Contact sales
Details

This workflows exports XDR detection findings to Microsoft Sentinel every 5 minutes using a schedule automation rule.

Description

This workflows exports XDR detection findings to Microsoft Sentinel every 5 minutes using a schedule automation rule. More information about the XDR Query API and its schemas can be found here: https://developer.cisco.com/docs/cisco-xdr/exporting-xdr-detection-findings-exporting-xdr-detection-findings/

Targets: Query APIs, Microsoft Sentinel Ingestion

Steps:

  • Calculate and format the necessary timestamps
  • For each page of findings:
    • Fetch this page of findings
    • For each finding returned, fetch its events and export them to Sentinel
    • Check if there's a next page
      • If there isn't, end the loop
      • If there is, update the paging variables
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • Microsoft Sentinel
  • Cisco XDR
About
Author
Cisco
Version
v1.4
Integration
Average rating
No ratings yet
Authorship
Cisco Managed
Contact and support information
https://support.cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for Microsoft Sentinel
Microsoft Sentinel - Export Incident Summary
Cisco Managed
This incident response workflow allows you to export summary of an XDR incident to a Microsoft Sentinel custom table from a playbook or using an automation rule.
Incident Response
Learn more