Cisco XDR Ribbon

Cisco XDR Ribbon Extension

Offered by: Cisco XDR

The Cisco XDR ribbon extension offers a distributed set of capabilities that unify visibility, enable automation, accelerate incident response workflows, and improve threat hunting directly from your browser. These capabilities are presented in the form of applications (apps) and tools in the XDR ribbon. With the combination of the apps and your browser, you can:

• Immediately extract observables from arbitrary browser content and get the current Cisco verdict on each observable.
• Take response actions on observables via Cisco XDR and your configured integrated products.
• Use the casebook app to gather information in one place as you explore sightings across multiple products. The casebook is a powerful and convenient tool for saving, sharing, and enriching your threat analysis. Use it to track notes and other information as you follow leads during your threat investigation across your product suite.
• Use the incidents app to triage, investigate, and track high-confidence security incidents from integrated products. You can view the status and summary of the incidents, change the status, link incidents to snapshots, cases, and indicators, and pivot into Cisco XDR to perform investigations.
• Use the Orbital app to run live SQL queries against your endpoints.

You can select text on a page or select a single observable, open the context menu, and choose the Cisco XDR menu option. The selection will be inspected for observables and you will be presented with information and actions to help with your investigations.

You can also quickly find observables on the page, use the Pivot menus to create judgements for the observable and associate it with indicators, investigate the observables in Cisco XDR, block or unblock domains, start isolation of endpoints, and pivot to the integrated products to perform additional threat analysis.