Orbital - Alert on New AV
Details
When triggered, this workflow will review the Secure Endpoint machines about installed antivirus (AV) applications in Orbital and send a Webex Alert on new non-approved AV app. This workflow should be run on a schedule.
Description
Workflow Requirements:
This workflow requires Orbital and Webex integration modules.
Please verify these settings prior to execution.
Required targets
This workflow requires the following targets to be available before it can be run.
Integration targets
- Orbital
- Webex
About
Contact and support information
External links
Related workflows
Community
This scheduled workflow executes a search query in Cisco Secure Malware Analytics for new private samples submitted and convinced as malicious.
Community
When triggered, this workflow will review the Secure Endpoint machines about installed antivirus (AV) applications in Orbital and send a Webex Alert on new non-approved AV app.
Community
When triggered, this workflow will review the Secure Endpoint machines and local admin users in Orbital and send a Webex Alert on new non-approved admin user.
Community
This workflows runs a (scheduled) "Cisco XDR Integration Module Healthcheck" and posts a message to Webex if such a healthcheck fails.
Cisco Managed
This workflow works with an incident automation rule or playbook to create a Webex room when incidents are created in Cisco XDR.
Cisco Managed
This workflow works with an incident automation rule to send Webex messages when a new incident is created in Cisco XDR.