Built-in actions

Built-in building blocks for a wide variety of products that you can use to build your own workflows.

Also known as atomic actions, these are small, reusable components you can use when building a workflow. Cisco XDR comes with over 500 actions built in for various products and capabilities or you can build your own. If you're familiar with software development, think of a workflow as a script that achieves an end-to-end outcome and an action as a function within the script. Actions usually do perform a specific, single task like creating a ticket or sending an instant message. More information about built-in actions can be found in the Cisco XDR product documentation.

Check Point Quantum Smart-1
Cisco API Console
Cisco Defense Orchestrator
Cisco Duo: Admin API
Cisco Duo: Auth API
Cisco Identity Services Engine
Cisco Meraki
Cisco Meraki: Systems Manager
Cisco Orbital
Cisco PSIRT openVuln
Cisco Secure Access
Cisco Secure Cloud Analytics
Cisco Secure Email
Cisco Secure Email Threat Defense
Cisco Secure Endpoint
Cisco Secure Firewall
Cisco Secure Firewall (SSX)
Cisco Secure Malware Analytics
Cisco Secure Network Analytics
Cisco Secure Workload
Cisco Security Cloud Control
Cisco Threat Response
Cisco Umbrella
Cisco Umbrella (v2)
Cisco Vulnerability Management
Cisco Webex
Cisco XDR: Administration
Cisco XDR: Analytics
Cisco XDR: Assets
Cisco XDR: Automate
Cisco XDR: Incident
Cisco XDR: Intelligence
Cisco XDR: Investigate
Cisco XDR: Respond
Cisco XDR: SSX
CrowdStrike
Cybereason
Darktrace /NETWORK
Elastic Cloud
ExtraHop Reveal(x) 360
Ivanti Neurons for MDM
Jamf Pro
Jira Cloud
Microsoft Defender for Endpoint
Microsoft Entra ID
Microsoft Graph
Microsoft Graph: Mail
Microsoft Graph: Security
Microsoft Intune
Microsoft Security Center
Microsoft Sentinel
Microsoft Teams
OCSF v.1.4
PagerDuty
Palo Alto Cortex
Palo Alto Panorama
SentinelOne
ServiceNow
Slack
Splunk
Splunk Cloud
Splunk Enterprise
Trend Vision One
Zendesk
xMatters