Integrations make Cisco XDR a robust answer within the Safety Operations Heart of the Black Hat NOC, to satisfy our core mission of malware evaluation because the Official Safety Cloud supplier.
Under are the Cisco XDR integrations for Black Hat USA, empowering analysts to research Indicators of Compromise (IOC) in a short time, with one search.
Thanks to alphaMountain.ai and Pulsedive full donating full licenses to Cisco, to be used within the Black Hat USA 2025 NOC.
The XDR Management Heart dashboard displayed the standing of the integrations over the week.
Under you may see the energetic integrations in XDR.
Collaboration With Palo Alto Networks
The Black Hat NOC is a really distinctive community the place competitors is thrown out of the home windows and collaboration is delivered to the forefront. The Black Hat leaders consider a number of instruments in the marketplace to construct and function the community (or they construct their very own). The important thing distinguishing issue is that these instruments are chosen with a limiteless finances because the distributors present licensing for his or her instruments for gratis to Black Hat, together with the employees to run/handle/combine into the safety stack. With the associated fee issue eliminated, the choice is just about what device finest meets their distinctive wants. The result’s an especially various set of instruments and distributors that have to be operationalized and built-in within the brief arrange window.
This 12 months, I made a decision to take a deeper have a look at Palo Alto Networks XSIAM. Palo Alto Networks is the official Firewall and XDR/SIEM/SOAR supplier for the Black Hat NOC. Though I do have some expertise with PANW Cortex it was fascinating to be taught what further capabilities are included in XSIAM in addition to understanding the excitement phrase of Subsequent Era SIEM. XSIAM is a next-gen, all-in-one safety operations platform, integrating XDR, SIEM, SOAR, UEBA, and menace intel right into a single AI-driven system for large-scale SecOps. XSIAM is an AI first platform with LLM summaries for every incident and Microsoft Copilot in-built. Copilot can be utilized for a quantity use instances together with normal looking or serving to craft a selected XQL question.
Let’s check out a PANW XSIAM incident after which see how the identical knowledge may very well be surfaced in Cisco XDR.
Evolving Integration With Palo Alto Networks
Cisco XDR is designed to be a vendor agnostic device with a aim of working with buyer’s present infrastructure. This implies Cisco XDR wants to have the ability to combine with Third get together instruments together with applied sciences which may be thought-about market competitors. Within the Black Hat NOC, we collaborate with competitors as a result of the true enemy isn’t one other vendor however relatively the adversary. Cisco XDR has an integration module to combine with Cortex XDR which affords enrichment functionality for each EDR detections and Firewall detections. Nevertheless, this enrichment is an on demand, point-in-time, question which brings again knowledge related to what’s being investigated in Cisco XDR. This integration doesn’t produce XDR incidents from PANW.
To enhance this integration a customized automation workflow was created to question the PAN-OS API straight for menace logs after which publish them as incidents in Cisco XDR. Then the following section of the combination took benefit of Splunk by sending PANW menace logs to Splunk after which utilizing XDR automation to question Splunk for the PANW menace logs. The automation workflow queries a number of knowledge units in Splunk and makes use of a worldwide desk variable to maintain observe of the incidents which have been created and both replace or create new incidents. This logic could be advanced and bypasses Cisco XDR’s correlation logic.
The subsequent section of the PANW integration is at present being constructed by our engineering group and the Black Hat community is the proper innovation zone to get actual world knowledge to construct the combination with. Our engineering group is working to take PANW NGFW logs from Strata Logging Service, remodel them to OCSF (Open Cybersecurity Schema Framework), and ingest them into our knowledge analytics platform. This implies the Firewall logs are normalized and could be correlated with different knowledge units to supply XDR incidents.
Conclusion
The Black Hat NOC offers a uncommon atmosphere the place interoperability, innovation, and collaboration thrive—no matter vendor boundaries. Exploring Palo Alto Networks XSIAM on this area revealed the true potential of next-gen SecOps platforms, from automated incident enrichment to seamless integration with supporting instruments like Corelight and Slack. On the identical time, Cisco XDR’s vendor-agnostic design and evolving integration with PAN knowledge by APIs, Splunk, and OCSF reveal the ability of adaptable, cross-platform collaboration. As each platforms proceed to evolve, the NOC stays a proving floor for pushing the boundaries of what’s doable in fashionable safety operations.
About Black Hat
Black Hat is the cybersecurity trade’s most established and in-depth safety occasion sequence. Based in 1997, these annual, multi-day occasions present attendees with the most recent in cybersecurity analysis, growth, and tendencies. Pushed by the wants of the neighborhood, Black Hat occasions showcase content material straight from the neighborhood by Briefings displays, Trainings programs, Summits, and extra. Because the occasion sequence the place all profession ranges and educational disciplines convene to collaborate, community, and focus on the cybersecurity subjects that matter most to them, attendees can discover Black Hat occasions in the US, Canada, Europe, Center East and Africa, and Asia. For extra data, please go to the Black Hat web site.
We’d love to listen to what you suppose! Ask a query and keep related with Cisco Safety on social media.
Cisco Safety Social Media
Share: