Cisco XDR Automation Feature Overview
10 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is one of the outcomes delivered by automation in Cisco XDR?

  • Delaying analyst response to threats
  • Manual collection of data from various sources
  • Automating incident investigation and hunting (correct)
  • Disabling the Playbook feature of xdr incident manager

What do targets represent in Cisco XDR?

  • Automated incident investigation components
  • Resources workflows can communicate with (correct)
  • Data collection mechanisms
  • Authentication methods for analysts

What are account keys used for in Cisco XDR?

  • Powering the Playbook feature of xdr incident manager
  • Accessing targets that require authentication (correct)
  • Integrating systems in new ways
  • Automating analyst response to threats

What type of endpoint is used for email checks in Cisco XDR?

<p>IMAP endpoints (C)</p> Signup and view all the answers

What is one of the tasks that can be automated in Cisco XDR?

<p>Auditing (B)</p> Signup and view all the answers

What types of data can be stored and used in workflows using variables?

<p>Booleans, date-times, and decimals (B)</p> Signup and view all the answers

What determines the types of events that cause workflows to run?

<p>Automation rules (B)</p> Signup and view all the answers

What is the purpose of the runs page in the workflow editor?

<p>To inspect previous workflow instances for detailed information (D)</p> Signup and view all the answers

What can be built into larger end-to-end use cases or smaller repeatable building blocks in workflows?

<p>Workflows (D)</p> Signup and view all the answers

Where can workflows be created and edited?

<p>Workflow editor (D)</p> Signup and view all the answers

Study Notes

  • Matt Vanderhorst, a technical leader in marketing engineering for Cisco XDR, discusses Cisco XDR's automation feature and its main components and capabilities.
  • Automation can deliver various outcomes, such as:
  • Automating incident investigation and hunting by writing workflows that collect data from various sources and conduct automated investigations.
  • Identifying issues in the environment more quickly and getting relevant information in front of an analyst as soon as possible.
  • Automating analyst response to threats using workflows that take response actions at machine speed when specific criteria are met.
  • Powering the Playbook feature of the xdr incident manager.
  • Automating repetitive tasks, such as auditing, data collection, and reporting.
  • Integrating systems in new ways by creating workflows that communicate between them.
  • In Cisco XDR, Targets represent the resources workflows can communicate with. Types of targets include:
  • HTTP endpoints for APIs.
  • IMAP endpoints for email checks.
  • Targets created by product integrations.
  • Account keys, also known as credentials, are used to access targets that require authentication. Types of account keys include:
  • Email credentials for IMAP endpoint targets.
  • API keys for various targets.
  • Variables allow the storage and use of various types of data in workflows, including strings, booleans, date-times, decimals, integers, and secure strings.
  • Triggers determine what types of events cause workflows to run, such as automation rules, email arrivals, incident generations, schedules, or web hooks.
  • Workflows consist of multiple steps and can be built into larger end-to-end use cases or smaller repeatable building blocks called atomics.
  • Workflows can be imported from various sources, such as GitHub or the xdr automation exchange, and can be created and edited within the workflow editor.
  • The workflow editor includes a toolbox, canvas, and properties editor for building and configuring workflows.
  • The runs page shows workflow performance over time and allows you to inspect previous workflow instances for detailed information about what the workflow did and which parts succeeded or failed.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Explore the main components and capabilities of the automation feature in Cisco XDR, including incident investigation and hunting, analyst response automation, Playbook feature, targets, account keys, variables, triggers, workflows, and the workflow editor. Learn about automating repetitive tasks, integrating systems, and importing workflows from various sources.

More Like This

Cisco Packet Tracer Basics
3 questions
CISCO Product Offerings Quiz
2 questions
Cisco Networking Fundamentals Quiz
43 questions
Use Quizgecko on...
Browser
Browser