Microsoft Government Community Cloud (GCC)

Microsoft Government Community Cloud (GCC) integration allows Cisco XDR users to leverage several Microsoft products that make use of the Microsoft Cloud APIs. This combined integration allows you to manage and maintain one set of Microsoft cloud credentials across many individual product integrations between Cisco XDR and Microsoft products. Add your Microsoft cloud credentials and then add a minimum of one of the following Microsoft security applications that you want to configure to use those credentials:

• Microsoft Defender for Endpoint GCC - Microsoft Defender for Endpoint GCC is an Endpoint Detection and Response (EDR) offering. Microsoft Defender for Endpoint security events can generate and contribute to correlated incidents in Cisco XDR. In Cisco XDR, we enable Defender for Endpoint users to leverage it for incident detection functions, threat hunting and investigation features, rapid response actions to understand and defend against threats on the endpoint, and providing important device inventory context to help triage detected threats.

  Integration with Microsoft Defender for Endpoint GCC allows you to incorporate Microsoft Defender for Endpoint GCC detections into XDR's overall incident detection and correlation capabilities. Use the Defender for Endpoint GCC integration to search for security detections involving specific hostnames, machine IDs, IPs, and file hashes. Defender for Endpoint GCC can be used through Cisco XDR to isolate hosts from the network and block many types of observables, including file hashes, network resources (such as IP addresses, domains, and URLs), and certificates. This integration can be used to provide host information, including vulnerability information for use in triaging incidents and detections. It creates a target automatically in Automation for out-of-box workflows and it provides important device inventory context to help triage detected threats.

• Microsoft Defender for Office 365 GCC - Microsoft Defender for Office 365 GCC is a cloud-based email filtering service that helps protect your organization against advanced threats delivered via email and collaboration tools, like phishing, business email compromise, and malware attacks. Integration with Microsoft Defender for Office GCC allows you to incorporate Microsoft Defender for Office 365 GCC detections into XDR's overall incident detection and correlation capabilities.