Elastic Cloud - Export Incident Summary to Index
Details
This workflow allows you to export a summary of an XDR incident to an Elastic Cloud index/document. Sending incidents to Elastic allows them to be indexed for correlation with your other logs and allows for longer data retention than what may be available in Cisco XDR.
Description
This workflow allows you to export a summary of an XDR incident to an Elastic Cloud index/document. Sending incidents to Elastic allows them to be indexed for correlation with your other logs and allows for longer data retention than what may be available in Cisco XDR. If a document already exists for an incident, the workflow will attempt to update it.
Target: Conure APIs, Elastic Cloud
Steps:
- Fetch the incident summary (if this fails, end the workflow)
- Process the incident summary
- Search for an existing document for this incident in Elastic
- Check if a document was found:
- If not found, create a new document
- If found, update the existing document
Required targets
This workflow requires the following targets to be available before it can be run.
Integration targets
- Elastic Cloud
- Cisco XDR
About
Author
Cisco
Version
v1.0
Intent
Incident Response
Integration
Average rating
4.0 out of 5
Authorship
Cisco Managed
Contact and support information
External links
Related workflows
Cisco Managed
This workflow allows you to export a summary of an XDR incident to an Elastic Cloud index/document.