration With Palo Alto Networks
The Black Hat NOC is a really distinctive community the place competitors is thrown out of the home windows and collaboration is dropped at the forefront. The Black Hat leaders consider a number of instruments available on the market to construct and function the community (or they construct their very own). The important thing distinguishing issue is that these instruments are chosen with a limiteless price range because the distributors present licensing for his or her instruments for gratis to Black Hat, together with the employees to run/handle/combine into the safety stack. With the price issue eliminated, the choice is solely about what software finest meets their distinctive wants. The result’s a particularly various set of instruments and distributors that should be operationalized and built-in within the brief arrange window.
This yr, I made a decision to take a deeper take a look at Palo Alto Networks XSIAM. Palo Alto Networks is the official Firewall and XDR/SIEM/SOAR supplier for the Black Hat NOC. Though I do have some expertise with PANW Cortex it was fascinating to be taught what extra capabilities are included in XSIAM in addition to understanding the excitement phrase of Subsequent Technology SIEM. XSIAM is a next-gen, all-in-one safety operations platform, integrating XDR, SIEM, SOAR, UEBA, and risk intel right into a single AI-driven system for large-scale SecOps. XSIAM is an AI first platform with LLM summaries for every incident and Microsoft Copilot inbuilt. Copilot can be utilized for a quantity use circumstances together with normal looking out or serving to craft a selected XQL question.
Let’s check out a PANW XSIAM incident after which see how the identical information could possibly be surfaced in Cisco XDR.
Evolving Integration With Palo Alto Networks
Cisco XDR is designed to be a vendor agnostic software with a purpose of working with buyer’s current infrastructure. This implies Cisco XDR wants to have the ability to combine with Third get together instruments together with applied sciences which may be thought of market competitors. Within the Black Hat NOC, we collaborate with competitors as a result of the actual enemy is just not one other vendor however reasonably the adversary. Cisco XDR has an integration module to combine with Cortex XDR which presents enrichment functionality for each EDR detections and Firewall detections. Nevertheless, this enrichment is an on demand, point-in-time, question which brings again information related to what’s being investigated in Cisco XDR. This integration doesn’t produce XDR incidents from PANW.
To enhance this integration a customized automation workflow was created to question the PAN-OS API instantly for risk logs after which publish them as incidents in Cisco XDR. Then the following part of the mixing took benefit of Splunk by sending PANW risk logs to Splunk after which utilizing XDR automation to question Splunk for the PANW risk logs. The automation workflow queries a number of information units in Splunk and makes use of a worldwide desk variable to maintain monitor of the incidents which have been created and both replace or create new incidents. This logic might be complicated and bypasses Cisco XDR’s correlation logic.
The following part of the PANW integration is at present being constructed by our engineering crew and the Black Hat community is the proper innovation zone to get actual world information to construct the mixing with. Our engineering crew is working to take PANW NGFW logs from Strata Logging Service, rework them to OCSF (Open Cybersecurity Schema Framework), and ingest them into our information analytics platform. This implies the Firewall logs are normalized and might be correlated with different information units to supply XDR incidents.
Conclusion
The Black Hat NOC offers a uncommon setting the place interoperability, innovation, and collaboration thrive—no matter vendor boundaries. Exploring Palo Alto Networks XSIAM on this area revealed the true potential of next-gen SecOps platforms, from automated incident enrichment to seamless integration with supporting instruments like Corelight and Slack. On the identical time, Cisco XDR’s vendor-agnostic design and evolving integration with PAN information by way of APIs, Splunk, and OCSF reveal the facility of adaptable, cross-platform collaboration. As each platforms proceed to evolve, the NOC stays a proving floor for pushing the boundaries of what’s doable in trendy safety operations.
About Black Hat
Black Hat is the cybersecurity trade’s most established and in-depth safety occasion sequence. Based in 1997, these annual, multi-day occasions present attendees with the most recent in cybersecurity analysis, improvement, and tendencies. Pushed by the wants of the group, Black Hat occasions showcase content material instantly from the group by way of Briefings shows, Trainings programs, Summits, and extra. Because the occasion sequence the place all profession ranges and tutorial disciplines convene to collaborate, community, and talk about the cybersecurity matters that matter most to them, attendees can discover Black Hat occasions in america, Canada, Europe, Center East and Africa, and Asia. For extra info, please go to the Black Hat web site.
We’d love to listen to what you assume! Ask a query and keep related with Cisco Safety on social media.
Cisco Safety Social Media
Share:
