Threat Response for Developers - SecureX threat response

danger SecureX End of Life The SecureX API is deprecated in favor of the Cisco XDR API, and will go end-of-life in the near future. For more information on End-of-Sale and End-of-Life, see https://www.cisco.com/c/en/us/products/collateral/security/securex/securex-eol.html. Cisco recommends moving to Cisco XDR API, which provides more actionable insights compared to the summary data given by the current SecureX API. For more details, see https://developer.cisco.com/cisco-xdr. SecureX threat response Cisco's SecureX threat response is built upon a collection of APIs which; can be used to integrate your Cisco and third-party security products, automate the incident response process, and manage threat intelligence and security context data in a single location. images/securex-threat-response.png Read the docs https://docs.securex.security.cisco.com/SecureX-Help/Content/integration.html _blank button btn-lg-wide btn-outline-white

What can you do with SecureX threat response APIs?

Enrichment Extract investigable observables from arbitrary text: pull indicators of compromise such as IP addresses, URLs etc from blogs, emails, or any other input Get consolidated verdicts on indicators from a suite of global threat intelligence providers Collect detailed reports of sighting of observables in your environment Take response and defensive actions provided by a variety of Cisco and third party tools already in your environment

Manage investigations and incidents Create, store, and manage groups of observables with associated notes in casebooks Create, process, and triage incidents in the built-in Incident Manager Take snapshots of ongoing investigations and store those snapshots as a permanent record of a point in time

Manage private or additional threat intelligence Ingest 3rd party intelligence from shared communities, OSINT, or paid vendors Track campaigns, actors, and TTPs seen in or likely to target your environment Add your own additional judgements on observables and indicators tailored to your industry vertical, risk profile, etc.

Learn how to automate with the SecureX threat response REST API LEARNING MODULE security-securex-threat-response LEARNING LABS security-securex-threat-response View all learning labs https://developer.cisco.com/learning/modules/security-securex-threat-response _blank button btn-primary btn-lg-wide

Watch SecureX threat response tutorials PLmuBTVjNfV0cYg1Ci6DbcBLJOPeBN7myk 25

https://metadata.production.devnetcloud.com/v1/catalogs/search fastMode=true&type=Code&keyPrefix="threat%20response" 3 Download SecureX threat response sample code Download community shared and DevNet curated GitHub sample code through DevNet Code Exchange. utm_campaign=oc-codeexchange&utm_medium=pubhubwidget&utm_source=securex See more in Code Exchange Sorry, we couldn’t find any code repos you were looking for.

Questions? We are here to help. /images/forum-large.svg https://community.cisco.com/t5/securex/bd-p/disc-securex _blank JOIN THE DISCUSSION SecureX Forum Bring your questions to the SecureX community! Engage, collaborate and share with your fellow experts in the developer forum. https://pubhub.devnetcloud.com/media/hyperfaas/site/images/learning-lab-small.svg https://community.cisco.com/t5/security-documents/securex-frequently-asked-questions/ta-p/4109992 _blank BROWSE FAQ Frequently Asked Questions Browse our frequently asked questions in the SecureX community.