API Changelog
v1.1 - 2024-05-31
The Conure v2 and Playbook v1 APIs are released and added to the docs:
| API Endpoint | Description |
|---|---|
| Incidents and Investigations | Search Incidents and manage Investigations. |
| Playbook | Create and manage Incident Response Playbooks. |
v1.0 - 2023-07-26
This is the first release of the Cisco XDR APIs. There are many available REST APIs that can be used for integrations. These include:
| API Endpoint | Description |
|---|---|
| Automation | Managing Automation objects and running Automation workflows. |
| Dashboard | [Read-Only] Lists all the dashboard tiles and data. |
| Enrich | Query local and global threat intelligence for observables. |
| Global-Intel | [Read-Only] Global instance of CTIA only has read access. |
| Inspect | Parses a string of text and extracts supported observables. |
| Invite | Invites new users to your organization and manage invites (batch also available). |
| OAuth2 | Retrieves a token. |
| Incident Mangement | Manage and query prioritized Incidents and Worklog Notes. |
| Private Intelligence | Private instance of Cisco Threat Intelligence API to manage judgements, indicators and more. |
| Profile | Retrieves and manages profile information of your profile, or users within your organization. |
| Response | Used to take action on an observable within a product. |
| User | Retrieves and manages user information for your organization. |
To learn how to use the Cisco XDR APIs, please see the Getting Started guide.
Python code samples for each Cisco XDR API can be found in the Overview page of the respective API reference.