Cisco XDR is an infinitely extensible platform for security integrations. Like the maturing SOCs of our customers, the event SOC team at Cisco Live San Diego 2025 built custom integrations to meet our needs. You can build your own integrations using the community resources announced at Cisco Live. It was an honor to work with the XDR product management and engineering teams to publish these resources.
For some background, we started using Splunk Attack Analyzer (SAA) at RSAC 2025 Conference and created a small dashboard tile to show some data for us to look at. It was also our first time using it in this setting, so we didn’t have any integrations created with Cisco XDR yet. At Cisco Live, we wanted our analysts to be able to lookup artifacts, like URLs, Domains, or File Hashes, in SAA. We also wanted our analysts to be able to submit a URL or domain to SAA for automated analysis.
During the first two days of the conference, I built two new integrations; one to lookup file hashes, URLs, and domains, and the other to submit URLs and domains for automated analysis.
Using the power of Node.js and hosting the new relay module in AWS protected by Multicloud Defense, we now have two pivot menu options for our analysts.
With this, it enables our analysts to quickly pivot into SAA or get an analysis without needing to manually do the submission or search.
Here is a little screenshot of the AWS deployment. We kept it very simple for easy deployment from conference to conference.
We will continue the innovation at Black Hat USA 2025.
Want to learn more about what we saw at Cisco Live San Diego 2025? Check out our main bog post — Cisco Live San Diego 2025 SOC — and the rest of our Cisco Live SOC content.
We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.
Cisco Security Social Media
LinkedIn
Facebook
Instagram
X
Share:
