Contact sales
Details

This incident response workflow allows you to export summary of an XDR incident to a Microsoft Sentinel custom table from a playbook or using an automation rule. When using this workflow in a playbook, the user initiates the export. When using this workflow with an incident automation rule, the export can be done automatically when an incident is created.

Description

This incident response workflow allows you to export summary of an XDR incident to a Microsoft Sentinel custom table from a playbook or using an automation rule. When using this workflow in a playbook, the user initiates the export. When using this workflow with an incident automation rule, the export can be done automatically when an incident is created.

Target: Conure APIs, Microsoft Sentinel Ingestion

Steps:

  • Fetch the incident summary (if it fails, end the workflow)
  • Process the incident summary
  • Send the incident summary to the Microsoft Sentinel
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • Microsoft Sentinel
  • Cisco XDR
About
Author
Cisco
Version
v1.0
Intent
Incident Response
Integration
Average rating
No ratings yet
Authorship
Cisco Managed
Contact and support information
https://support.cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for Microsoft Sentinel
Microsoft Sentinel - Export Incident Summary
Cisco Managed
This incident response workflow allows you to export summary of an XDR incident to a Microsoft Sentinel custom table from a playbook or using an automation rule.
Incident Response
Learn more