Integrations make Cisco XDR a robust resolution within the Safety Operations Heart of the Black Hat NOCto satisfy our core mission of malware evaluation because the Official Safety Cloud supplier.
Under are the Cisco XDR integrations for Black Hat USA, empowering analysts to analyze Indicators of Compromise (IOC) in a short time, with one search.
Thanks to alphaMountain.ai and Pulsedive full donating full licenses to Cisco, to be used within the Black Hat USA 2025 NOC.
The XDR Management Heart dashboard displayed the standing of the integrations over the week.
Under you may see the lively integrations in XDR.
Collaboration With Palo Alto Networks
The Black Hat NOC is a really distinctive community the place competitors is thrown out of the home windows and collaboration is dropped at the forefront. The Black Hat leaders consider a number of instruments available on the market to construct and function the community (or they construct their very own). The important thing distinguishing issue is that these instruments are chosen with a vast funds for the reason that distributors present licensing for his or her instruments without charge to Black Hat, together with the employees to run/handle/combine into the safety stack. With the price issue eliminated, the choice is solely about what software finest meets their distinctive wants. The result’s a particularly various set of instruments and distributors that should be operationalized and built-in within the brief arrange window.
This 12 months, I made a decision to take a deeper take a look at Palo Alto Networks XSIAM. Palo Alto Networks is the official Firewall and XDR/SIEM/SOAR supplier for the Black Hat NOC. Though I do have some expertise with PANW Cortex it was attention-grabbing to study what further capabilities are included in XSIAM in addition to understanding the excitement phrase of Subsequent Era SIEM. XSIAM is a next-gen, all-in-one safety operations platform, integrating XDR, SIEM, SOAR, UEBA, and risk intel right into a single AI-driven system for large-scale SecOps. XSIAM is an AI first platform with LLM summaries for every incident and Microsoft Copilot in-built. Copilot can be utilized for a quantity use instances together with basic looking out or serving to craft a selected XQL question.
Let’s check out a PANW XSIAM incident after which see how the identical knowledge could possibly be surfaced in Cisco XDR.
Evolving Integration With Palo Alto Networks
Cisco XDR is designed to be a vendor agnostic software with a aim of working with buyer’s current infrastructure. This implies Cisco XDR wants to have the ability to combine with Third social gathering instruments together with applied sciences that could be thought of market competitors. Within the Black Hat NOC, we collaborate with competitors as a result of the true enemy shouldn’t be one other vendor however fairly the adversary. Cisco XDR has an integration module to combine with Cortex XDR which gives enrichment functionality for each EDR detections and Firewall detections. Nonetheless, this enrichment is an on demand, point-in-time, question which brings again knowledge related to what’s being investigated in Cisco XDR. This integration doesn’t produce XDR incidents from PANW.
To enhance this integration a customized automation workflow was created to question the PAN-OS API immediately for risk logs after which publish them as incidents in Cisco XDR. Then the subsequent section of the mixing took benefit of Splunk by sending PANW risk logs to Splunk after which utilizing XDR automation to question Splunk for the PANW risk logs. The automation workflow queries a number of knowledge units in Splunk and makes use of a world desk variable to maintain observe of the incidents which have been created and both replace or create new incidents. This logic will be complicated and bypasses Cisco XDR’s correlation logic.
The following section of the PANW integration is at present being constructed by our engineering crew and the Black Hat community is the proper innovation zone to get actual world knowledge to construct the mixing with. Our engineering crew is working to take PANW NGFW logs from Strata Logging Service, rework them to OCSF (Open Cybersecurity Schema Framework), and ingest them into our knowledge analytics platform. This implies the Firewall logs are normalized and will be correlated with different knowledge units to supply XDR incidents.
Conclusion
The Black Hat NOC supplies a uncommon atmosphere the place interoperability, innovation, and collaboration thrive—no matter vendor boundaries. Exploring Palo Alto Networks XSIAM on this house revealed the true potential of next-gen SecOps platforms, from automated incident enrichment to seamless integration with supporting instruments like Corelight and Slack. On the identical time, Cisco XDR’s vendor-agnostic design and evolving integration with PAN knowledge by means of APIs, Splunk, and OCSF reveal the facility of adaptable, cross-platform collaboration. As each platforms proceed to evolve, the NOC stays a proving floor for pushing the boundaries of what’s attainable in fashionable safety operations.
About Black Hat
Black Hat is the cybersecurity trade’s most established and in-depth safety occasion collection. Based in 1997, these annual, multi-day occasions present attendees with the most recent in cybersecurity analysis, improvement, and developments. Pushed by the wants of the neighborhood, Black Hat occasions showcase content material immediately from the neighborhood by means of Briefings displays, Trainings programs, Summits, and extra. Because the occasion collection the place all profession ranges and educational disciplines convene to collaborate, community, and talk about the cybersecurity subjects that matter most to them, attendees can discover Black Hat occasions in the USA, Canada, Europe, Center East and Africa, and Asia. For extra data, please go to the Black Hat web site.
We’d love to listen to what you assume! Ask a query and keep related with Cisco Safety on social media.
Cisco Safety Social Media
Share:
