Contact sales
Details

This workflow works with an incident automation rule or playbook to create a Webex room when incidents are created in Cisco XDR. Anyone assigned to the incident or configured in the workflow's settings will be added to the room.

Description

This workflow works with an incident automation rule or playbook to create a Webex room when incidents are created in Cisco XDR. Anyone assigned to the incident or configured in the workflow's settings will be added to the room. The workflow can also update the incident's status if a new room is created successfully. If a room already exists, a new one is not created.

Targets: Conure APIs, Platform APIs, Private Intelligence API, Webex

Steps:

  • Fetch the incident
  • Check if this incident already has a Webex room (if so, update the local variables)
  • Check if there are users to always add to rooms (if so, add them to the participant list)
  • Process the incident assignees and add them to the participant list
  • Check if we need to use the fallback users (if so, add them to the participant list)
  • Check if a Webex room already exists for this incident:
    • If not, create one, update the incident status (optional), post a welcome message, and update the incident
  • Add the participants to the Webex room
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • Cisco XDR
  • Webex
About
Author
Cisco
Version
v1.0
Intent
Incident Response
Integration
Average rating
5.0 out of 5
Authorship
Cisco Managed
Contact and support information
https://support.cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for Secure Malware Analytics
Cisco Secure Malware Analytics - XDR incident and notification
Community
This scheduled workflow executes a search query in Cisco Secure Malware Analytics for new private samples submitted and convinced as malicious.
Learn more
Logo for Orbital
Orbital - Alert on New AV
Community
When triggered, this workflow will review the Secure Endpoint machines about installed antivirus (AV) applications in Orbital and send a Webex Alert on new non-approved AV app.
Learn more
Logo for Orbital
Orbital - Alert on New Local User
Community
When triggered, this workflow will review the Secure Endpoint machines and local admin users in Orbital and send a Webex Alert on new non-approved admin user.
Learn more
Logo for Webex
Scheduled Cisco XDR Integration Health Check with Cisco Webex
Community
This workflows runs a (scheduled) "Cisco XDR Integration Module Healthcheck" and posts a message to Webex if such a healthcheck fails.
Learn more
Logo for Webex
Webex - Create Room for New Incident
Cisco Managed
This workflow works with an incident automation rule or playbook to create a Webex room when incidents are created in Cisco XDR.
Incident Response
Learn more
Logo for Webex
Webex - Send Message for New Incidents
Cisco Managed
This workflow works with an incident automation rule to send Webex messages when a new incident is created in Cisco XDR.
Learn more