Cisco XDR is an open platform for integrations, making it a strong resolution supporting the Safety Operations Heart inside the Black Hat NOC and empowering our core mission of malware evaluation because the Official Safety Cloud supplier.
Beneath are the Cisco XDR integrations used at Black Hat Europe, enabling analysts to quickly examine Indicators of Compromise (IOCs) with a single search. Our because of alphaMountain.ai, Pulsedive and StealthMole for full donating full licenses to Cisco, to be used within the Black Hat Europe 2025 NOC.
The XDR Management Heart dashboard displayed the standing of the integrations over the week.
Beneath you possibly can see the integrations in XDR at Black Hat Europe, together with in manufacturing, in beta and in growth.
Constructing Integrations With Corelight
The Black Hat NOC is a spot of collaboration and innovation. At Black Hat Europe 2024, Ivan Berlinson linked Cisco XDR with Splunk to combine Corelight NDR detections. It created a renaissance of developments that helped defend the NFL Tremendous Bowl, RSAC, Cisco Stay and GovWare. A lot of our clients requested if we may construct an integration instantly between Cisco XDR and Corelight, with out Splunk as a middleware requirement.
We labored with Corelight on the required APIs and Cisco XDR engineering on customized community detections to ship the Zeek formatted detections to the Knowledge Analytics Platform (DAP) in XDR in OCSF (Open Cybersecurity Schema Framework) format, for correlation and incident era.
In London, Ryan accomplished the proof-of-concept integration and submitted to Cisco XDR high quality assurance for testing and publication as an automation workflow integration utilizing webhooks. The mixing is stay beneath XDR Automate – Alternate. Seek for ‘Corelight’.
The mixing can ingest as much as 25 Corelight log bundles a minute into the XDR DAP.
It is possible for you to to view the Detections within the Incident, and filter on Sources.
To view the small print for a Detection, click on on the date/time stamp of the row.
Strengthening Integration With Palo Alto Networks
At Black Hat Europe, we beta examined the combination constructed by our engineering group with Palo Alto Networks NGFW logs from Strata Logging Service, remodeling them to OCSF format, and ingesting the logs into our knowledge analytics platform. This implies the Firewall logs are normalized and could be correlated with different knowledge units to supply XDR incidents.
Payload format: Array json
Filters:
- Firewall/Risk
- Firewall/File
- Firewall/URL
- Firewall/DNS Safety
Constructing Your Personal Integration
Take a look at the XDR Group assets, which you’ll be able to make the most of to construct your individual integrations with this highly effective open framework.
If you’re with a safety firm that want to construct a supported integration, for Cisco verification and publication in our XDR person interface, you possibly can contact the Cisco Safety Technical Alliance group by way of e mail.
You possibly can learn the opposite blogs from our colleagues at Black Hat Europe.
About Black Hat
Black Hat is the cybersecurity trade’s most established and in-depth safety occasion sequence. Based in 1997, these annual, multi-day occasions present attendees with the most recent in cybersecurity analysis, growth, and developments. Pushed by the wants of the neighborhood, Black Hat occasions showcase content material instantly from the neighborhood via Briefings shows, Trainings programs, Summits, and extra. Because the occasion sequence the place all profession ranges and tutorial disciplines convene to collaborate, community, and focus on the cybersecurity subjects that matter most to them, attendees can discover Black Hat occasions in the US, Canada, Europe, Center East and Africa, and Asia. For extra info, please go to the Black Hat web site.
We’d love to listen to what you suppose! Ask a query and keep linked with Cisco Safety on social media.
Cisco Safety Social Media
