Cisco Secure Access
Cisco Secure Access is Cisco's cloud security product, enforcing security via DNS, Secure Web Gateway (SWG), Firewall as a Service (FWaaS) and Intrusion Prevention System (IPS), Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB) and Data Loss Prevention (DLP). XDR supports multiple Cisco Secure Access functions, which are linked to XDR with API keys that have been generated in the SSE Platform.
Cisco Secure Access automatically uncovers attacker infrastructure staged for current and emerging threats and proactively blocks malicious requests before they reach a customer’s network or endpoints. With integration, customers can stop phishing and malware infections earlier, identify already-infected devices faster, and prevent data exfiltration. The integration provides complete visibility into Internet activity across all users in all covered locations. Multiple Cisco Secure Access functions are supported and linked via an API key generated in the Cisco Secure Access Platform.
Cisco Secure Access Investigate
Cisco Secure Access Investigate is a Cisco threat intelligence product, providing a customer view into our global threat data via a browser or API. This integration allows XDR to use that API to add threat intelligence from Cisco Secure Access Investigate to perform automated enrichment for IPs and domains that are being investigated.
Cisco Secure Access Reporting
Cisco Secure Access Reporting provides details associated with sightings of domain observables that are being investigated.
The functionality provided by Cisco Secure Access Reporting allows you to answer this question: Which entities under the protection of my Cisco Secure Access deployment have requested an IP address for this domain?
These are workflows that you can install in Cisco XDR automation and use with this integration. These are different from built-in workflows which are built into Cisco XDR by default for all customers.
These workflows are built into Cisco XDR automation and can be used with this integration. These are different from installable workflows, which are optional workflows you can install from Cisco and its partners.
These actions can be used in Cisco XDR automation to build workflows for this product. Workflows can help you automate how you investigate, respond to incidents, and more.