SecureX Ribbon and Investigation Widgets
Cisco SecureX Ribbon Extension
Offered by: Cisco SecureX
The Cisco SecureX Ribbon extension offers a distributed set of capabilities that unify visibility, enable automation, accelerate incident response workflows, and improve threat hunting directly from your browser. These capabilities are presented in the form of applications (apps) and tools in the SecureX ribbon. With the combination of the apps and your browser, you can:
- Immediately extract observables from arbitrary browser content, and get the current Cisco verdict on each observable
- Take response actions on those observables via Threat Response and your configured integrated products
- Use the SecureX casebook app to gather information in one place as you explore sightings across multiple products. The casebook is a powerful and convenient tool for saving, sharing, and enriching your threat analysis. Use it to track notes and other information as you follow leads during your threat investigation, across your product suite.
- Use the SecureX incidents app to triage, investigate and track high-confidence security incidents from integrated products. You can view the status and summary of the incident, change the status, link it to snapshots, cases, and indicators, and pivot into Threat -Response to investigate it.
- Use the SecureX Orbital app to run live SQL queries against your endpoints.
The SecureX ribbon extension also enables you to find and inspect observables through the browser's context menu. Select text on a page, or select a single observable, open the context menu, and choose the Cisco SecureX menu option. The selection will be inspected for observables and you'll be presented with information and actions to help with your investigations.
You can also quickly find observables on the page, use the Pivot menus to create judgements for the observable and associate it with indicators, investigate the observables in Threat Response, block or unblock domains, start isolation of endpoints, and pivot to the integrated products to perform additional threat analysis.
Once you have installed the SecureX Ribbon extension, you must create the ribbon client credentials in Cisco SecureX and use these credentials to authenticate the ribbon extension. Visit the API Clients page in Cisco SecureX for your region to create the API Client:
Data Services Notice
This tool can read the text and page structure of websites you visit, and collects usage analytics. Website data is only collected on user interaction from:
- Context menu actions in-page
- Find observables on page (Ribbon bar)
- Scan page for endpoints (Orbital)
Cisco's End User License Agreement