Cisco Threat Response is built upon a collection of APIs; which can be used to integrate your and third-party products, automate the incident response process and manage threat intelligence and context in a single location. Over the next few months, our team will be working with ecosystems partners who already integrate with Cisco Threat Grid, Cisco AMP for Endpoints and Cisco Umbrella, to also integrate with Threat Response. Our priority will be providing engineering expertise to our Threat Intelligence, SIEM and SOAR partners; however, we support an ecosystem.

Some of the things you can do now with the Threat Response API include:

  • Enrich an IP address, or file
  • Load threat intelligence into your Private Intel Store
  • Manage your casebooks and investigation snapshots
  • Automate response actions
  • Provide a link for users to click and Investigate an alert or observable

You can find the API documentation here.

Threat Response Integration Scripts

The first three open- integration examples, by Michael Auger, are available on the Cisco Security GitHub repository.

- 5c1907a04b1e8 - Open Source Integrations You Can Use Now

You can gitter to join the chat with a Cisco engineer about this script and others. Look for more open-source scripts to be coming soon. To more about Threat Response, visit our product page.


Source link


Please enter your comment!
Please enter your name here